On November 5, 2015, NSFOCUS Threat Analysis Center (TAC) intercepted an unknown virus targeting a bank and then named it Fareit trojan after sample analysis. Attackers could exploit Fareit trojan to compromise the target host by sending spam to trick users into clicking an .exe file, thereby stealing website information and passwords stored on the FTP client.
vBulletin is a commercial Internet forum software package, boasting tens of thousands of users which are growing rapidly worldwide. It is written in the PHP web language and uses the MySQL database. Owing to its large user base, vBulletin is frequently reported to have vulnerabilities. In NSFOCUS Vulnerability Database (NSVD), there are 49 entries related to vBulletin, most of which are SQL injection vulnerabilities. The vulnerability disclosed this time is of a relatively high risk level, known as remote code execution (RCE). Theoretically, an attacker can exploit this vulnerability to execute arbitrary code or even take complete control of a forum that uses this program.
NSCTF西北高校网络安全攻防大赛决赛冠军产生，Team 5（wuyihao 和CTF加藤鹰）以1260的高分获得第一名。决赛的成员从第一轮线上赛的1136名选手中脱颖而出，后经过自由组队形成10个team参与角逐。NSCTF竞赛组委会邀请DUTSEC-F4nt45i4团队成员提供解题思路，并邀请第一名选手对决赛的主要过程进行总结。
What do malicious code and instruction set mean? Do they mean binary executable instructions, scripting languages, word-processing macro languages, or others? Take common malicious code as an example: The malicious code on a server depends on which kind of operating system it runs. Generally, for a Windows system, the malicious code refers to viruses, worms, and trojan, but rootkits for a Linux system.