Blog

2019 Cybersecurity Insights -7

July 3, 2020 | Mina Hao

Key Findings: Maturity: The technical maturity of attackers keeps growing, opening more possibilities than DDoS attacks for attackers to garner profits. Combination: Of all DDoS attacks in 2019, 12.5% employed multiple vectors. This percentage was even higher among super-sized attacks (> 300 Gbps) to reach more than one-third. These factors have posed a greater challenge […]

Apache Dubbo Remote Code Execution Vulnerability (CVE-2020-1948) Threat Alert

July 2, 2020 | Mina Hao

Overview Recently, Apache Dubbo was reported to contain a remote code execution vulnerability (CVE-2020-1948) resulting from deserialization. Apache Dubbo is a high-performance Java RPC framework. The vulnerability exists in hessian, a default deserialization tool used by Apache Dubbo. An attacker may trigger it by sending malicious RPC requests which usually contain unidentifiable service or method […]

IP Reputation Report-06282020

July 1, 2020 | Mina Hao

1、Top 10 countries in attack counts:

2019 Cybersecurity Insights -6

June 30, 2020 | Mina Hao

Deserialization vulnerabilities are still frequently exploited for web attacks and special attention should be paid to the security of mainstream frameworks. This section describes web vulnerabilities that had an extensive impact in 2019: WebLogic In 2017, Oracle released an official patch that fixed the XMLDecoder vulnerability (CVE-2017-10352) in WebLogic Server. This patch was evaded twice […]

2019 Cybersecurity Insights -5

June 29, 2020 | Mina Hao

Web Attack Trend Websites, which enterprises or individuals use to provide services for users, are usually the first choice of hackers during attacks. Web attacks in 2019 clung to traditional patterns and methods, including server information disclosure, resource leeching, cross-origin resource sharing (CORS), SQL injection, and cookie poisoning, which together accounted for 89% of web […]

2019 Cybersecurity Insights -4

June 28, 2020 | Mina Hao

Vulnerability Trend By November 27, 2019, the National Vulnerability Database (NVD) had recorded 11,633 CVE vulnerabilities disclosed in 2019, including 6549 high-risk ones. The annual total number decreased year by year in the past three years compared with 15,881 in 2017 and 15,861 in 2018, but that of high-risk ones was on the rise.

Microsoft’s Security Patches for June 2020 Fix 130 Security Vulnerabilities

June 26, 2020 | Mina Hao

Overview   Microsoft released the June 2020 security patches on Tuesday that fix 130 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Adobe Flash Player, Android App, Apps, Azure DevOps, Diagnostics Hub, HoloLens, Internet Explorer, Microsoft Browsers, Microsoft Edge, Microsoft Edge (Chromium-based) in IE Mode, Microsoft Graphics Component, Microsoft JET […]

IP Reputation Report-06212020

June 25, 2020 | Mina Hao

1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at June 21, 2020.

2019 Cybersecurity Insights -3

June 24, 2020 | Mina Hao

Overall Situation Attack Type Distribution In terms of attack types 1, DDoS attracted the largest proportion (35%) of malicious IP addresses. Other types that malicious IP addresses were most interested in included spam, botnets, and scanning. Of all malicious IP addresses, 15% exploited more than one attack vector. According to our observation of such IP […]

Adobe Security Bulletins for June 2020 Security Updates

June 23, 2020 | Mina Hao

Overview On June 10, 2020, local time, Adobe officially released June’s security updates to fix multiple vulnerabilities in its various products, including Adobe FrameMaker, Adobe Experience Manager, and Adobe Flash Player. For details about the security bulletins and advisories, visit the following link: