IP Reputation Report-11172019
November 21, 2019
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at November 17, 2019. Top 10 countries in attack percentage: The Laos is in first place. The Uzbekistan is in the second place. The country China (CN) is not […]
Cybersecurity Insights-5
November 20, 2019
Insights into Vulnerabilities 4.1 Overall Trend The National Vulnerability Database had recorded 15,800 CVE vulnerabilities for 2018, including 4096 high-risk ones. Compared with 2017, the total number of vulnerabilities found in 2018 increased 8.2%, while the number of high-risk ones dropped by 4.8%. Although the number of vulnerabilities increased steadily, they did so slowly, possibly […]
Advisory: Open-Source Compression Library Libarchive Code Execution Vulnerability (CVE-2019-18408)
November 19, 2019
Overview
Recently, a code execution vulnerability (CVE-2019-18408) was disclosed in the security update of Debian, Ubuntu, Gentoo and other distributions. (more…)
How NSFOCUS ADS KO’s DDoS Attacks
November 18, 2019
What Is DDoS? Look at the following example: Assume that you run a shop that is doing well. At this time, your neighbor, Mr. Wang (or whatever his name is), whose business is slack, looks at you as an eyesore. Therefore, he hires a group of hooligans. Then you find that your shop is crowded […]
Cloud DPS Showing That Gaming Customers Are in Need of Tbps-Level Cleaning Resources to Counter Volumetric Attacks
November 16, 2019
In July, 2019, Cloud DPS, a cloud cleaning product from NSFOCUS, managed to withstand a wave of DDoS attacks over 100 Gbps that lasted one week. Targeting a board/card game vendor, those attacks exhibited perfect regularity, with the traffic averaging 100 Gbps and peaking at 431.6 Gbps. (more…)
SQL Injection Revealing the Truth Behind Information Disclosure
November 15, 2019
I. Principle
At present, there has been a great deal of news coverage about information disclosure. A large amount of information is constantly disclosed and sold through various websites, resulting in endless cases of telecom fraud. We have already known that SQL injection is the culprit responsible for all the cases. An SQL injection attack refers to an act of inserting SQL statements into parameter included in web forms, domain names, or page requests, in an attempt to trick the server into executing malicious SQL commands to obtain all information in the database. (more…)
IP Reputation Report-11102019
November 14, 2019
- Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at November 10, 2019.
Cybersecurity Insights-4
November 13, 2019
3.3 Recidivists
“Recidivists” here refer to attack sources found to repeatedly engage in malicious activities. In the 2018 H1 Cybersecurity Insights, we pointed out that 25% of recidivists were responsible for 40% of attack events24. Considering the quantity and level of threat, these attackers should not be underestimated. By the end of 2018, the number of attack sources detected totaled around 43 million, up from 27 million at the end of June 2018. Of all these attack sources, recidivists accounted for 17% and were responsible for 35% of events. While those percentages were down slightly from mid-year, the actual threat was higher due to the sheer volume of attackers seen.
Apache Solr velocity Remote Code Execution Vulnerability Handling Guide
November 12, 2019
Vulnerability Description
On October 30, @_S00pY disclosed the exploitation of Apache Solr Remote Code Execution Vulnerability, which allows attackers to implement remote code execution via velocity templates. After testing, the vulnerability can be successfully triggered, and no official security patch has been released. (more…)
What Should I Do When I Am Directed to a Macao Gambling Website Instead of the Intended Website
November 11, 2019
Incident Review
In February 2019, our monitoring found that some domestic users, when accessing certain websites through their home routers, were hijacked to pornographic and gambling websites. According to our sample inspection, more than 4 million IP addresses were hijacked to about 190 domain names concerning pornography and gambling during this incident. These victim users were supposed to open their intended websites, but redirected to another unexpected page. (more…)
