Alert: Digi Devices Affected by Ripple20 Can Be Used in Reflection Attacks
July 28, 2020
Executive Summary
In recent years, more and more protocols that may cause UDP reflection attacks have come into our sight, such as CoAP[1], Ubiquiti[2], WS-Discovery[3], OpenVPN[4], and a certain DVR protocol[5]. These attack patterns are different from DNS, SSDP, NTP, Memcached, and other reflection attacks that are well familiar to us, posing certain challenges to distributed denial-of-service (DDoS) attack protection.
In June 2020, JSOF, an Israel-based cybersecurity company, revealed that 0-day vulnerabilities in the Treck TCP/IP protocol stack might affect hundreds of millions of devices globally. After analyzing the published whitepapers, we find that the devices produced by Digi, one of the affected vendors, use the Advanced Digi Discovery Protocol (ADDP) for device discovery. ADDP uses 224.0.5.128 as a multicast address and 2362 as its port. But during implementation, ADDP also supports unicast. Besides, it is possible to spoof source IP addresses of UDP packets. Therefore, Digi devices are at risk of being used for reflection attacks.
(more…)Botnet Trend Report -3
July 27, 2020
Botnets can pose a variety of cyber threats. NSFOCUS Security Labs has been focused on the capture, track, and study of botnet-related threats. In 2019, the Labs further upgraded its capturing and tracking techniques and capabilities and expanded its scope of interest to cover more diverse threats, including cryptojacking, ransomware attacks, data theft by banking Trojans, and adware bundling. Besides, the Labs took up research on mobile platforms, which were quite a mess in terms of security.
(more…)Adobe July 2020 Security Updates Threat Alert
July 26, 2020
Overview
On July 14, 2020 local time, Adobe released its July security updates to fix multiple vulnerabilities in its various products, including Adobe Creative Cloud Desktop Application, Adobe Media Encoder, Adobe Genuine Service, Adobe ColdFusion, and Adobe Download Manager.
(more…)Microsoft’s July 2020 Patches Fix 124 Security Vulnerabilities Threat Alert
July 25, 2020
Overview
Microsoft released July 2020 security updates on Tuesday that fix 124 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Azure DevOps, Internet Explorer, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Malware Protection Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft OneDrive, Microsoft Scripting Engine, Microsoft Windows, Open Source Software, Skype for Business, Visual Studio, Windows Hyper-V, Windows IIS, Windows Kernel, Windows Shell, Windows Subsystem for Linux, Windows Update Stack, and Windows WalletService.
(more…)F5 BIG-IP TMUI Remote Code Execution Vulnerability (CVE-2020-5902) Threat Alert
July 24, 2020
Vulnerability Description
Recently, NSFOCUS detected that F5 had updated its security advisory on the Traffic Management User Interface (TUMI) remote code execution vulnerability (CVE-2020-5902). The affected 15.x versions were changed to 15.0.0–15.1.0, and bypassable workarounds and validation methods were updated. By accessing the TUMI via the BIG-IP management port or their own IP addresses, unauthenticated attackers could craft malicious requests to obtain the privileges of target servers. The vulnerability has a CVSS score of 10. Currently, msf has integrated the exploit of the vulnerability. Users affected by the vulnerability are advised to take measures as soon as possible.
(more…)IP Reputation Report-07192020
July 23, 2020
1.Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 19, 2020.
2019 Cybersecurity Insights -12
July 22, 2020
Ransomware
In 2019, ransomware was still a major type of threats that haunted people around the world. The most prominent families were GlobeImposter, GandCrab, and WannaCry, which were extremely active and had far more variants than others. According to NSFOCUS Security Labs’ observation, the number of ransomware families and variants increased sharply in four months from May to August 2019, which was somewhat attributable to the soaring prices of major cryptocurrency types. These families used diverse compromise methods to attack a wide variety of sectors, posing a severe threat to organizations’ and individuals’ data. Through ongoing monitoring, NSFOCUS Security Labs finds that the following trends of ransomware took shape in 2019:
(more…)Citrix Multiple High-Risk Vulnerabilities Threat Alert
July 21, 2020
Vulnerability Description
Recently, NSFOCUS detected that Citrix had released a security bulletin on the remediation of 11 vulnerabilities in Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP. Details are as follows:
(more…)Botnet Trend Report -2
July 20, 2020
2019 witnessed frequent breakout of cybersecurity events, in which malware played an important role, exhibiting an eye-popping power of destruction with botnets.
At the end of 2018, Driver Talent suffered a supply chain attack as a result of its upgrade channel being planted with a Monero mining trojan, which, once breaking into a computer, would spread laterally via the EternalBlue exploit to infect more computers. The impact of this attack could still be felt in 2019, giving rise to a slew of emergencies.
(more…)Information Security in the Workplace- Illegal Internet Connection-v
July 17, 2020
With the advancement of IT-based transformation and the rapid development of IT, various network technologies have seen more extensive and profound applications, along with which come a multitude of cyber security issues. Come to find out what information security issues you should beware of in the workplace.
(more…)