Microsoft’s April Patches Fix 113 Security Vulnerabilities Threat Alert
April 29, 2020
Overview
Microsoft released April 2020 security updates on Tuesday that fix 113 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Android App, Apps, Microsoft Dynamics, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows DNS, Open Source Software, Remote Desktop Client, Visual Studio, Windows Defender, Windows Hyper-V, Windows Kernel, Windows Media, and Windows Update Stack. (more…)
Oracle Coherence Remote Code Execution Vulnerability (CVE-2020-2915) Threat Alert
April 28, 2020
Overview
On April 14, local time, Oracle released the April Critical Patch Update (CPU) which fixes vulnerabilities that include a critical one (CVE-2020-2915) in Oracle Coherence CPU, with a CVSS score of 9.8.
This vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle Coherence. Successful exploitation of it could result in takeover of Oracle Coherence, hence remote code execution.
Products that use Oracle Coherence are affected by this vulnerability. The installation package of WebLogic Server 11g Release (10.3.4) and later has the Oracle Coherence library integrated by default. (more…)
How Does WannaRen Ransomware Spread?
April 27, 2020
Background
Recently, a new strain of ransomware WannaRen came to the surface and began to spread between PCs. This ransomware encrypts files in the Windows system and uses .WannaRen as the extension of encrypted files. The attacker leaves a Bitcoin wallet address and demands 0.05 Bitcoin as ransom. Through tracking and analysis, NSFOCUS’s emergency response team identified “KMS-activation-tool-19.5.2.exe” as the ransomware downloader, which disguises itself as an activation tool for users to download.
Oracle April 2020 Critical Patch Update for All Product Families Threat Alert
April 26, 2020
Overview
On April 14, 2020, local time, Oracle released its own security advisory and third-party security advisories for its April 2020 Critical Patch Update (CPU) which fix 397 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the following link:
Microsoft’s April Patches Fix Multiple 0-Day Vulnerabilities Exploited in the Wild Threat Alert
April 25, 2020
Overview
On April 14, 2020, local time, Microsoft released its April patches that fix 113 security issues, including three 0-day vulnerabilities that have been exploited in the wild. The three vulnerabilities exist in Windows Adobe Type Manager Library and the Windows kernel. (more…)
WannaRen Surfaces as a New Strain of Ransomware Threat Alert
April 24, 2020
Overview
Recently, a new strain of ransomware WannaRen came to the surface and began to spread between PCs. This ransomware encrypts almost all files in the Windows system and uses .WannaRen as the extension of encrypted files. The attacker leaves a Bitcoin wallet address and demands 0.05 Bitcoin as ransom. (more…)
IP Reputation Report-04192020
April 23, 2020
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at April 19, 2020.
DDoS Attack Landscape 5
April 22, 2020
Controlled DDoS Attack Sources
According to statistics, China was still home to the largest number of controlled DDoS attack sources (36.19%) in 2019, followed by the USA and UK. Although China’s ranking remained
unchanged in terms of the number, the proportion decreased compared with 2018. This indicates that China’s DDoS governance and defenses have yielded fruits. (more…)
Google Chrome Update Fixes Multiple High-Severity Vulnerabilities Threat Alert
April 21, 2020
Overview
On March 31, 2020, local time, Google published an advisory, announcing that the newest version of Chrome 80.0.3987.162 to be rolled out in the coming days would address eight security vulnerabilities. Now this version has been released.
The most severe of these vulnerabilities could allow attackers to execute arbitrary code in the context of the browser. (more…)
Overseas APT Organization Exploits Vulnerabilities to Breach Sangfor SSL VPNs and Deliver Malicious Code Threat Alert
April 20, 2020
Overview
On April 6, Sangfor released an advisory, announcing that an overseas APT organization illegally took control of some of their SSL VPN devices and sent malicious files to clients by exploiting a client upgrade vulnerability. NSFOCUS has kept a close eye on this issue and conducted overall analysis. We advise related users to take precautions as soon as possible.
The vulnerability exists due to the defect of the upgrade module signature authentication mechanism of the Windows client of SSL VPN devices. The prerequisite for exploitation is that attackers must take control of SSL VPN privileges. According to Sangfor’s analysis, this vulnerability is difficult to exploit. Therefore, Sangfor estimates that there are only a limited number of affected VPN devices. According to the NSFOCUS security team, not many VPN devices have been compromised by the APT organization, but the affected versions are widely used in enterprises in China.
