The artificial intelligence (AI) technology based on deep neural networks has made breakthroughs in a wide range of fields, but only seen limited adoption in cybersecurity. At present, it is impractical to expect a hierarchical neural network to implement threat identification, association, and response from end to end. According to...
Year: 2020
Botnet Trend Report 2019-14
New Trends of APT Groups Here are three trends that shaped APT groups in 2019: Firstly, mobile devices became common constituents of the attack surface. In 2019, MuddyWater developed malicious files against Android platforms, heading towards mobile devices. Google's Project Zero team revealed five exploit chains deployed in the wild...
IBM Spectrum Protect Plus Directory Traversal and Arbitrary Code Execution Vulnerabilities (CVE-2020-4711, CVE-2020-4703) Threat Alert
Vulnerability Description On September 15, 2020, NSFOCUS detected that IBM released a security bulletin, which fixed directory traversal and arbitrary code execution vulnerabilities (CVE-2020-4711, CVE-2020-4703) in IBM Spectrum Protect Plus Administrative Console. The directory traversal vulnerability (CVE-2020-4711) exists in a script (/opt/ECX/tools/scripts/restore_wrapper.sh) within Spectrum Protect Plus. An unauthenticated attacker could...
DHDiscover reflection attacks can magnify nearly 200 times of the attack 2
DHDiscover reflection attack analysis In this chapter, we’ll demonstrate the threat status quo of DHDiscover reflection attack after referring to log data captured by the NSFOCUS Threat Capture System[AZ1] from June 1, 2020 to August 18, 2020 at the port 37810. We analyzed the number of logs at the port...
GovWare 2020
GovWare Virtual Conference and Exhibition October 7-8, 2020 Virtual Event
Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2020-16875) Handling Guide
Vulnerability Description Recently, NSFOCUS detected that security personnel disclosed the procedure for exploiting the Microsoft Exchange Server remote code execution vulnerability (CVE-2020-16875) online. The vulnerability was made public by Microsoft in its September 2020 Security Updates. A remote code execution vulnerability exists in the way that Microsoft Exchange Server handles...
