Background On May 7, 2021, local time, Colonial Pipeline, the largest fuel pipeline operator in the USA, was forced to shut down its critical fuel network serving states on the US East Coast after being hit by a ransomware attack. This ransomware attack had fuel supply halted across three regions,...
Year: 2021
WebLogic Multiple Severe Vulnerabilities Threat Alert
Vulnerability Description On April 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 400 vulnerabilities of varying risk levels. Seven of these vulnerabilities are severe and easy to exploit and affect WebLogic. Users are advised to take measures without delay to protect against...
-e1619596788284.jpg)
Principles and Characteristics of TCP Reflection Attacks
Produced by: Siqi GUO, Qiwen LUO Increasingly Serious Reflection Attacks Reflection attacks, as nothing new, have become one of the most troublesome and common DDoS attacks and are dominant in bandwidth consumption DDoS attacks. According to NSFOCUS's latest 2020 DDoS Attack Landscape, reflection attacks made up 34% of all DDoS...
Microsoft April Security Updates for Multiple High-Risk Product Vulnerabilities
Vulnerability Description On April 14, 2020, Microsoft released April 2020 Security Updates that fix 114 vulnerabilities, including high-risk remote code execution and privilege escalation, in various products like Microsoft Windows, Office, Edge (Chromium-based), Visual Studio Code, Microsoft Exchange Server, Visual Studio, and Azure. In these security updates, Microsoft fixes 19...
2020 DDoS Attack Landscape Report – 1
Executive Summary In 2020, the total number of distributed denial-of-service (DDoS) attacks declined a little compared with 2019, probably attributable to effective governance and enhanced protection capabilities of Anti-DDoS products. Despite this, DDoS attacks intensified during the COVID-19 pandemic, especially for healthcare, government, and education sectors. January to April 2020...
OpenSSL Denial-of-Service and Certificate Bypass Check Vulnerabilities (CVE-2021-3449/CVE-2021-3450) Threat Alert
Vulnerability Description On March 26, 2021, NSFOCUS detected that OpenSSL issued a security advisory fixing a denial-of-service vulnerability and a certificate check bypass vulnerability (CVE-2021-3449/CVE-2021-3450) in OpenSSL products. Currently, the proof of concept (PoC) of this vulnerability has been made publicly available. Relevant users are advised to take protective measures...
