WebLogic Multiple High-Risk Vulnerabilities Threat Alert
August 10, 2021
Overview On July 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 342 vulnerabilities of varying risk levels. Among these vulnerabilities, three severe ones are easy to exploit to affect WebLogic. Users are advised to take measures without delay to protect against the preceding vulnerabilities. CVE-2021-2382/CVE-2021-2394/CVE-2021-2397: These vulnerabilities […]
What is Cloud Native Security
August 5, 2021
After nearly 20 years of cloud computing development, we have stepped into the cloud native era. Cloud native technologies, exemplified by container, service mesh, and micro-service, are bringing disruptive changes to IT infrastructure, platforms, and application systems deployed for various sectors and are also permeating industrial Internet platforms with IT/OT convergence, 5G infrastructure with IT/CT […]
Oracle July 2021 Critical Patch Update for All Product Families
August 2, 2021
Overview On July 21, 2021, NSFOCUS detected that Oracle released the July 2021 Critical Patch Update (CPU), which fixed 342 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle strongly recommends that users fix these […]
Reflection on Detection of Encrypted Malware Traffic
July 29, 2021
The Internet has become an indispensable part of our lives, and it is of vital importance to work out how to guarantee the security of users’ sensitive information and privacy in cyberspace. Most of the Internet traffic is encrypted with Transport Layer Security (TLS), which cannot guarantee absolute security. Malware has been seen to use […]
Microsoft’s July 2021 Security Updates Fix Multiple Products’ High-Risk Vulnerabilities
July 28, 2021
Overview According to NSFOCUS CERT’s monitoring, Microsoft released July 2021 Security Updates on July 14 to fix 117 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, Microsoft Edge, Visual Studio, and SharePoint Server. In the vulnerabilities fixed by this month’s security updates, there are 13 critical […]
Cloud DPS – Optimization for a Managed Security Service Customer
July 27, 2021
Today DDoS attacks are continuing to increase in frequency, volume and duration to affect a business’s continuity and reputation. DDoS mitigation capability has become the top priority for CIO/CISOs in Enterprise, Internet content providers and government, while they may have to face the challenge of finding sufficient experienced security professionals to build, maintain and operate […]
SolarWinds Serv-U Remote Code Execution Vulnerability (CVE-2021-35211) Threat Alert
July 23, 2021
Overview Recently, NSFOCUS CERT, through ongoing monitoring, found that SolarWinds released a security advisory fixing a remote code execution vulnerability (CVE-2021-35211). Microsoft reported to SolarWinds that they had discovered that the vulnerability was exploited in the wild and provided a proof of concept of the exploit. Unauthenticated, remote attackers could exploit this vulnerability to execute […]
A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 2
July 20, 2021
2. Encrypter: DP_Main 2.2 Self Copy and Automatic Running at Startup The program copies itself to %APPDATA%/DP/DP_Main.exe, and modifies the registry for automatic running at startup. 2.3 Deletion of Volume Shadow Backups The program uses CMD command parameters to delete volume shadow backups. 2.4 Upload of Encryption Information After obtaining disk information, the program begins […]
A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 1
July 16, 2021
Event Overview Recently, NSFOCUS CERT, through ongoing monitoring, found that the source code of the Paradise ransomware was leaked. Since data encrypted by Paradise cannot be decrypted now, the source code, if widely spread over the Internet, may cause a lot of trouble. Paradise had its source code leaked on a Russian hacker forum on […]
Windows Print Spooler RCE Vulnerabilities (CVE-2021-1675/CVE-2021-34527) Mitigation Guide
July 13, 2021
Overview On July 7, 2021, Beijing time, Microsoft released a security patch on the PrintNightmare vulnerability (CVE-2021-34527). NSFOCUS CERT recommends that users install this patch as soon as possible. On June 29, NSFOCUS CERT found that a security researcher published an exploit of the Windows Print Spooler remote code execution (RCE) vulnerability (PrintNightmare) on GitHub. […]
