Numerous Bank Customers Getting Hooked on SMS Phishing
March 11, 2021
Event Overview Since February 2021, NSFOCUS’s emergency response team has found that several provinces in China saw multiple SMS phishing events using fake bank domain names. As these events bear a striking resemblance in the phishing playbook, attack means, and phishing website pages, we can largely determine that these attacks were launched by the same […]
Microsoft Exchange Server Multiple High-Risk Vulnerabilities
March 9, 2021
Vulnerability Description On March 2, NSFOCUS observed that Microsoft released emergency security updates to fix seven vulnerabilities in Exchange Server. Exchange server-side request forgery vulnerability (CVE-2021-26855): An unauthenticated attacker, via a crafted HTTP request, could exploit this vulnerability to scan the intranet and authenticate as Exchange Server. Exchange Server deserialization vulnerability (CVE-2021-26857): An attacker with […]
Apache Tomcat Session Deserialization Code Execution Vulnerability (CVE-2021-2532 9) Threat Alert
March 5, 2021
Vulnerability Description On March 1, 2021, NSFOCUS observed that Apache Software Foundation (ASF) released a security bulletin to announce the fix of a remote code execution vulnerability via session persistence. This vulnerability is due to the bypass of the patch against CVE-2020-9484. If Tomcat’s session persistence function is used, its insecure configuration allows attackers to […]
VMware Multiple High-Risk Vulnerabilities
March 1, 2021
Vulnerability Description On February 23, 2021, VMware released a security bulletin to announce the fix of two high-risk vulnerabilities in vSphere Client and ESXi. CVE-2021-21972: vSphere Client (HTML5) contains a remote code execution vulnerability in the vRealize Operations plug-in in vCenter Server, with the CVSSv3 score of 9.8. The affected vRealize Operations plug-in is installed […]
Amplification DDoS Attacks Come Again
February 26, 2021
Just in February, another two amplification DDoS attacks caught our attention. They are respectively abusing Plex Media Servers and Powerhouse VPN servers to amplify junk traffic to victims. Abuse Plex Media Server for Amplification Attacks On 3rd February, according to ZDNet, DDoS-for-hire services have found a way to abuse Plex Media servers to bounce junk […]
Microsoft February Security Updates for Multiple High-Risk Product Vulnerabilities
February 25, 2021
Vulnerability Description On February 10, 2021, Beijing time, Microsoft released February 2021 Security Updates that fix 56 vulnerabilities, including high-risk ones like remote code execution and privilege escalation in various widely used products such as Microsoft Windows, Microsoft Office, Microsoft Exchange Server, Visual Studio, and Microsoft .NET Framework. In these security updates, Microsoft fixes 11 […]
Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24074)
February 24, 2021
Vulnerability Description On February 10, NSFOCUS found that Microsoft fixed the Windows TCP/IP remote code execution vulnerability (CVE-2021-24074) in its February updates. This vulnerability exists in the IPv4 source routing which is blocked by default in Windows systems. Attackers, via a crafted IP packet, could exploit this vulnerability to execute arbitrary code on a target […]
Enterprise Blockchain Security 2020-6
February 5, 2021
Regulatory Policies
With years of development, the blockchain industry has taken shape, but enterprise blockchain applications are still at an exploratory stage. The blockchain ecosystem contains SPs, application vendors, and users. SPs in this context provide blockchain information services, whose compliance
requirements are surely different from those for other information services (such as cloud services) due to the blockchain technology’s unique characteristics of non-deletability and support for post-event forensics.
Information Disclosure-Incurred Asset Compromise and Detection and Analysis
February 4, 2021
According to a survey, 25% of internal security incidents are attributed to information disclosure. Attackers, merely through information disclosure, without needing to resort to measures with obvious patterns, like password cracking, can further acquire sensitive information about users and enterprises. It should be noted that this kind of attack method has a high degree of anonymity, rendering pattern-based network traffic analysis and terminal security log analysis fruitless. Combining user entity behavior analysis (UEBA) with dissection of network traffic logs and terminal security logs, we can identify abnormal behaviors, associate the behaviors with attack alerts, and present readable threat event analysis, offering users a new approach to discovering stealthy threats.
(more…)Enterprise Blockchain Security 2020-5
February 3, 2021
The enterprise-related blockchain security landscape has two layers of meanings: enterprise blockchain security situation and blockchain-related enterprise security situation. The former refers to the security posture of enterprises that have deployed blockchain applications. In the latter case, although an enterprise does not deploy any blockchain applications, security threats facing it point to blockchains.
In terms of the enterprise blockchain security situation, historically, blockchains were mainly public ones at the initial stage. Therefore, most vulnerabilities disclosed and security events detected are related to public blockchains. Consortium blockchains are still infants, so research on their security is conducted tentatively, explaining why there are so few vulnerabilities and security events related to them.
(more…)