2020 Mid-Year DDoS Attack Landscape Report-4
September 1, 2020
At 17:00 of May 20, NSFOCUS SOC detected an abnormal traffic alert in the global monitoring center, the IP addresses of a customer from Hong Kong were under attack and the maximum attack peak reached 634.6 Gbps. This had been the largest of all attacks targeting NSFOCUS’s customers by the
time this report was written. According to IP gang intelligence from the NSFOCUS Threat Intelligence (“NTI”), large quantities of source IP addresses involved in the attack were controlled by the IP gang IPGang01 we have continuously monitored. We will elaborate on it in the following “attack gangs” chapter.
Botnet Trend Report 2019-8
August 31, 2020
The first nine months of 2019 saw sharp rise in the market prices of cryptocurrencies dominated by Bitcoin. Despite a fall in the fourth quarter, the prices remained high. Meanwhile, cryptojacking malware became active with the rise of cryptocurrency prices.
(more…)Adobe Releases August’s Security Updates Threat Alert
August 31, 2020
Overview
On August 11, 2020 (local time), Adobe released security updates to address multiple vulnerabilities in Adobe Acrobat, Reader, and Lightroom.
For details about the security bulletins and advisories, visit the following link:
Microsoft’s August 2020 Patches Fix 120 Security Vulnerabilities Threat Alert
August 30, 2020
Overview
Microsoft released August 2020 security updates on Tuesday which fix 120 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, ASP.NET, Internet Explorer, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Video Control, Microsoft Windows, Microsoft Windows Codecs Library, Netlogon, SQL Server, Visual Studio, Windows AI, Windows COM, Windows Kernel, Windows Media, Windows Media Player, Windows Print Spooler Components, Windows RDP, Windows Registry, Windows Shell, Windows Update Stack, and Windows WalletService.
(more…)2020 Mid-Year DDoS Attack Landscape Report-3
August 29, 2020
From January to May 2020, except in April when the number of DDoS attacks was on a par with that a year earlier, the other months experienced a year-on-year decrease in the number. However, attack traffic in each month in the first half of 2020 increased year on year.
Cisco SD-WAN High-Risk Vulnerabilities (CVE-2020-3374, CVE-2020-3375) Threat Alert
August 28, 2020
Overview
Recently, Cisco released an announcement stating that it has repaired two high-risk vulnerabilities in Cisco SD-WAN vManager Software (CVE-2020-3374) and SD-WAN Solution Software (CVE-2020-3375).
Cisco SD-WAN is a secure cloud-scale architecture with openness, programmability, and scalability. Through the Cisco vManage console, you can quickly establish SD-WAN coverage structures to connect data centers, branch offices, campuses, and colocation facilities to improve network speed, security, and efficiency.
(more…)2019 Cybersecurity Insights -18
August 26, 2020
UPnP is short for Universal Plug and Play. UPnP is an architecture that defines peer-to-peer connectivity of PCs and intelligent devices (or instruments). Built upon Internet standards and technologies (such
as TCP/IP, HTTP, and XML), UPnP allows such devices to connect to and collaborate with each other automatically, thus making it possible for the network (especially home networks) to be accessible to more people. Therefore, many routers have this service that is publicly available. Within the UPnP protocol stack, Simple Service Discovery Protocol (SSDP) is used to discover devices in the local area network (LAN) and Simple Object Access Protocol (SOAP) is used for device control. For more basic knowledge of UPnP and vulnerability introduction, refer to NSFOCUS’s 2018 Annual IoT Security Report 1.
As for devices with the UPnP SSDP service publicly available, China, South Korea, Venezuela, the USA, and Japan had the most such devices exposed. Meanwhile, we found that devices exposed in Russia registered a decrease of 84% as compared to 2018. It is estimated that related Russian authorities had pushed forward UPnP governance.
(more…)WebSphere Application Server High-Risk Remote Code Execution Vulnerability (CVE-2020-4450) Threat Alert
August 25, 2020
Overview
On June 5, Beijing time, IBM released a security bulletin to announce the fix of a high-risk remote code execution vulnerability (CVE-2020-4450) in WebSphere Application Server (WAS). This vulnerability was caused by deserialization of the Internet Inter-ORB Protocol (IIOP). It is assigned the CVSS base score of 9.8 and therefore is a high-risk one with an extensive impact.
(more…)Botnet Trend Report 2019-7
August 24, 2020
In 2019, ransomware was still a major type of threats that haunted people around the world. As an infamous botnet family, GandCrab generated more than USD 2 billion in ransom payments, simulating the rapid increase of other ransomware.
(more…)
