Botnet Trend Report 2019-8
August 31, 2020
The first nine months of 2019 saw sharp rise in the market prices of cryptocurrencies dominated by Bitcoin. Despite a fall in the fourth quarter, the prices remained high. Meanwhile, cryptojacking malware became active with the rise of cryptocurrency prices.
(more…)Adobe Releases August’s Security Updates Threat Alert
August 31, 2020
Overview
On August 11, 2020 (local time), Adobe released security updates to address multiple vulnerabilities in Adobe Acrobat, Reader, and Lightroom.
For details about the security bulletins and advisories, visit the following link:
Microsoft’s August 2020 Patches Fix 120 Security Vulnerabilities Threat Alert
August 30, 2020
Overview
Microsoft released August 2020 security updates on Tuesday which fix 120 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, ASP.NET, Internet Explorer, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Video Control, Microsoft Windows, Microsoft Windows Codecs Library, Netlogon, SQL Server, Visual Studio, Windows AI, Windows COM, Windows Kernel, Windows Media, Windows Media Player, Windows Print Spooler Components, Windows RDP, Windows Registry, Windows Shell, Windows Update Stack, and Windows WalletService.
(more…)2020 Mid-Year DDoS Attack Landscape Report-3
August 29, 2020
From January to May 2020, except in April when the number of DDoS attacks was on a par with that a year earlier, the other months experienced a year-on-year decrease in the number. However, attack traffic in each month in the first half of 2020 increased year on year.
Cisco SD-WAN High-Risk Vulnerabilities (CVE-2020-3374, CVE-2020-3375) Threat Alert
August 28, 2020
Overview
Recently, Cisco released an announcement stating that it has repaired two high-risk vulnerabilities in Cisco SD-WAN vManager Software (CVE-2020-3374) and SD-WAN Solution Software (CVE-2020-3375).
Cisco SD-WAN is a secure cloud-scale architecture with openness, programmability, and scalability. Through the Cisco vManage console, you can quickly establish SD-WAN coverage structures to connect data centers, branch offices, campuses, and colocation facilities to improve network speed, security, and efficiency.
(more…)2019 Cybersecurity Insights -18
August 26, 2020
UPnP is short for Universal Plug and Play. UPnP is an architecture that defines peer-to-peer connectivity of PCs and intelligent devices (or instruments). Built upon Internet standards and technologies (such
as TCP/IP, HTTP, and XML), UPnP allows such devices to connect to and collaborate with each other automatically, thus making it possible for the network (especially home networks) to be accessible to more people. Therefore, many routers have this service that is publicly available. Within the UPnP protocol stack, Simple Service Discovery Protocol (SSDP) is used to discover devices in the local area network (LAN) and Simple Object Access Protocol (SOAP) is used for device control. For more basic knowledge of UPnP and vulnerability introduction, refer to NSFOCUS’s 2018 Annual IoT Security Report 1.
As for devices with the UPnP SSDP service publicly available, China, South Korea, Venezuela, the USA, and Japan had the most such devices exposed. Meanwhile, we found that devices exposed in Russia registered a decrease of 84% as compared to 2018. It is estimated that related Russian authorities had pushed forward UPnP governance.
(more…)WebSphere Application Server High-Risk Remote Code Execution Vulnerability (CVE-2020-4450) Threat Alert
August 25, 2020
Overview
On June 5, Beijing time, IBM released a security bulletin to announce the fix of a high-risk remote code execution vulnerability (CVE-2020-4450) in WebSphere Application Server (WAS). This vulnerability was caused by deserialization of the Internet Inter-ORB Protocol (IIOP). It is assigned the CVSS base score of 9.8 and therefore is a high-risk one with an extensive impact.
(more…)Botnet Trend Report 2019-7
August 24, 2020
In 2019, ransomware was still a major type of threats that haunted people around the world. As an infamous botnet family, GandCrab generated more than USD 2 billion in ransom payments, simulating the rapid increase of other ransomware.
(more…)
2019 Cybersecurity Insights -17
August 21, 2020
Threats Against WS-Discovery
WSD is a multicast discovery protocol to locate services on a local area network (LAN). However, due to device vendors’ design flaw in the implementation, when a normal IP address sends a service discovery packet, devices will also respond to the request. If exposed on the Internet, these devices will be possibly exploited for DDoS reflection attacks. In February 2019, security researchers 1 from Baidu published an article 2 about WSD reflection attacks. This is the first report we have read about such attacks. In a post 3 , ZDNet mentioned that WSD reflection attacks were first reported in May, and in August, many organizations began to use this protocol to launch DDoS attacks. According to Akamai, one of its customers in the gaming industry suffered a WSD reflection attack weighing in at 35 Gbps at peak bandwidth.
Around the world, about 910,000 IP addresses (80% (730,000) were video surveillance devices) provided the WSD service and were thus at risk of being exploited to launch DDoS attacks.
(more…)