Adeline Zhang

F5 BIG-IP TMUI Remote Code Execution Vulnerability (CVE-2020-5902) Threat Alert

July 24, 2020

Vulnerability Description

Recently, NSFOCUS detected that F5 had updated its security advisory on the Traffic Management User Interface (TUMI) remote code execution vulnerability (CVE-2020-5902). The affected 15.x versions were changed to 15.0.0–15.1.0, and bypassable workarounds and validation methods were updated. By accessing the TUMI via the BIG-IP management port or their own IP addresses, unauthenticated attackers could craft malicious requests to obtain the privileges of target servers. The vulnerability has a CVSS score of 10. Currently, msf has integrated the exploit of the vulnerability. Users affected by the vulnerability are advised to take measures as soon as possible.

(more…)

IP Reputation Report-07192020

July 23, 2020

1.Top 10 countries in attack counts:

  • The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 19, 2020.
(more…)

2019 Cybersecurity Insights -12

July 22, 2020

Ransomware

In 2019, ransomware was still a major type of threats that haunted people around the world. The most prominent families were GlobeImposter, GandCrab, and WannaCry, which were extremely active and had far more variants than others. According to NSFOCUS Security Labs’ observation, the number of ransomware families and variants increased sharply in four months from May to August 2019, which was somewhat attributable to the soaring prices of major cryptocurrency types. These families used diverse compromise methods to attack a wide variety of sectors, posing a severe threat to organizations’ and individuals’ data. Through ongoing monitoring, NSFOCUS Security Labs finds that the following trends of ransomware took shape in 2019:

(more…)

Citrix Multiple High-Risk Vulnerabilities Threat Alert

July 21, 2020

Vulnerability Description

Recently, NSFOCUS detected that Citrix had released a security bulletin on the remediation of 11 vulnerabilities in Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP. Details are as follows:

(more…)

Botnet Trend Report -2

July 20, 2020

2019 witnessed frequent breakout of cybersecurity events, in which malware played an important role, exhibiting an eye-popping power of destruction with botnets.

At the end of 2018, Driver Talent suffered a supply chain attack as a result of its upgrade channel being planted with a Monero mining trojan, which, once breaking into a computer, would spread laterally via the EternalBlue exploit to infect more computers. The impact of this attack could still be felt in 2019, giving rise to a slew of emergencies.

(more…)

Information Security in the Workplace- Illegal Internet Connection-v

July 17, 2020

With the advancement of IT-based transformation and the rapid development of IT, various network technologies have seen more extensive and profound applications, along with which come a multitude of cyber security issues. Come to find out what information security issues you should beware of in the workplace.

(more…)

IP Reputation Report-07122020

July 16, 2020

1. Top 10 countries in attack counts:

  • The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 12, 2020.
(more…)

2019 Cybersecurity Insights -11

July 15, 2020

Cryptomining Traffic

Based on all sorts of security alert data from NSFOCUS Managed Security Service (MSS), we made a quantitative analysis of cryptomining activities and hosts in enterprises in 2019 and found that the cryptomining topicality is positively correlated with the cryptomining market trend.

(more…)

Design of Protection Against HTTPS-Targeted DDoS Attacks

July 14, 2020

As more and more Internet business is switched to the encrypted HTTPS from the plaintext HTTP, distributed denial of service (DDoS) attacks against HTTPS are also on the rise, including attacks targeting the SSL/TLS handshake and HTTPS services. Protecting against HTTPS-targeted DDoS attacks has always been a hard nut to crack within the industry. This document describes the working principle and harm of this kind of attacks as well as the protection design and practices.

(more…)

Botnet Trend Report 1

July 13, 2020

Executive Summary

With the rapid advancement of computer technologies and more and more network devices joining the Internet, the global Internet has expanded at an unbelievably high speed. However, efforts made in enhancing cybersecurity are lagging far behind the growth of the Internet, leaving an ever-growing gap in between. Many cybercrime groups and individuals are trying to take hold of insufficiently secured network resources and turn them into botnet clusters for the purpose of garnering illegal profits.

(more…)

Search

Subscribe to the NSFOCUS Blog