IP Reputation Report-05032020
May 7, 2020
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at May 3, 2020. Top 10 countries in attack percentage: The Belarus is in first place. The Cape Verde is in the second place. The country China (CN) is […]
DDoS Attack Landscape 6
May 6, 2020
Activity of Attack Sources
Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)
Activity of Attack Sources
Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)
Activity of Attack Sources
Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)
A Look Into WS-Discovery Reflection Attacks for 2020 Q1
May 5, 2020
Executive Summary Web Services Dynamic Discovery (WSD) is a multicast discovery protocol to locate services on a local area network (LAN). However, due to device vendors’ design flaw in the implementation, when a normal IP address sends a service discovery packet, devices will also respond to the request. If exposed on the Internet, these devices […]
WebLogic Remote Code Execution Vulnerabilities (CVE-2020-2801, CVE-2020-2883, and CVE-2020-2884) Threat Alert
May 4, 2020
Overview
On April 15, 2020, Beijing time, Oracle released Critical Patch Update (CPU) for April 2020 that fixes 397 vulnerabilities of different risk levels.
These vulnerabilities include three critical ones (CVE-2020-2801, CVE-2020-2883, and CVE-2020-2884) that target Oracle WebLogic Server with a CVSS score of 9.8.
These vulnerabilities allow unauthenticated attackers with network access via T3 to compromise vulnerable Oracle WebLogic Server. Successful exploitation could result in takeover of Oracle WebLogic Server, hence remote code execution. (more…)
Git Credential Disclosure Vulnerability (CVE-2020-5260) Threat Alert
May 1, 2020
Vulnerability Description
On April 15, Git issued a security bulletin announcing a vulnerability that could reveal Git user credentials (CVE-2020-5260). Git uses a credential helper to store and retrieve credentials. But when a URL contains an encoded newline (%0a), it may inject unexpected values into the protocol stream of the credential helper. This vulnerability is triggered when the affected version of Git is used to execute a git clone command on a malicious URL. Users should take preventive measures as soon as possible. (more…)
IP Reputation Report-04262020
April 30, 2020
1.Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at April 26, 2020. 2.Top 10 countries in attack percentage: The Belarus is in first place. The Cape Verde is in the second place. The country China (CN) is […]
Adobe Security Bulletins for April 2020 Security Updates
April 30, 2020
Overview
On April 14, 2020, local time, Adobe officially released April’s security updates to fix multiple vulnerabilities in its various products, including Adobe ColdFusion, Adobe After Effects, and Adobe Digital Editions. (more…)
Microsoft’s April Patches Fix 113 Security Vulnerabilities Threat Alert
April 29, 2020
Overview
Microsoft released April 2020 security updates on Tuesday that fix 113 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Android App, Apps, Microsoft Dynamics, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows DNS, Open Source Software, Remote Desktop Client, Visual Studio, Windows Defender, Windows Hyper-V, Windows Kernel, Windows Media, and Windows Update Stack. (more…)
Oracle Coherence Remote Code Execution Vulnerability (CVE-2020-2915) Threat Alert
April 28, 2020
Overview
On April 14, local time, Oracle released the April Critical Patch Update (CPU) which fixes vulnerabilities that include a critical one (CVE-2020-2915) in Oracle Coherence CPU, with a CVSS score of 9.8.
This vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle Coherence. Successful exploitation of it could result in takeover of Oracle Coherence, hence remote code execution.
Products that use Oracle Coherence are affected by this vulnerability. The installation package of WebLogic Server 11g Release (10.3.4) and later has the Oracle Coherence library integrated by default. (more…)
How Does WannaRen Ransomware Spread?
April 27, 2020
Background
Recently, a new strain of ransomware WannaRen came to the surface and began to spread between PCs. This ransomware encrypts files in the Windows system and uses .WannaRen as the extension of encrypted files. The attacker leaves a Bitcoin wallet address and demands 0.05 Bitcoin as ransom. Through tracking and analysis, NSFOCUS’s emergency response team identified “KMS-activation-tool-19.5.2.exe” as the ransomware downloader, which disguises itself as an activation tool for users to download.