Adeline Zhang

Oracle April 2020 Critical Patch Update for All Product Families Threat Alert

April 26, 2020

Overview

On April 14, 2020, local time, Oracle released its own security advisory and third-party security advisories for its April 2020 Critical Patch Update (CPU) which fix 397 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the following link:

(more…)

Microsoft’s April Patches Fix Multiple 0-Day Vulnerabilities Exploited in the Wild Threat Alert

April 25, 2020

Overview

On April 14, 2020, local time, Microsoft released its April patches that fix 113 security issues, including three 0-day vulnerabilities that have been exploited in the wild. The three vulnerabilities exist in Windows Adobe Type Manager Library and the Windows kernel. (more…)

WannaRen Surfaces as a New Strain of Ransomware Threat Alert

April 24, 2020

Overview

Recently, a new strain of ransomware WannaRen came to the surface and began to spread between PCs. This ransomware encrypts almost all files in the Windows system and uses .WannaRen as the extension of encrypted files. The attacker leaves a Bitcoin wallet address and demands 0.05 Bitcoin as ransom. (more…)

IP Reputation Report-04192020

April 23, 2020

Top 10 countries in attack counts:

  • The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at April 19, 2020.

(more…)

DDoS Attack Landscape 5

April 22, 2020

Controlled DDoS Attack Sources

According to statistics, China was still home to the largest number of controlled DDoS attack sources (36.19%) in 2019, followed by the USA and UK. Although China’s ranking remained
unchanged in terms of the number, the proportion decreased compared with 2018. This indicates that China’s DDoS governance and defenses have yielded fruits. (more…)

Google Chrome Update Fixes Multiple High-Severity Vulnerabilities Threat Alert

April 21, 2020

Overview

On March 31, 2020, local time, Google published an advisory, announcing that the newest version of Chrome 80.0.3987.162 to be rolled out in the coming days would address eight security vulnerabilities. Now this version has been released.

The most severe of these vulnerabilities could allow attackers to execute arbitrary code in the context of the browser. (more…)

Overseas APT Organization Exploits Vulnerabilities to Breach Sangfor SSL VPNs and Deliver Malicious Code Threat Alert

April 20, 2020

Overview

On April 6, Sangfor released an advisory, announcing that an overseas APT organization illegally took control of some of their SSL VPN devices and sent malicious files to clients by exploiting a client upgrade vulnerability. NSFOCUS has kept a close eye on this issue and conducted overall analysis. We advise related users to take precautions as soon as possible.

The vulnerability exists due to the defect of the upgrade module signature authentication mechanism of the Windows client of SSL VPN devices. The prerequisite for exploitation is that attackers must take control of SSL VPN privileges. According to Sangfor’s analysis, this vulnerability is difficult to exploit. Therefore, Sangfor estimates that there are only a limited number of affected VPN devices. According to the NSFOCUS security team, not many VPN devices have been compromised by the APT organization, but the affected versions are widely used in enterprises in China.

(more…)

WebSphere Application Server Remote Code Execution Vulnerability (CVE-2020-4276 and CVE-2020-4362) Threat Alert

April 17, 2020

Overview

IBM released security advisories to announce the fix of two remote code execution vulnerabilities (CVE-2020-4276 and CVE-2020-4362) in WebSphere Application Server.

The two vulnerabilities exist when WebSphere uses token-based authentication in an admin request over the SOAP connector.

By sending a maliciously crafted request to WebSphere SOAP Connector, an attacker could execute arbitrary code on an affected server in an unauthorized way.

(more…)

IP Reputation Report-04122020

April 16, 2020

  1. Top 10 countries in attack counts:

  • The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at April 12, 2020.

(more…)

DDoS Attack Landscape 4

April 15, 2020

Attack Distribution by Duration

In 2019, the average duration of DDoS attacks was registered at 52 minutes, an 18% increase from 2018. We noticed that the longest DDoS attack in 2019 lasted around 20 days, far longer than attacks detected in previous years.

In 2019, a DDoS attacks lasting less than 30 minutes accounted for 75%, approximate to the figure registered in 2018. The high proportion of short attacks signals that attackers are attaching more
and more importance to the attack cost and efficiency and are more inclined to overwhelm the target service with floods of traffic in a short time, getting users offline and causing high latency
and jitters. In addition, Botnet-as-a-Service (BaaS) and DDoS-as-a-Service (DDoS) have gained momentum for rapid development, which were also to blame for the prevalence of short attacks.
Thanks to their availability, platform users are able to launch massive attacks in a very short time as long as they are willing to pay a certain amount of money for a whole lot of mercenary attack resources4. In the long run, repeated burst attacks, which are under effective cost control, will greatly aggravate the quality of target services.

(more…)

Search

Subscribe to the NSFOCUS Blog