What You Should Know About DDoS Incident Response
August 27, 2019
This document addresses the overall strategy and process for DDoS incident response and provides detailed analysis of and countermeasures against some typical attacks, in a bid to help organizations respond to DDoS attacks more effectively and efficiently. Therefore, we will not dwell upon specific methods of and configurations of specific mitigations against each type of DDoS attack. (more…)
Adobe Security Bulletins for August 2019 Security Updates Threat Alert
August 26, 2019
Overview
On August 13, 2019, local time, Adobe officially released August’s security updates to fix multiple vulnerabilities in its various products, including Adobe Photoshop CC , Adobe Experience Manager, Adobe Acrobat and Reader, Adobe Creative Cloud Desktop Application, Adobe Prelude CC, Adobe Premiere Pro CC, Adobe Character Animator CC, and Adobe After Effects CC. (more…)
Information Security in the Workplace- password grading
August 24, 2019
With the advancement of IT-based transformation and the rapid development of IT, various network technologies have seen more extensive and profound applications, along with which come a multitude of cyber security issues. Come to find out what information security issues you should beware of in the workplace. (more…)
Banking Trojan Banjori Analysis Report
August 23, 2019
1 Sample Introduction
Banjori is a banking trojan that has been active since it was first spotted in 2013. It identifies personal online banking users in France, Germany, and the USA as major targets. After infecting a user, the trojan injects a malicious payload into the user’s active processes and collect the user’s information. Banking trojans and Banjori are mainly used to steal information via browsers.. Compared to Internet Explorer and Chrome, Firefox is a more sought after target for Banjori, which steals the majority of user information via query of hook and database files of the browser. It is worth noting that this family started to use the then modern dynamic domain generation algorithm (DGA) to obtain C&C server addresses in 2013. This renders the traditional blacklist of antivirus software ineffective, but also creates conditions for destroying andtaking over the Banjori botnets. (more…)
IP Reputation Report-08192019
August 22, 2019
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at August 19, 2019. Top 10 countries in attack percentage: The Palestine is in first place. The Curacao is in the second place. The country China (CN) is […]
Botnet Trend Report-10
August 21, 2019
4.2 BillGates: Best Cross-Platform Family
In February 2014, a new botnet family was reported by the Russian website, habr5 and named BillGates because of its bill and gates modules. Subsequently the research group, MalwareMustDie reported that botnet family was operated by a Chinese hacker group, closely related with other known families such as ChinaZ and Elknot. This has helped BillGates attract wide attention. (more…)
Microsoft’s Security Patches for August Fix 95 Security Vulnerabilities Threat Alert
August 20, 2019
Overview
Microsoft released August 2019 security patches on Tuesday that fix 95 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Active Directory, HTTP/2, Microsoft Bluetooth Driver, Microsoft Browsers, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Malware Protection Engine, Microsoft NTFS, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft XML, Microsoft XML Core Services, Online Services, Visual Studio, Windows – Linux, Windows DHCP Client, Windows DHCP Server, Windows Hyper-V, Windows Kernel, Windows RDP, Windows Scripting, Windows Shell, and Windows SymCrypt. (more…)
KDE Frameworks Command Execution Vulnerability (CVE-2019-14744) Threat Alert
August 19, 2019
Overview
Recently, a security researcher took to Twitter to disclose a KDE Frameworks command injection vulnerability, which stems from the KDesktopfile class handling .desktop, .directory, and configuration files. An attacker could create malicious files of these types, which, once being viewed with the KDE file viewer, could trigger the vulnerability, leading to code execution without requiring any user interactions like executing such files. (more…)
Botnet Trend Report-9
August 16, 2019
This chapter explores further into active botnet families detected in 2018. We concentrate on four distinct families and tools focusing our analysis on their behavior changes, sample version changes, sample variants, and average age of C&C servers, to better understand the dynamic lifecycle of botnet families throughout 2018. (more…)
IP Reputation Report-08122019
August 15, 2019
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at August 11, 2019.
