DDoS in the Past Decade
July 1, 2019
1.0 Milestones 1.1 DDoS Size Expansion IP data source: The Zettabyte Era: Trends and Analysis The past decade has witnessed a steady growth in the peak size of DDoS attacks, especially in 2013 when the reflection method was used by attackers on a large scale and the DDoS attack size expanded at an exponential rate. […]
What You Should Know About Mitigation Bypass
June 28, 2019
Mitigation measures are implemented with many implicit assumptions. They can work only when these assumptions prove to be true and would be bypassed if these assumptions were broken. (more…)
IP Reputation Report-06242019
June 27, 2019
1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at June 21, 2019. Top 10 countries in attack percentage: The Laos is in the first place since four weeks ago. The Suriname is in the second […]
Botnet Trend Report-2
June 26, 2019
Botnets have evolved since 2017. New active families and platforms have become dominant. Attack types used have also changed. (more…)
Linux Kernel Multiple Remote Denial-of-Service Vulnerabilities Threat Alert
June 25, 2019
Overview
Recently, Red Hat released a security bulletin, pointing out multiple TCP-based remote denial-of-service vulnerabilities in the Linux kernel, namely, a SACK Panic vulnerability of important severity and two other vulnerabilities of moderate severity. (more…)
TP-Link Wi-Fi Extenders Remote Code Execution Vulnerability (CVE-2019-7406) Threat Alert
June 24, 2019
Overview
Recently, a security expert from IBM X-Force discovered a remote code execution vulnerability (CVE-2019-7406) in multiple models of TP-Link Wi-Fi extenders. This vulnerability can be exploited by unauthenticated, remote attackers by sending a malformed HTTP request so as to execute arbitrary shell commands on a target Wi-Fi extender. The attack does not require escalation of privileges as all processes on the vulnerable devices already run with root privileges. (more…)
Apache Axis Remote Code Execution 0-Day Vulnerability Handling Guide
June 21, 2019
Recently, by using the Attack Trend Monitoring system (ATM), the NSFOCUS security team has discovered an Apache Axis remote command execution vulnerability, which allows attackers to obtain privileges of the target server and remotely execute commands without authorization by sending a crafted HTTP-POST request. (more…)
NSFOCUS Shares Botnet Trends in New 2018 Insights Report
June 18, 2019
SANTA CLARA, Calif., — June 18, 2019 – NSFOCUS, a leader in holistic hybrid security solutions, today released its 2018 Botnet Trend report, which found that botnets in 2018 continued to use distributed denial-of-service (DDoS) as their primary weapon to attack high-speed networks. In the 2018 Botnet report, developed by NSFOCUS Fuying Laboratory, a component […]
Oracle WebLogic Remote Code Execution Vulnerability (CVE-2019-2725) Patch Bypass Threat Alert
June 18, 2019
Overview
Recently, the NSFOCUS security team has found that the Oracle Weblogic vulnerability is exploited in the wild. Its attack signature is similar to that of the CVE-2019-2725 vulnerability. The attack can bypass the latest security patch released by Oracle in April. This vulnerability exists because no proper sanitization is performed when deserialized information is handled. By sending a crafted malicious HTTP request, attackers could exploit this vulnerability to gain server privileges and remotely execute arbitrary code in an unauthorized manner.