Windows NTLM Tampering Vulnerability (CVE-2019-1040) Threat Alert
June 17, 2019
1 Vulnerability Overview
On June 12, 2019, Beijing time, Microsoft released security patches for the Windows NTLM tampering vulnerability (CVE-2019-1040), which exists in Windows operating systems and allows attackers to bypass the NTLM MIC (Message Integrity Check) protection. (more…)
The Road to 5G is Paved with Malware
June 14, 2019
There is no doubt that 5G will revolutionize how we use online services. Mobile high-speed internet access in excess of 5Gbs will facilitate revolutionary technologies to take advantage of the new bandwidth. Feature rich apps for entertainment, productivity, social media, and health & fitness are preparing to offer functionality only possible with high-speed mobile access. Already outside the United States disruptive technologies and services have started to appear in countries that have 5G, changing how people live, work, and interact. Smart cars driving in smart cities based on smart technologies. (more…)
Microsoft’s SecurityPatches for June that Fix 93 Security Vulnerabilities Threat Alert
June 14, 2019
Overview
Microsoft released June 2019 security patches on Tuesday that fix 93 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Adobe Flash Player, Kerberos, Microsoft Browsers, Microsoft Devices, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Servicing Stack Updates, Skype for Business and Microsoft Lync, Team Foundation Server, VBScript, Windows Authentication Methods, Windows Hyper-V, Windows IIS, Windows Installer, Windows Kernel, Windows Media, Windows NTLM, and Windows Shell. (more…)
IP Reputation Report-06102019
June 13, 2019
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at June 09, 2019. Top 10 countries in attack percentage: The Laos is in the first place since last week. The Myanmar is still in the second place. The […]
2018 DDoS Attack Landscape-9
June 12, 2019
Behind DDoS attacks, there are complex economic interests in the underground industry. Therefore, effective governance needs to start from multiple dimensions, including policy, industry, resource, and technical dimensions. This chapter dwells upon how to mitigate DDoS attacks from the following perspectives.
Adobe Security Bulletins for June 2019 Security Updates Threat Alert
June 11, 2019
Overview
On June 11, 2019, local time, Adobe officially released June’s security updates to fix multiple vulnerabilities in its various products, including Adobe Flash Player, Adobe Campaign, and Adobe ColdFusion. (more…)
Absolute Computrace Security Risk Threat Alert
June 5, 2019
Overview
Recently, a researcher discovered that his computer motherboard BIOS comes with an anti-theft trace application Computrace from Absolute, which, after a computer startup, will be silently installed by the operating system and then transmit data overseas. Besides, this software can remotely obtain users’ files from their computers, monitor their behavior, and download and install unknown programs in an unauthorized manner. (more…)
Issues Related to the Application of Machine Learning in Security Threat Scenarios
June 4, 2019
At RSA 2019, as indicated by Bugra Karabey, the senior risk manager from Microsoft, artificial intelligence (AI) and machine learning (ML) technologies have found a ubiquitous application in the cybersecurity field. Currently, ML is the most popular AI technology which is extensively used. Meanwhile, people begin to think about drawbacks and even security risks of ML.
Threat Model ATT&CK
June 3, 2019
1. Introduction
AI/ML is a hot topic in RSA Conference 2019. Current artificial intelligence (AI) can be roughly divided into perceptual intelligence (capabilities of perceiving images, audio, and video) and cognitive intelligence (knowledge-based reasoning and causal analysis). Most algorithms in use nowadays are perceptual. (more…)
