Adeline Zhang

Information Disclosure-Incurred Asset Compromise and Detection and Analysis

February 4, 2021

According to a survey, 25% of internal security incidents are attributed to information disclosure. Attackers, merely through information disclosure, without needing to resort to measures with obvious patterns, like password cracking, can further acquire sensitive information about users and enterprises. It should be noted that this kind of attack method has a high degree of anonymity, rendering pattern-based network traffic analysis and terminal security log analysis fruitless. Combining user entity behavior analysis (UEBA) with dissection of network traffic logs and terminal security logs, we can identify abnormal behaviors, associate the behaviors with attack alerts, and present readable threat event analysis, offering users a new approach to discovering stealthy threats.


Enterprise Blockchain Security 2020-5

February 3, 2021

The enterprise-related blockchain security landscape has two layers of meanings: enterprise blockchain security situation and blockchain-related enterprise security situation. The former refers to the security posture of enterprises that have deployed blockchain applications. In the latter case, although an enterprise does not deploy any blockchain applications, security threats facing it point to blockchains.

In terms of the enterprise blockchain security situation, historically, blockchains were mainly public ones at the initial stage. Therefore, most vulnerabilities disclosed and security events detected are related to public blockchains. Consortium blockchains are still infants, so research on their security is conducted tentatively, explaining why there are so few vulnerabilities and security events related to them.


Risk Assessment for Industrial Control Systems

February 2, 2021

ICS security professionals should report ICS vulnerabilities to the vendor before attackers discover them and offer the vendor with remediation suggestions, mitigation measures, and security solutions to avoid network attack risks before the vulnerabilities are malicious exploited.

Compared with Windows systems, a quite different method is used to assess ICS systems due to their heterogeneity. In other words, ICS systems involve various protocols and hardware configurations and more than one vendor, making it easier to develop exploits that are challenging to develop otherwise.

Before creating exploits, you must have a full grasp of ICSs. Introduction to ICSs is not a key focus of this document and therefore omitted here.


Enterprise Blockchain Security 2020-4

February 1, 2021

This chapter analyzes security threats facing enterprise blockchains.


Annual IoT Security Report 2019-18

IoT botnets

January 29, 2021


IoT devices are faced with a great security challenge and their security appears particularly important. On one hand, though IoT devices have had a long existence, legacy IoT devices and their application protocols contain a variety of vulnerabilities due to the ill-conceived security design. On the other hand, as noted in the analysis of IoT security events, asset exposure, and IoT threats, cybercriminals have begun to leverage vulnerabilities and weaknesses in IoT devices to impose severe threats on individuals, enterprises, and even countries. In response to the grave security situation, we put forward an IoT security protection approach with the focus on device protection to improve the security of the entire IoT.


Adobe Security Bulletins for January 2021 Security Updates

January 28, 2021


On January 12, 2021, local time, Adobe officially released January’s security updates to fix multiple vulnerabilities in its various products, including Adobe Bridge, Adobe Captivate, Adobe InCopy, Adobe Campaign, Classic,Adobe Animate, Adobe Illustrator, and Adobe Photoshop.

For details about the security bulletins and advisories, visit the following link:

Enterprise Blockchain Security 2020-3

January 27, 2021

Current mainstream consortium blockchain platforms include Hyperledger, Quorum, and R3 Corda, which are described in detail in the following sections.


Considerations for Making ICS Networks Comply with CMMC

January 26, 2021

1. Background

In early 2020, the US Department of Defense (DOD) released the Cybersecurity Maturity Model Classification (CMMC).

On average, the USA loses USD 600 billion a year to adversaries in the cyberspace. Currently, the DOD has about 300,000 contractors, covering a variety of fields from hypersonic weapons to leather factories. Of all these contractors, about 290,000 virtually have no cybersecurity measures. In the past few years, the US Government has stepped up efforts in regulating the defense supply chain, with cybersecurity as the top concern.


Attributed Graph-based Anomaly Detection and Its Application in Cybersecurity

January 26, 2021

1. Background

On cyberspace battlefields, adversaries often lurk in the darkness, but will jump at the throat of victims whenever spotting a chance. Today, extensive collection of huge amounts of data from various dimensions is nothing new. This can be very useful for security defenses, but at the same time brings unprecedented challenges to security operations teams. Every day, security operations personnel are up to their necks in massive alerts, busying themselves analyzing alerts, correlating alerts with incidents, and attributing attacks based on their experience and expertise. To address these problems in security operations, it is urgent to find a method to profile attackers from multiple dimensions and assess their potentials before providing assessment results to security operations personnel, who will then identify most dangerous attackers. Attributed graph modeling is an effective method that allows modeling of attackers from aspects of attributes, structures, and temporal features.


Enterprise Blockchain Security 2020-2

January 26, 2021

This chapter describes the characteristics, usage scenarios, and architecture of enterprise blockchains, and illustrates three major enterprise blockchain systems in three separate sections.



Subscribe to the NSFOCUS Blog