January 25, 2021
Microsoft released January 2021 security updates on Tuesday which fix 83 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Repository, ASP.NET core & .NET core, Azure Active Directory Pod Identity, Microsoft Bluetooth Driver, Microsoft DTV-DVD Video Decoder, Microsoft Edge (HTML-based), Microsoft Graphics Component, Microsoft Malware Protection Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft RPC, Microsoft Windows, Microsoft Windows Codecs Library, Microsoft Windows DNS, SQL Server, Visual Studio, Windows AppX Deployment Extensions, Windows CryptoAPI, Windows CSC Service, Windows Diagnostic Hub, Windows DP API, Windows Event Logging Service, Windows Event Tracing, Windows Hyper-V, Windows Installer, Windows Kernel, Windows Media, Windows NTLM, Windows Print Spooler Components, Windows Projected File System Filter Driver, Windows Remote Desktop, Windows Remote Procedure Call Runtime, Windows splwow64, Windows TPM Device Driver, Windows Update Stack, and Windows WalletService.(more…)
January 24, 2021
On January 20, 2021, NSFOCUS detected that Oracle released the January 2021 Critical Patch Update (CPU), which fixed 329 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle WebLogic Server, Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, Oracle Enterprise Manager, and Oracle Systems. Oracle strongly recommends users fix these vulnerabilities by applying Critical Patch Update patches as soon as possible.(more…)
January 23, 2021
To facilitate debugging and analysis by developers, a lot of master computer configuration software often comes with a simulator that simulates a real programmable logic controller (PLC) or human-machine interface (HMI) device. Such simulators exchange data with master computer configuration software through TCP/IP and therefore some will listen on a designated port which is sometimes even bound to the IP address 0.0.0.0 and open to other remote users.
As simulators may share the code base with real devices, vulnerabilities in simulators will affect real devices and vice versa, especially vulnerabilities in private protocols such as remote code execution vulnerabilities caused by buffer overflows. If simulators provide a publically available service that contains a high-risk vulnerability, attackers could exploit it to compromise developers’ hosts for further penetration.(more…)
January 22, 2021
On January 20, 2021, NSFOCUS detected that Oracle released the January 2021 Critical Patch Update (CPU), which fixed 329 vulnerabilities of varying risk levels. Seven of these vulnerabilities are severe and assigned CVE-2021-1994, CVE-2021-2047, CVE-2021-2064, CVE-2021-2108, CVE-2021-2075, CVE-2019-17195, and CVE-2020-14756. Unauthenticated attackers could exploit these vulnerabilities to execute code remotely. These vulnerabilities are assigned a CVSS Base Score of 9.8 and are easy to exploit. Users are advised to take measures without delay to protect against the preceding vulnerabilities.(more…)
January 22, 2021
Malicious Behaviors Targeting UPnP Vulnerabilities
We captured four kinds of UPnP exploits 1, as shown in Table 4-7. Apparently, all the exploits targeted remote command execution vulnerabilities. Besides, we found that when a vulnerability is found on a specific port, attackers usually directly hit this port by skipping the UPnP discovery phase.(more…)
January 21, 2021
On January 15, 2021, Beijing time, JumpServer released an emergency bulletin to announce a remote command execution vulnerability in its bastion host and advised users to fix it as soon as possible, especially those whose JumpServer can be accessed via the Internet.(more…)
January 20, 2021
On January 13, 2021, NSFOCUS’s emergency response team received feedback on the incaseformat virus from a host of customers in the government, healthcare, education, and telecom sectors. According to analysis, we found that this virus mainly infected hosts installed with financial management application systems. Also, we observed that all other files than system partition files are deleted from infected hosts and that this virus is named incaseformat because an empty file with the name incaseformat.log exists in the root directory of the partition where the deleted files are stored.(more…)
January 19, 2021
Blockchains are distributed digital ledgers of cryptographically signed transactions that are grouped into blocks. Each block is cryptographically linked to the previous one (making it tamper evident) after validation and undergoing a consensus decision. As new blocks are added, older blocks become more difficult to modify (creating tamper resistance). New blocks are replicated across copies of the ledger within the network, and any conflicts are resolved automatically using established rules. Since its launch, the blockchain technology has gone through ups and downs, but predictably, will gain momentum for rapid growth in the years to come.
Generally, blockchains are divided into public, consortium, and private blockchains, each applied in particular scenarios.(more…)
January 18, 2021
The outbreak of Incaseformat virus has affected many industries recently. It is critical because it has removed all non-system files and caused serious data loss. This virus appeared before, now it has come back and infected many hosts, especially in China. As of 14 Jan, 2:00 P.M.(GMT+8), NSFOCUS Labs and NSFOCUS Threat Intelligence have detected 468 file hash of its variants.(more…)
January 15, 2021
The following sections analyze threats from the port mapping service based on UPnP port mapping tables collected from network-wide devices.
In the 2018 Annual IoT Security Report , we focused our attention on four types of malicious port mappings that had the most distinctive characteristics and the most extensive impact. Of the four major malicious types, EternalSilence, IntraScan, and NodeDoS were mainly used for intranet intrusions, while MoniProxy acted as a proxy for access to the Internet. In 2019, we also turned our eyes to other malicious port mapping types to get a whole picture of devices infected with malicious port mappings.(more…)