Adeline Zhang

A Preliminary Investigation into the Worm Technique Affecting Schneider’s Programmable Logic Controllers

December 29, 2020

Background

Some time ago, some researchers detected a code injection vulnerability (CVE-2020-7475), which could cause Schneider’s Programmable Logic Controllers (PLCs) to operate like worms. If successfully exploited, this vulnerability could allow a PLC to act as a mini PC to carry out malicious network activities or as an intranet springboard or a network scanner to penetrate into industrial systems in a more covert manner.

(more…)

Adobe Releases December’s Security Updates Threat Alert

December 28, 2020

Overview

On December 8, 2020, local time, Adobe released security updates which address multiple vulnerabilities in Adobe Prelude, Adobe Experience Manager, and Adobe Lightroom.

(more…)

Annual IoT Security Report 2019-12

IoT botnets

December 25, 2020

In this section, we analyze threat trends related to Netis routers according to the data captured by NSFOCUS’s threat hunting system. Our data is based on log messages generated from May 21 to October 30, 2019. The following subsections analyze these log messages from the aspects of attack sources, attack incidents, and samples.

  • Attack Sources

Upon deduplication of source IP addresses indicated in honeypot logs, we found 348 IP addresses attempting to connect to the honeypot, 229 of which were used for exploits of the backdoor. As shown in Figure 3-10, most IP addresses (51%) used for vulnerability-based attacks were distributed in the USA.

(more…)

Microsoft’s December 2020 Patches Fix 58 Security Vulnerabilities Threat Alert

December 23, 2020

Overview 

Microsoft released December 2020 security updates on Tuesday which fix 58 vulnerabilities ranging from simple spoofing attacks to remote code execution, including 9 critical vulnerabilities, 47 important vulnerabilities, and two moderate vulnerabilities. All users are advised to install updates without delay.

(more…)

Annual IoT Security Report 2019-11

IoT botnets

December 22, 2020

In this section, we analyze two vulnerabilities, namely, the CVE-2016-10372 vulnerability32 in the Eir D1000 router and the backdoor vulnerability in Netis routers. Except UPnP-related vulnerabilities described in section 4.4.3 Malicious Behaviors Targeting UPnP Vulnerabilities, the CVE-2016-10372
vulnerability was exploited most frequently. The backdoor vulnerability in Netis routers exerted a severe impact when it was initially disclosed.

(more…)

Pay or Die!

December 21, 2020

“Pay or Die” is an opening phrase often used by DDoS blackmailers. Github was attacked, NZX was unable to provide services for 4 days… these are all serious DDoS blackmail incidents this year. This is just the tip of the iceberg of such lucrative crimes. In various forms of digital black mailings, using “distributed denial of service attacks” (DDoS) to attack target companies has become attackers’ first choice.

(more…)

Introduction of common attack types in manufacturing industry

December 18, 2020

Abstract

The real economy with manufacturing as the core industry is the basis for maintaining national competitiveness and healthy economic development. Based on the universal recognition of this concept, the Industry 4.0 strategy of Germany, the national advanced manufacturing strategy of the United States, and the national manufacturing policy of India, have taken place as national strategic plans.

(more…)

Citrix SD-WAN Vulnerabilities Threat Alert

December 16, 2020

Overview

Recently, Citrix SD-WAN released a security update to address three vulnerabilities (CVE-2020-8271, CVE-2020-8272, CVE-2020-8273). These vulnerabilities allow an unauthenticated attacker with network access to SD-WAN Center to perform arbitrary code execution as root.

At present, there exist detailed analysis of relevant vulnerabilities and the proof of concept (POC) concerning CVE-2020-8271.

(more…)

Annual IoT Security Report 2019-10

IoT botnets

December 15, 2020

IoT Exploits

Viewpoint 3: Over 30 types of IoT exploits were captured, most of which targeted remote command execution vulnerabilities. Though hundreds of to thousands of IoT vulnerabilities were unveiled each year, only a few can exert an extensive impact. Attackers were keen on targeting devices (routers and video surveillance devices) exposed in large quantities, so as to broaden their influence.

Based on the logs generated by NSFOCUS’s threat hunting system from May 6 to November 6, 2019, we made an analysis of global IoT exploits.

Over 30 types of IoT exploits were captured, most of which targeted remote command execution vulnerabilities. Obviously, from the perspective of global IoT threats, though hundreds of to thousands of IoT vulnerabilities were unveiled each year, only a few can exert an extensive impact. We counted all logs generated one day for the same source IP address as one attack event. Upon deduplication of attack IP addresses, we got top 10 most frequently exploited IoT vulnerabilities listed in descending order of the number of exploitations in Table 3-1. It can be seen that attackers’ exploits mainly targeted routers and video surveillance devices, which fits in with the fact that routers and video surveillance devices were major IoT devices exposed on the Internet. Evidently, attackers hit devices exposed in large quantity to expand the scope of impact. The PoC of most of these vulnerabilities can be found in the Exploit-DB and those beyond this database existed in GitHub. These publicly available PoCs have substantially reduced attackers’ cost of crafting attack payloads.

(more…)

Multiple Cisco Vulnerabilities Threat Alert-1

December 14, 2020

Overview

On November 18, 2020 (local time), Cisco released security advisories fixing vulnerabilities in multiple products. These vulnerabilities include three high-risk ones: CVE-2020-3531, CVE-2020-3586, and CVE-2020-3470.

Reference link:

https://tools.cisco.com/security/center/publicationListing.x
(more…)

Search

Subscribe to the NSFOCUS Blog