SolarWinds Serv-U Remote Code Execution Vulnerability (CVE-2021-35211) Threat Alert
July 23, 2021
Overview Recently, NSFOCUS CERT, through ongoing monitoring, found that SolarWinds released a security advisory fixing a remote code execution vulnerability (CVE-2021-35211). Microsoft reported to SolarWinds that they had discovered that the vulnerability was exploited in the wild and provided a proof of concept of the exploit. Unauthenticated, remote attackers could exploit this vulnerability to execute […]
A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 2
July 20, 2021
2. Encrypter: DP_Main 2.2 Self Copy and Automatic Running at Startup The program copies itself to %APPDATA%/DP/DP_Main.exe, and modifies the registry for automatic running at startup. 2.3 Deletion of Volume Shadow Backups The program uses CMD command parameters to delete volume shadow backups. 2.4 Upload of Encryption Information After obtaining disk information, the program begins […]
A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 1
July 16, 2021
Event Overview Recently, NSFOCUS CERT, through ongoing monitoring, found that the source code of the Paradise ransomware was leaked. Since data encrypted by Paradise cannot be decrypted now, the source code, if widely spread over the Internet, may cause a lot of trouble. Paradise had its source code leaked on a Russian hacker forum on […]
Windows Print Spooler RCE Vulnerabilities (CVE-2021-1675/CVE-2021-34527) Mitigation Guide
July 13, 2021
Overview On July 7, 2021, Beijing time, Microsoft released a security patch on the PrintNightmare vulnerability (CVE-2021-34527). NSFOCUS CERT recommends that users install this patch as soon as possible. On June 29, NSFOCUS CERT found that a security researcher published an exploit of the Windows Print Spooler remote code execution (RCE) vulnerability (PrintNightmare) on GitHub. […]
2020 DDoS Attack Landscape Report – 4
July 8, 2021
Key Findings – 5 The Number of DDoS Attacks on Healthcare, Education, and Government Sectors Increased Significantly During the COVID-19 Pandemic The healthcare sector suffered more DDoS attacks during the COVID-19 pandemic than previous years. According to statistics2, the number of attacks in each month in 2020 H2 increased year on year, with March and […]
Case Study: A 400G DDoS Attack Event Captured By NSFOCUS in Hong Kong S.A.R.
July 6, 2021
Event look back A NSFOCUS Cloud DPS customer with their servers located in Hong Kong SAR has encountered a series of mass DDoS attacks lasted for four (4) days, from June 20th to 24th. The attackers managed to create serval spikes including the biggest one reaching 399.2 Gbps and followed by another at 360 Gbps. […]
Recommendations on Protection Against Random Subdomain Attacks
-e1619596788284.jpg)
July 2, 2021
What is a Random Subdomain Attack? A Random subdomain attack is also known as a pseudo-random subdomain (PRSD) attack due to the use of pseudo-random algorithms. A PRSD attack is an approach of double attack against both DNS caching servers of Internet service providers (ISPs) and local authoritative servers of customers. During such an attack, […]
“Netfilter” malicious driver bypasses Microsoft’s signature system
June 30, 2021
In June 2021, German computer security solutions software company G Data Software detected a malicious driver named “Netfilter”. Unexpectedly, the malicious driver bypassed and obtained Microsoft’s file signature. When Microsoft learned about it, it immediately added the signature of the malware to the security center of the Windows system for protection, and conducted an internal […]
2020 DDoS Attack Landscape Report – 3
June 23, 2021
Key Findings – 4 DDoS Protection Techniques Need to Continue to Evolve with Emergence of New Attack Vectors NXNSAttack, a new vulnerability in DNS, can be exploited to launch massive DDoS attacks In May 2020, Israeli researchers reported a new DNS server vulnerability and dubbed it NXNSAttack. This vulnerability exists in DNS’s recursive resolution process. […]
Why only have the Gi-FW and GTP inspection isn’t enough for 5G security?
June 18, 2021
Written By: Bruno CarvalhoSystem Engineer UK & Western Europe Firstly, to become this information clearer is interesting to answer the question…What is GPRS Tunneling Protocol (GTP)? GPRS Tunneling Protocol (GTP) is a 2.5G technology that provides interconnection between various network interfaces, enabling mobile users to roam seamlessly between networks of different generations. The GTP protocol […]
