Microsoft’s June 2021 Security Updates Fix Multiple Products’ High-Risk Vulnerabilities
June 16, 2021
Overview According to NSFOCUS CERT’s monitoring, Microsoft released June 2021 Security Updates on June 9 to fix 50 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, Microsoft Edge, Visual Studio, and SharePoint Server. In the vulnerabilities fixed by this month’s security updates, there are five critical […]
NSFOCUS Protected an IDC Customer Against Volumetric Mixed DDoS Attacks
June 11, 2021
ABOUT CUSTOMER Based in APAC, company A provides comprehensive IDC services for the world’s top 500 as well as many small and medium enterprises. Other than server rental and hosting, company A also cooperates with NSFOCUS to provide server rental service with advanced protection against DDoS attacks. The investment in DDoS protection not only protects […]
Microsoft’s May 2021 Security Updates Fix Multiple Products’ High-Risk Vulnerabilities
June 7, 2021
Overview On May 12, 2021, Microsoft released May 2021 Security Updates to fix 55 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Microsoft Windows, Office, Exchange Server, Visual Studio Code, and Internet Explorer. In the vulnerabilities fixed by this month’s security updates, there are four critical vulnerabilities and 50 […]
VMware VCenter Server Remote Code Execution Vulnerability (CVE-2021-21985) Threat Alert
June 4, 2021
Vulnerability Description On May 26, NSFOCUS CERT discovered that VMware released a security advisory that announces mitigation of the VMware vCenter Server remote code execution vulnerability (CVE-2021-21985) and vCenter Server plug-in authentication bypass vulnerability (CVE-2021-21986). The Virtual SAN Check plug-in in vCenter Server lacks input validation, allowing attackers who have accessed vSphere Client (HTML5) through […]
Speech by Wenmao Liu of NSFOCUS: Research on New Vectors of UDP-based DDoS Amplification Attacks of IoT
June 2, 2021
As the world’s largest cybersecurity industry conference, the RSA Conference held its 30th annual event in 2021. It has been a driving force behind sharing, innovation, and progress in the global cybersecurity community. NSFOCUS stood out at the RSA Conference 2021 by making a debut on the conference speech podium as a Chinese security vendor. […]
2020 DDoS Attack Landscape Report – 2
May 31, 2021
Key Findings – 2 The Bandwidth of DDoS attacks in 5G Environments Grew Steadily. Small and Medium-sized Attacks Overtook Small Attacks to Become the Mainstream Over the five-year period from 2016 to 2020, the average peak size of DDoS attacks rose to a new level since the latter half of 2018 despite obvious fluctuations. Of […]
Analysis of the SBIDIOT IoT Malware
May 21, 2021
Produced by: Yuchen PAN Introduction Recently, an IoT malware sample dubbed SBIDIOT is found to engage in malicious activities, mainly distributed denial of service (DDoS) attacks. So far, very few incidents of this malware have been discovered by VirusTotal and cybersecurity communities. Though some IoT botnets focus on cryptocurrency mining or fraud activities, SBIDIOT-related botnets […]
Oracle April 2021 Critical Patch Update for All Product Families
May 17, 2021
Vulnerability Description On April 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 400 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle strongly recommends users fix these […]
A Look into the Colonial Pipeline Hack by DarkSide on CII and Countermeasures
May 13, 2021
Background On May 7, 2021, local time, Colonial Pipeline, the largest fuel pipeline operator in the USA, was forced to shut down its critical fuel network serving states on the US East Coast after being hit by a ransomware attack. This ransomware attack had fuel supply halted across three regions, affecting 17 states. On May […]
WebLogic Multiple Severe Vulnerabilities Threat Alert
May 6, 2021
Vulnerability Description On April 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 400 vulnerabilities of varying risk levels. Seven of these vulnerabilities are severe and easy to exploit and affect WebLogic. Users are advised to take measures without delay to protect against the preceding vulnerabilities. CVE-2021-2135: This […]
