On December 9, 2021, the Log4j vulnerability was disclosed and had a huge impact. According to monitoring of NSFOCUS Threat Intelligence, hundreds of thousands of assets were affected by the vulnerability. A week after the vulnerability was disclosed, the NTI detected tens of thousands of malicious IP addresses using the...
Author: Jie Ji
Samba Remote Code Execution Vulnerability (CVE-2021-44142)
Overview Recently, NSFOCUS CERT detected a Samba remote code execution vulnerability (CVE-2021-44142) disclosed online. Because the default configuration of Samba's vfs_fruit module allows out-of-bounds heap read and write through extended file attributes. When smbd parses EA metadata, a remote attacker (guest account or unauthorized user) with write access to the...
Russian APT Group Gamaredon Launches Phishing Campaign against Ukrainian Ministry of Foreign Affairs
Recently, NSFOCUS Security Labs captured a fishing document with the theme "ПÐРТÐЕРИ КУЛЬТУРÐОЇ ДИПЛОМÐТІЇ МЗС УКРÐЇÐИ" (Cultural Diplomatic Partner of the Ukrainian Ministry of Foreign Affairs), and confirmed that the producer of the document was Gamaredon, a Russia-based advanced persistent threat group. The phishing document contains highly credible bait content, and...
APT Retrospection: Lorec53, An Active Russian Hack Group Launched Phishing Attacks Against Georgian Government
Summary In July 2021, several phishing documents created in Georgian were discovered by NSFOCUS Security Labs. In these phishing documents, the attackers used current political hotspots in Georgia to create bait and deliver a secret stealing Trojan to specifically targeted victims aiming to steal various documents from their computers. Correlation...
Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034)
Overview On January 26, NSFOCUS CERT detected that the Qualys research team publicly disclosed a privilege escalation vulnerability (CVE-2021-4034) found in Polkit's pkexec, also known as PwnKit. The vulnerability is due to the inability of pkexec to properly process the call parameters, thereby executing the environment variable as a command....
APT Retrospection: FIN7 Uses Windows 11 Topics as Bait to Do Spear Phishing Attacks
Overview In July 2021, NSFOCUS Security Labs captured a number of phishing documents using windows 11 related topics as bait. These phishing documents show some ideas and techniques that are different from common phishing attacks. Through in-depth analysis, NSFOCUS Security Labs found that the phishing files are part of a large-scale spear...
