RSA Conference 2019
January 26, 2019
RSA Conference 2019 March 4-8, 2019 Moscone Center, San Francisco, CA
IP Reputation Report-01252019
January 25, 2019
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at January 25, 2019.
- CN increased 1% from 43% to 44% and US stayed at 12% from last week.
Mobile Office — Two-Step Verification
January 25, 2019
Case Analysis
It is a common practice to protect an account with a password. However, the account will be compromised if the password is disclosed. Now many mobile phones or apps support two-step verification. When detecting a login to your account from another phone, the mechanism requires the other form of authentication, for example, a verification code sent via SMS.
Technical Report on Container Security (IV)-4
January 24, 2019
Container Security Protection – Image Security
Image Security
Images are the basis of containers. Therefore, their security speaks a lot for that of the entire container ecosystem. Container images are a series of images stacked layer by layer. They are distributed and updated through image repositories. The following sections describe how to secure images from the aspects of image build security, repository security, and image distribution security. (more…)
2019 Predictions: Email Attachments, IoT, and Cryptominers to be Security Pain Points
January 23, 2019
Data breaches in 2018 compromised personal information of millions of people around the world, most notably from large corporations such as Facebook, Marriott, T-Mobile and Quora. Seemingly every week there is a new breach reported, and consumers have taken notice. In the past year, the average number of overall daily searches for keywords such […]
Oracle January 2019 Critical Patch Update Security Advisory for All Product Families
January 22, 2019
Overview
On January 15, 2019, local time, Oracle released its own security advisory and third-party security advisories for its January 2019 Critical Patch Update (CPU) which fix 284 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, see the appendix. (more…)
ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31, and 5.2.* Remote Code Execution Vulnerability Handling Guide
January 21, 2019
1 Vulnerability Overview
Recently, ThinkPHP 5.0-5.0.23 was found to have a remote code execution (RCE) vulnerability. The NSFOCUS Falcon Team carried out tests and found that ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31, and 5.2.* were also prone to this vulnerability, which could be triggered in both Linux and Windows systems. (more…)
Researchers analyze DDoS attacks as coordinated gang activities
January 21, 2019
Help Net Security – In a new report, NSFOCUS introduced the IP Chain-Gang concept, in which each chain-gang is controlled by a single threat actor or a group of related threat actors and exhibit similar behavior among the various attacks conducted by the same gang. Researchers analyzed attack types, volume, size of events, gang activities, […]
Are Smart Cities Secure?
January 20, 2019
RFID Journal – Planning and oversight have the most significant impact when securing a smart city utilizing Internet of Things and RFID technologies. Recently, I participated in several tenders for smart-city projects around the world. I also partook in CEO roundtable discussions at Telecom Exchange LA, including one about what Los Angeles would look like […]
