NuggetPhantom Analysis Report
October 12, 2018
1.1 Executive Summary
In a recent emergency response activity, NSFOCUS Threat Intelligence center (NTI) discovered a security event that featured NuggetPhantom, a modularized malware toolkit. According to our observation, the organization behind this event made its debut at the end of 2016 in the blue screen of death (BSOD) event that targeted Tianyi Campus clients, and was again involved in another security event that leveraged Tianyi Campus clients to mine cryptocurrency at the end of 2017. (more…)
Thoughts on the Application of the Micro Honeypot System in the Financial Sector
October 11, 2018
Overview
According to the Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities released by Gartner in 2015, “Deception technologies are defined by the use of deceit and/or feints designed to thwart or throw off an attacker’s cognitive processes, disrupt an attacker’s automation tools, delay an attacker’s activities or disrupt breach progression. Deceptions are achieved through use of deceitful responses, purposeful obfuscations, feints, misdirections and other falsehoods.” Gartner also predicted the market of deception-based security defense technologies, saying that 10 percent of enterprises will use deception tools or tactics to counter cyberattacks by 2018. (more…)
Telecom Exchange LA 2018
October 8, 2018
Telecom Exchange LA 2018 November 6-7, 2018 Kimpton Hotel Palomar Los Angeles Beverly Hills
An Analysis of Qbot Variants in the Wild
October 1, 2018
Overview Since their source code was publicly released on GitHub, Mirai and Qbot have wreaked havoc on the Internet of things (IoT). Before such public release, Mirai had been found to have adversarial behavior against Qbot in its infection process. Recently, the research team of NSFOCUS Threat Intelligence center (NTI) captured the first Qbot variant […]
Xbash Malware Combines Many Malicious Functions in Worm
September 30, 2018
Unit 42, a research team of Palo Alto Networks found a new malware family this month and named it Xbash. This new malware combines ransomware, coinming, botnet, and worm features and targets Linux and Windows mainly. Xbash is developed in Python and was then converted into self-contained Linux ELF executables by abusing the legitimate tool […]
Cisco Released Semi-annual Security Updates for IOS and IOS XE
September 30, 2018
Cisco has released bundles of Cisco IOS and IOS XE software security advisories on September 26, 2018. The release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 13 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. One of the advisories describes a vulnerability that also exists in Cisco […]
Rockwell Automation Buffer Overflow Vulnerability
September 26, 2018
Recently Rockwell Automation fixed a critical vulnerability (CVE-2018-14829) found in its RSLinx Classic, a software platform that allows Logix 5000 Programmable Automation Controllers to connect to a wide variety of Rockwell Software applications. A remote attacker could make the device being accessed stop responding and crash by sending a malicious CIP packet to Port 44818. […]
NSFOCUS Introduces All-in-One Cloud Security Service for Regional Service Providers
September 20, 2018
SANTA CLARA, Calif., September 20, 2018 – NSFOCUS, a leader in holistic hybrid security solutions, announced today its newest cloud security service, Cloud-in-a-Box (CiaB), designed specifically for local and regional service providers across the globe. CiaB enables service providers to quickly deploy cloud security services with minimal expertise and without the upfront costs typically associated […]
Cisco IOS XE Software Static Credential Vulnerability
September 20, 2018
Yesterday, September 19th, Cisco announced an advisory for a critical vulnerability (CVE-2018-0150) that exists with their IOS XE Software. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected […]
NSFOCUS introduces new capability to identify cyber risk exposure
September 19, 2018
Help Net Security – NSFOCUS announced the launch of NSFOCUS Exposed Internet Surface Analysis (EISA), a new capability to address the cyber security risk faced by organizations today. EISA identifies malicious activity of rogue IPs, ports and services that might be compromised and hidden within the organization’s network providing insights to prioritize remediation and block […]
