OpenSSL Denial-of-Service Vulnerability (CVE-2020-1971) Threat Alert
January 5, 2021
Overview
On December 8, 2020, local time, OpenSSL released a security advisory disclosing a NULL pointer dereference vulnerability (CVE-2020-1971), rating the vulnerability as High-risk.
The vulnerability exists in the GENERAL_NAME_cmp function in OpenSSL. GENERAL_NAME_cmp compares different instances of a GENERAL_NAME to see if they are equal or not. When both GENERAL_NAMEs contain EDIPartyName, a NULL pointer dereference and a crash may occur, eventually causing a denial of service.
Therefore, if an attacker can control both items being compared, a crash might be triggered. For example, the attacker can trick a client or server into checking a malicious certificate against a malicious CRL.
(more…)Struts2 S2-061 Remote Code Execution Vulnerability (CVE-2020-17530) Threat Alert
January 4, 2021
Overview
On December 8, 2020, Struts released a security bulletin disclosing a potential remote code execution vulnerability (CVE-2020-17530) in S2-061.
The vulnerability stems from insufficient input validation. This results in two forced Object Graph Navigation Library (OGNL) evaluations when the original user input is calculated.
When the OGNL expression is forced in Struts tag attributes and can be modified by external input, an attacker could craft a malicious OGNL expression to trigger the vulnerability.
The vulnerability has been fixed in Struts 2.5.26. Affected users are advised to upgrade to Struts 2.5.26 without delay.
(more…)Annual IoT Security Report 2019-14
January 2, 2021
This section analyzes WS-Discovery reflection attacks. For details about the WS-Discovery service, see section 1.6 WS-Discovery First Found to Be Abused for DDoS Reflection Attacks.
(more…)A Global DTLS Amplification DDoS Attack Is Ongoing
January 1, 2021
Attackers are targeting Citrix ADC (Application Delivery Controller) and utilize it to launch amplification attacks. However, no official patch has been released yet.
(more…)Annual IoT Security Report 2019-13
December 30, 2020
Introduction
This chapter analyzes IoT threats from the perspective of protocols. According to the data from NSFOCUS’s threat hunting system, Telnet services (port 23) were targeted most frequently1. Therefore, we first analyze the attacks launched via Telnet. WS-Discovery reflection attacks are a new type of DDoS reflection attacks emerging in 2019 and will be described in section 4.3 WS-Discovery. In the 2018 Annual IoT Security Report, we analyzed UPnP-based reflection attacks. In this document, we update related data and add some new findings.
(more…)A Preliminary Investigation into the Worm Technique Affecting Schneider’s Programmable Logic Controllers
December 29, 2020
Background
Some time ago, some researchers detected a code injection vulnerability (CVE-2020-7475), which could cause Schneider’s Programmable Logic Controllers (PLCs) to operate like worms. If successfully exploited, this vulnerability could allow a PLC to act as a mini PC to carry out malicious network activities or as an intranet springboard or a network scanner to penetrate into industrial systems in a more covert manner.
(more…)Adobe Releases December’s Security Updates Threat Alert
December 28, 2020
Overview
On December 8, 2020, local time, Adobe released security updates which address multiple vulnerabilities in Adobe Prelude, Adobe Experience Manager, and Adobe Lightroom.
(more…)Annual IoT Security Report 2019-12
December 25, 2020
In this section, we analyze threat trends related to Netis routers according to the data captured by NSFOCUS’s threat hunting system. Our data is based on log messages generated from May 21 to October 30, 2019. The following subsections analyze these log messages from the aspects of attack sources, attack incidents, and samples.
- Attack Sources
Upon deduplication of source IP addresses indicated in honeypot logs, we found 348 IP addresses attempting to connect to the honeypot, 229 of which were used for exploits of the backdoor. As shown in Figure 3-10, most IP addresses (51%) used for vulnerability-based attacks were distributed in the USA.
(more…)Microsoft’s December 2020 Patches Fix 58 Security Vulnerabilities Threat Alert
December 23, 2020
Overview
Microsoft released December 2020 security updates on Tuesday which fix 58 vulnerabilities ranging from simple spoofing attacks to remote code execution, including 9 critical vulnerabilities, 47 important vulnerabilities, and two moderate vulnerabilities. All users are advised to install updates without delay.
(more…)Annual IoT Security Report 2019-11
December 22, 2020
In this section, we analyze two vulnerabilities, namely, the CVE-2016-10372 vulnerability32 in the Eir D1000 router and the backdoor vulnerability in Netis routers. Except UPnP-related vulnerabilities described in section 4.4.3 Malicious Behaviors Targeting UPnP Vulnerabilities, the CVE-2016-10372
vulnerability was exploited most frequently. The backdoor vulnerability in Netis routers exerted a severe impact when it was initially disclosed.
