Botnet Trend Report 2019-11
September 21, 2020
Overview
Overall, malware on mobile platforms, though evolving in the same way as those on PC, has a complex composition.
In 2019, ad apps still dominated the list of malware threatening the security of Android users. Potentially dangerous software involving sensitive operations also made up a large proportion. Agent programs launching attacks via remote code execution, thanks to the inherent nature of Android, were another type of mobile threats at the top of the list. In addition, it becomes quite common to use dropper or downloader to drop malicious payloads, but the scale is yet to be as large as those released by PCs. High-risk threats, such as spyware, banking Trojans, and ransomware, were small in number, but most of them had been around for some time and some even for years.
(more…)QEMU VM Escape Vulnerability (CVE-2020-14364) Threat Alert
September 18, 2020
Vulnerability Description
On August 24, QEMU released a security patch to fix a VM escape vulnerability (CVE-2020-14364) which is the result of an out-of-bounds read/write access issue in the USB emulator in QEMU. This vulnerability resides in ./hw/usb/core.c. When the program handles USB packets from a guest, this vulnerability is deemed to exist if USBDevice ‘setup_len’ exceeds its ‘data_buf[4096]’ in the do_token_in and do_token_out routines. An attacker could exploit this vulnerability to cause out-of-bounds read of the 0xffffffff contents following the heap, forcibly terminating the virtual process and realizing VM escape.
(more…)SANGFOR Endpoint Detection Response Remote Command Execution Vulnerability Handling Guide
September 16, 2020
Vulnerability Description On August 18, 2020, the China National Vulnerability Database (CNVD) listed SANGFOR Endpoint Detection Response (EDR) remote command execution vulnerability (CNVD-2020-46552) as a new entry. An unauthenticated attacker could exploit this vulnerability to send a maliciously crafted HTTP request to a target server, thereby obtaining the privileges of the target server and causing […]
Function Identification in Reverse Engineering of IoT Devices
September 15, 2020
This document dwells upon function identification and symbol porting in reverse engineering of Internet of things (IoT) devices without using BinDiff and PatchDiff2, which are “too good” for the purposes here and are inapplicable in certain scenarios. Typical function identification technologies include the Fast Library Identification and Recognition Technology (FLIRT) in IDA and the rizzo method developed by Craig Heffner, whose rationale and engineering practices are detailed here. The rest of this document explains the usage of some other IDA plug-ins.
(more…)Botnet Trend Report 2019-10
September 14, 2020
Adware
For many years, large grey software supply chains on the Internet have been showing their own prowess for self-promotion. A specific piece of software is often bundled with unnecessary software, even malware, during the download and installation.
(more…)Future cyber security protection: reflection from the ups and downs of Covid-19-2
September 13, 2020
Biological virus and computer virus share similarities in some characters such as transmissibility. From the solutions to the COVID-19, we can learn the gain and loss of cyber security defense and protection, analyze the new trends and techniques and come up with the new ideas of defense and protection against attacks in the cyber security industry.
(more…)Future cyber security protection: reflection from the ups and downs of Covid-19-1
September 12, 2020
2020 is almost halfway through, it is indeed a troubled period. Covid-19 swept all over the world in just a few months. The epidemic continues to spread and repeat, and has also changed many people’s inherent perceptions, including health care, public safety, organizational mobilization, economics and politics.
The concept of computer virus is derived from biological virus. There are certain similarities between the two, such as mutation, transmission, infection mechanism, etc. Once a malicious software breaks out, the consequences caused are equally serious. A typical example is the ransomware WannaCry that took advantage of the NSA’s Eternal Blue in 2017. It infected 200,000 computers in 150 countries in just a few days, even paralyzed the production lines of manufacturers such as TSMC, broke through physical isolation and destroyed important assets of the intranet. It greatly impacted people’s inherent concept of cyber attacks and cyber warfare.
(more…)2020 H1 Cybersecurity Trends
September 11, 2020
01 Overview of the Vulnerability Trend
In 2020 H1, a total of 1419 vulnerabilities were added to the NSFOCUS Vulnerability Database (NSVD), 714 of which were high-risk vulnerabilities. Among these high-risk vulnerabilities, 184 vulnerabilities were Microsoft-related ones. High-risk vulnerabilities were mainly distributed in major products of Microsoft, Oracle, Adobe, Google, Cisco, IBM, Moxa, Apache, etc.
Note: The NSFOCUS Vulnerability Database (NSVD) contains application vulnerabilities, security product vulnerabilities, operating system vulnerabilities, database vulnerabilities, and network device vulnerabilities.
(more…)Struts S2-059, S2-060 Vulnerabilities (CVE-2019-0230, CVE-2019-0233) Threat Alert
September 11, 2020
Overview
On August 13, 2020, Beijing time, Struts issued a new security bulletin to announce the fix of two vulnerabilities. S2-059 (CVE-2019-0230) is a possible remote code execution vulnerability, and S2-060 (CVE-2019-0233) is a denial-of-service vulnerability.
The two vulnerabilities were fixed in Struts 2.5.22 released in November 2019. Users are advised to upgrade as soon as possible.
Bulletin link: https://struts.apache.org/announce.html#a20200813
(more…)2019 Cybersecurity Insights -20
September 9, 2020
According to the analysis of geographic distribution of IPv6 attack sources, China had the largest proportion of attack sources (86.76%), followed by the USA (3.97%) and Romania (0.77%).
(more…)