Update New Nginx Threat Backdoor Alert
September 8, 2020
Overview
This is an update advisory. For details, please see “Verification Method”-“Local Verification”.
On July 16, 2020, Beijing time, a competitor published an article stating that it captured a new Nginx backdoor recently which could bypass antivirus software. By the time this advisory is released, the backdoor had not been detected by any antivirus software on VT.
According to analysis, the Nginx backdoor modified the ngx_http_header_filter function in the HTTP header in the original Nginx, and the backdoor constructor has a special method to handle the cookies field. Once a request contains the string “lkfakjf”, the backdoor will connect to the server address assigned by the attacker.
(more…)Botnet Trend Report 2019-9
September 7, 2020
Overview
In 2019, banking Trojans frequently launched attacks via the multilevel free technology, posing a severe threat to enterprises and public sectors. Spam was still the main propagation method. Attackers collected a great number of email addresses against which they launched phishing attacks. In 2019,
NSFOCUS Security Labs captured and tracked such banking Trojans as Emotet, TrickBot, LokiBot, Gozi, and QakBot.
WebSphere Remote Code Execution Vulnerability (CVE-2020-4534) Threat Alert
September 4, 2020
1. Vulnerability Description
On July 31, 2020, Beijing time, IBM released a security bulletin which addressed a remote code execution vulnerability (CVE-2020-4534) in WebSphere Application Server (WAS). The vulnerability is caused by improper handling of UNC paths. An authenticated local attacker could exploit the vulnerability to execute arbitrary code. The vulnerability has a CVSS score of 7.8.
(more…)2019 Cybersecurity Insights -19
September 2, 2020
Since the Promoting Scale Deployment of Internet Protocol Version 6 (IPv6) (“Plan”) 1 was published in November 2017, IPv6 deployments in China are on the rise. By June 2019, the number of active IPv6 users had reached 130 million, and 1.207 billion telecom users had been assigned an IPv6 address. At the same time, IPv6 traffic in China in the past year steadily grew. The number of address resources ranked first in the world (47,282 IP address blocks (/32)) by May 2019. Telecom enterprises have made positive efforts to improve network infrastructure. All recursive domain name systems (DNS) of the three telecom magnates support IPv6 domain name resolution. Content delivery network (CDN) enterprises have conducted IPv6 deployments nationwide and have got the capability of accelerating distribution of IPv6 addresses. The transformation of backbone networks, LTE networks, and metropolitan area networks (MANs) has been almost completed2 . With the rapid development of the IPv6 technology, more attention should be paid to security threats in the IPv6 environment. This section describes the threat situation from the perspectives of vulnerabilities and traffic.
(more…)What You Should Know about OpenVPN Reflection Attacks
September 1, 2020
Executive Summary
OpenVPN is an application layer VPN implementation based on the OpenSSL library and serves over port 1194. In September 2019, OpenVPN was found to be vulnerable to UDP reflection attacks. This document analyzes threat exposure of the entire network, common attack means, and the bandwidth amplification factor (BAF) of reflection attacks via the entire network survey data from NSFOCUS Threat Intelligence (NTI) and threat data captured by NSFOCUS Threat Capture System.
(more…)
2020 Mid-Year DDoS Attack Landscape Report-4
September 1, 2020
At 17:00 of May 20, NSFOCUS SOC detected an abnormal traffic alert in the global monitoring center, the IP addresses of a customer from Hong Kong were under attack and the maximum attack peak reached 634.6 Gbps. This had been the largest of all attacks targeting NSFOCUS’s customers by the
time this report was written. According to IP gang intelligence from the NSFOCUS Threat Intelligence (“NTI”), large quantities of source IP addresses involved in the attack were controlled by the IP gang IPGang01 we have continuously monitored. We will elaborate on it in the following “attack gangs” chapter.
Botnet Trend Report 2019-8
August 31, 2020
The first nine months of 2019 saw sharp rise in the market prices of cryptocurrencies dominated by Bitcoin. Despite a fall in the fourth quarter, the prices remained high. Meanwhile, cryptojacking malware became active with the rise of cryptocurrency prices.
(more…)Adobe Releases August’s Security Updates Threat Alert
August 31, 2020
Overview
On August 11, 2020 (local time), Adobe released security updates to address multiple vulnerabilities in Adobe Acrobat, Reader, and Lightroom.
For details about the security bulletins and advisories, visit the following link:
Microsoft’s August 2020 Patches Fix 120 Security Vulnerabilities Threat Alert
August 30, 2020
Overview
Microsoft released August 2020 security updates on Tuesday which fix 120 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, ASP.NET, Internet Explorer, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Video Control, Microsoft Windows, Microsoft Windows Codecs Library, Netlogon, SQL Server, Visual Studio, Windows AI, Windows COM, Windows Kernel, Windows Media, Windows Media Player, Windows Print Spooler Components, Windows RDP, Windows Registry, Windows Shell, Windows Update Stack, and Windows WalletService.
(more…)