Cybersecurity Insights -1
June 11, 2020
Executive Summary
2019 witnessed more intense challenges in global political and economic orders. Restricted by various conventions, agreements, and protocols, traditional military means are now the last resort. In this context, attacks on the financial sector and on the cyberspace become the first choices for rival countries to try on their modern military strategies. Predictably, these attacks will probably become regular approaches in the future. By the time when the 2018 Cybersecurity Insights was released, the following trends had taken shape regarding cybersecurity: The window between the discovery of a vulnerability and the effective exploitation of this vulnerability was shortened; the DDoS attack size steadily grew; emerging threats like those from the Internet of Things (IoT) rose sharply; such malware as backdoors, cryptojackers, worms, trojans, and botnets were still active. When it comes to information disclosure, the AcFun website was hacked, leading to a leak of nearly 10 million pieces of user data; India’s Aadhaar (India’s national ID database) number leak affected 1.1 billion citizens. Information disclosure events have hit record highs for six years in a row since 2013. The four enterprises, namely Facebook, Equifax, British Airways, and Marriott International, together were fined approximately USD 9 billion for privacy and information leaks, more than the aggregate market value of the cybersecurity industry in China in that year.
(more…)IP Reputation Report-06072020
June 10, 2020
1.Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at June 7, 2020. 2.Top 10 countries in attack percentage: The Belarus is in first place. The Cape Verde is in the second place. The country China (CN) is […]
Apache Kylin Remote Code Execution Vulnerability (CVE-2020-1956) Threat Alert
June 9, 2020
Vulnerability Description Recently, Apache released a security advisory to announce the fix of a remote code execution vulnerability (CVE-2020-1956) in Apache Kylin. Apache Kylin has some RESTful APIs that will associate OS commands with user-typed strings. As Apache Kylin fails to properly verify user inputs, an attacker could execute arbitrary system commands without authorization. Currently, […]
Fastjson 1.2.68 and Earlier Remote Code Execution Vulnerability Threat Alert
June 8, 2020
Vulnerability Description
On May 28, Fastjson 1.2.68 and before were reported to contain a remote code execution vulnerability that bypasses the autoType switch to implement deserialization of classes that contain security risks. Attackers could exploit this vulnerability to execute arbitrary code on the target machine.
(more…)Apache Tomcat Session Deserialization Code Execution Vulnerability (CVE-2020-9484) Threat Alert
June 5, 2020
Overview Recently, Apache Tomcat released a security advisory, announcing the fix of a remote code execution vulnerability (CVE-2020-9484) due to persistent session. An attacker can exploit this vulnerability only when the following conditions are met: The attacker can take control of the contents and name of a file on the server. The server is configured […]
IP Reputation Report-05312020
June 4, 2020
1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at May 31, 2020. 2. Top 10 countries in attack percentage: The Belarus is in first place. The Cape Verde is in the second place. The country China […]
DDoS Attack Landscape 10
June 3, 2020
Active Families
- Gafgyt
As one of the largest IoT DDoS families, Gafgyt compromises such devices as routers and cameras by means of password cracking and exploits to receive C&C commands and launch DDoS attacks.
In 2019, the Gafgyt family continued to be active, mainly targeting North America, Europe, and Australia. The number of Gafgyt-based malware increased fourfold compared with 2018 and the
average daily increase of C&C attacks reached 34.5%. Compared with 2018, the number of DDoS attack directives increased by 175%, most of which were UDP flood attacks targeting ports 80 and
443 for HTTP services and ports 3074, 300000, 30100, and 32000 for gaming services.
Cisco Unified Contact Center Express (Unified CCX) Deserialization Code Execution Vulnerability (CVE-2020-3280) Threat Alert
June 2, 2020
Overview
Recently, Cisco officially released a security advisory, announcing the fix of a high-risk vulnerability (CVE-2020-3280) in Unified Contact Center Express (Unified CCX). The vulnerability stems from the fact that during the deserialization operation of the software, the input provided by the user is not sufficiently restricted. The attacker can send a malicious Java object to trigger the vulnerability without authorization to execute arbitrary code.
CVSS3.0 Base Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
(more…)WellinTech KingView Multiple Vulnerabilities Threat Alert
June 1, 2020
Overview
Some versions of WellinTech KingView are prone to multiple vulnerabilities, including the real-time database access authorization bypass vulnerability and denial-of-service vulnerability existing in the web data transmission service. Vulnerability details are as follows:
1. KingView real-time database access authorization bypass vulnerability (CNVD-C-2020-87074)
2. KingView denial-of-service vulnerability existing in the web data transmission service (CNVD-C-2020-92339)
3. KingView denial-of-service vulnerability existing in the web data transmission service (CNVD-C-2020-92346)
4. KingView denial-of-service vulnerability existing in the web data transmission service (CNVD-C-2020-92365)
5. KingView denial-of-service vulnerability existing in the web data transmission service (CNVD-C-2020-92343)
6. KingView denial-of-service vulnerability existing in the web data transmission service (CNVD-C-2020-92341)
7. KingView denial-of-service vulnerability existing in the web data transmission service (CNVD-C-2020-92351)
(more…)NSFOCUS Named a Representative Vendor in Gartner Market for Security Threat Intelligence Products and Services
May 30, 2020
The world’s leading research and advisory company, Gartner, has named NSFOCUS as a Representative Vendor in its May 2020 Market Guide for Security Threat Intelligence Products and Services.
This guide provides in-depth analysis of the threat intelligence (TI) market, focusing on introducing its technical value and commercial potential of threat intelligence, and selecting credible vendors globally. NSFOCUS is honored to be named in the list.
(more…)