NetWire Controllers Are Dropping COVID-19-Themed Decoy Files
May 18, 2020
With the outbreak of the COVID-19 pandemic around the world, trending hashtags related to the epidemic are flooding social media, attracting attention of a number of international hacker organizations, which jump at the chance to conduct social engineering based on decoy messages.
Recently, NSFCOUS found that NetWire controllers began to drop the trojan with the aid of decoy files concerning COVID-19.
(more…)Firmware Analysis: Extraction of ASP Files in the GoAhead Architecture
May 15, 2020
GoAhead is an open-source web architecture that is widely used in embedded systems thanks to its high performance and high availability. Traditional servers built on the GoAhead architecture usually see a large number of dynamic pages written in the Active Server Pages (ASP) scripting language and functions written in C/C++ that are registered to the scripting layer for ASP scripts’ invocation. For the purpose of more thorough security audits, we should not only understand how these functions are implemented but also analyze how ASP scripts are handled. This article uses the firmware of a certain switch as an example to illustrate how to extract ASP files when GoAhead is involved.
(more…)IP Reputation Report-05102020
May 14, 2020
1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at May 10, 2020. 2. Top 10 countries in attack percentage: The Belarus is in first place. The Cape Verde is in the second place. The country China […]
DDoS Attack Landscape 7
May 13, 2020
Attack Gang Size
Gang Size
Figure 3-27 shows the distribution of our identified IP gangs by size. Two gangs consist of over 10,000 members and the largest gang has 88,000 members.
Jenkins Plug-in Multiple Vulnerabilities Threat Alert
May 12, 2020
Vulnerability Description
On May 6, Jenkins released a security bulletin to announce the fix of nine vulnerabilities in five plug-ins. The SCM Filter Jervis plug-in contains a remote code execution vulnerability (CVE-2020-2189) which is officially identified as high-risk. As the SCM Filter Jervis plug-in does not configure its YAML parser by default, users can configure jobs with the filter or control the contents of a previously configured job’s SCM repository. The Credentials Binding plug-in contains two credential disclosure vulnerabilities (CVE-2020-2181 and CVE-2020-2182); the Copy Artifact plug-in contains an improper permission check vulnerability (CVE-2020-2183); the CVS plug-in contains a cross-site request forgery vulnerability (CVE-2020-2184); the AmazonEC2 plug-in contains four vulnerabilities (CVE-2020-2185, CVE-2020-2186, CVE-2020-2187, and CVE-2020-2188).
(more…)Adobe Out-of-Band Patch Tackling Critical Vulnerabilities in Multiple Products Threat Alert
May 11, 2020
Overview
On April 28, local time, Adobe released an out-of-band patch tackling multiple vulnerabilities in Magento, Adobe Illustrator, and Adobe Bridge.
For details about the security bulletins and advisories, visit the following link:
Information Security in the Workplace- Print of Documents at a Print Shop-v
May 8, 2020
With the advancement of IT-based transformation and the rapid development of IT, various network technologies have seen more extensive and profound applications, along with which come a multitude of cyber security issues. Come to find out what information security issues you should beware of in the workplace.
IP Reputation Report-05032020
May 7, 2020
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at May 3, 2020. Top 10 countries in attack percentage: The Belarus is in first place. The Cape Verde is in the second place. The country China (CN) is […]
DDoS Attack Landscape 6
May 6, 2020
Activity of Attack Sources
Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)
Activity of Attack Sources
Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)
Activity of Attack Sources
Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources fresh
and prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, there were a lot of vulnerable IP addresses widely distributed on the Internet, which could be easily obtained at a very low cost. Moreover, the proportion of IoT devices in attack sources that were active for more than 10 days rose sharply to 11.5%. (more…)
A Look Into WS-Discovery Reflection Attacks for 2020 Q1
May 5, 2020
Executive Summary Web Services Dynamic Discovery (WSD) is a multicast discovery protocol to locate services on a local area network (LAN). However, due to device vendors’ design flaw in the implementation, when a normal IP address sends a service discovery packet, devices will also respond to the request. If exposed on the Internet, these devices […]
