4.2 BillGates: Best Cross-Platform Family In February 2014, a new botnet family was reported by the Russian website, habr5 and named BillGates because of its bill and gates modules. Subsequently the research group, MalwareMustDie reported that botnet family was operated by a Chinese hacker group, closely related with other known families such as ChinaZ and […]

Overview  Microsoft released August 2019 security patches on Tuesday that fix 95 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Active Directory, HTTP/2, Microsoft Bluetooth Driver, Microsoft Browsers, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Malware Protection Engine, Microsoft NTFS, Microsoft Office, Microsoft Office […]

Overview Recently, a security researcher took to Twitter to disclose a KDE Frameworks command injection vulnerability, which stems from the KDesktopfile class handling .desktop, .directory, and configuration files. An attacker could create malicious files of these types, which, once being viewed with the KDE file viewer, could trigger the vulnerability, leading to code execution without […]

This chapter explores further into active botnet families detected in 2018. We concentrate on four distinct families and tools focusing our analysis on their behavior changes, sample version changes, sample variants, and average age of C&C servers, to better understand the dynamic lifecycle of botnet families throughout 2018.

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at August 11, 2019.

Overview On August 6, 2019, local time, Cisco released security advisories on remediation of three vulnerabilities in Small Business 220 Series Smart Switches, including two critical ones, one of which has a CVSS 3.0 score as high as 9.8.

1 Vulnerability Overview Recently, Apache Software Foundation (ASF) issued a security bulletin to announce the fix of the remote arbitrary code execution vulnerability (CVE-2019-0193) in Apache Solr. This vulnerability exists in the DataImportHandler module, a common module used to import data from databases or other sources. The whole DIH configuration of this module can come […]

Overview Recently, an official security bulletin was released to announce the remediation of an arbitrary file copy vulnerability (CVE-2019-12815) in ProFTPd. This vulnerability lies in the custom SITE CPFR and SITE CPTO operations in the mod_copy module. By issuing the two commands to ProFTPd, an attacker can copy any file on the FTP server without […]

3.5 Delivery and Propagation  3.5.1 Behavior Seen  Studying 25 million intrusion logs extracted from NSFOCUS managed services customers in 2018, we found that approximately 14 million logs recorded intrusions using weak password cracking mainly against Telnet, RDP, and SSH services. From other logs, a large portion of intrusions seen were vulnerability-based intrusions, with 54 vulnerabilities […]

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at August 04, 2019.   Top 10 countries in attack percentage: The Palestine is in first place. The Curacao is in the second place. The country China (CN) is […]