NSFOCUS Found Multiple Vulnerabilities in Schneider Pelco Sarix professional Cameras

March 6, 2018 | Adeline Zhang

Multiple vulnerabilities were found by NSFOCUS researchers in Schneider Pelco Sarix professional Cameras. These vulnerabilities included: CVE# Vulnerability Severity CVE-2018-7227 Information Disclosure Medium CVE-2018-7228 Admin Privilege Authentication Bypass High CVE-2018-7229 Admin Privilege Authentication Bypass High CVE-2018-7230 XML External Entity Vulnerability High CVE-2018-7231 Command Execution – ‘system.opkg.remove’ Critical CVE-2018-7232 Command Execution – ‘network.ieee8021x.delete_certs’ Critical CVE-2018-7233 Command […]

Deep Analysis of Memcached Large DRDoS Attacks – China Telecom DamDDoS & NSFOCUS Jointly Released

March 5, 2018 | Adeline Zhang

Recently, many domestic and foreign security companies and agencies issued warnings about the Memcached Distributed Reflection Denial of Service attack, which aroused the concern of all parties. According to our monitoring, the peak traffic for this attack has now reached 1.35T. On Feb. 27, Memcached’s reflection DDoS attacks ranged from hundreds of megabytes to a maximum of […]

Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485)

January 25, 2018 | Adeline Zhang

At the beginning of 2018, jackson-databind was reported to contain another remote code execution (RCE) vulnerability (CVE-2017-17485) that affects versions 2.9.3 and earlier, and earlier, and 2.8.10 and earlier. This vulnerability is caused by jackson-dababind’s incomplete blacklist. An application that uses jackson-databind will become vulnerable when the enableDefaultTyping method is called via the ObjectMapper […]

Technical Analysis and Recommended Solution of GoAhead httpd/2.5 to 3.5 LD_PRELOAD Remote Code Execution Vulnerability (CVE-2017-17562)

January 5, 2018 | Adeline Zhang

A remote RCE vulnerability (CVE-2017-17562) was found in all GoAhead Web Server’s versions earlier than 3.6.5. The vulnerability is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters, and will affect all users who have CGI support enabled with dynamically linked executables (CGI scripts). This behavior, when combined with […]

Traceback of a DDoS Attack

January 1, 2018 | Adeline Zhang

An abnormal increase in the CPU usage of a telecom carrier’s 4G firewall substantially slowed down the access from some iPhone users to the Apple website. We suspected that the carrier was hit by a DDoS attack. With the visualized traceback function of NSFOCUS Big Data Security Analytics (BSA), we made a drill-down analysis of […]

Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability

December 25, 2017 | Adeline Zhang

Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through analysis, NSFOCUS believes that these events are all associated with the malware-infected WebLogic Server (WLS) host. Specifically, attackers exploit the WLS component vulnerability (CVE-2017-10271) to attack the WLS middleware host via a […]

Miner Virus Attacked Large Numbers of WebLogic Hosts Recently

December 23, 2017 | Adeline Zhang

On the 15th this month, K.Orange twittered a message, saying that unpatched WebLogic has a vulnerability that could be employed by attackers using a “watch-smartd” program. Recently NSFOCUS received requests from customers in many industries (finance, telecom carriers, the Internet companies and so on) asking for emergence response service as they found the “watch-smartd” program […]

IcedID Banking Trojan Sample Technical Analysis and Solution

December 1, 2017 | Adeline Zhang

IcedID Banking Trojan Sample Technical Analysis and Solution Date of Release: November 17, 2017 Overview Recently, the IBM X-Force research team discovered a brand new banking Trojan dubbed IcedID. This Trojan was first found spreading in the wild in September 2017, mainly targeting systems used in the financial sectors of US. According to X-Force research, […]

NSFOCUS launches Web Application Firewall for SB Cloud in Japan

November 15, 2017 | NSFOCUS

SB Cloud partners with NSFOCUS to bring the first ICSA and Veracode certified Web Application Firewall powered by NSFOCUS to its customers SINGAPORE, November 15, 2017 – NSFOCUS, the leader in holistic hybrid security solutions, is now offering its comprehensive Web Application Security solution on SB Cloud to provide enterprises with the most comprehensive application-layer […]

BadRabbit Sample Analysis and Recommended Solution

November 2, 2017 | Adeline Zhang

Overview A new type of ransomware was detected on October 24, when it had not been even half a year from the extensive breakout of the notorious ransomware Petya and WannaCry. This ransomware dubbed BadRabbit has been distributed in a number of European countries, including Russia, Ukraine, Bulgaria, Turkey, and Germany, and is now found […]


Subscribe to the NSFOCUS Blog