Threat Intelligence platform defends against sophisticated cyber attacks SYDNEY, March 17, 2017 – NSFOCUS, a global provider of intelligent hybrid DDoS defences, today announced its launch into Australia. The company believes it is uniquely placed to defend against cyber-attacks from China. Recent reports have indicated that up to 40 percent of global cyber-attacks are associated […]

Author: Cody Mercer – Senior Threat Intelligence Researcher Executive Summary It would appear that a new variant titled ‘StoneDrill‘ has now hit the wild and conducts operations very similar to that of Shamoon 2.0 and Shamoon malware. Moreover, Kaspersky Labs has evaluated the source code and it appears to contain various source code line items […]

Overview Apache Struts2 is prone to a remote code execution vulnerability (CNNVD-201703-152) in the Jakarta Multipart parser plug-in. When uploading a file with this plug-in, an attacker could change the value of the Content-Type header field of an HTTP request to trigger this vulnerability, causing remote code execution. For details, visit the following link: https://cwiki.apache.org/confluence/display/WW/S2-045?from=timeline&isappinstalled=0 […]

Intelligent Hybrid DDoS defence provider shortlisted for an impressive three awards London, UK- March 2017 – NSFOCUS, the intelligent hybrid DDoS defence provider, has been shortlisted as a finalist in the Public Sector & Utilities Solution of the Year, Security Vendor of the Year, and Security Solution of the Year categories for the European IT […]

Author: Guy Rosefelt – Dir, PM Threat Intelligence & Web Security Recently, NSFOCUS has seen some interesting DDoS behavior.  Since Q4 of last year, there has been a rise in SSL/VPN and SSH based DDoS attacks.  Most people would not equate VPN or SSH as a viable mechanism for what is usually considered a volumetric […]

Author: Cody Mercer, Senior Intelligence Threat Researcher Network threat attack vectors continually advance in diversity and complexity. Attacks supplied through advanced persistent threats (APT) now spread very quickly and on a larger scale. Various IOT devices and other assets to include mobile/hand-held devices, desktops, bare-metal networks, web applications, and social networks are all vulnerable to […]

Author: Vann Abernethy, Field CTO Overview DNS amplification attacks ramp up the power of a botnet when targeting a victim.  The basic technique of a DNS amplification attack is to spoof the IP of the intended target and send a request for a large DNS zone file to any number of open recursive DNS servers.  The […]

Authors: Stephen Gates, Chief Research Intelligence Analyst & Cody Mercer, Senior Intelligence Threat Researcher Overview From reports in late January 2017, the Shamoon malware is back. Shamoon wipes the disks of computers infected with the malware. Apparently a new Shamoon variant prompted Saudi Arabia telecoms authority to issue a warning on Monday, January 23, 2017 for […]

Author: Stephen Gates, Chief Research Intelligence Analyst Ransomware: The Human Touch As a security professional, I often get asked about the latest threats. Most consumers don’t understand the difference between viruses, worms, Trojans, spyware, adware, scareware, malvertising, phishing, etc. Sometimes, even those of us in the field see it all as malware. Basically, it’s all malicious […]

Executive Summary JTB Corp. (JTB), a well-known travel agency in Japan announced on June 14, 2016 that it had experienced a massive data leak upon an attack targeting its servers. Initial reports indicate that 7.93 million people using JTB to book trips may have had their personal booking data exposed. The leaked data contained sensitive […]