This section analyzes WS-Discovery reflection attacks. For details about the WS-Discovery service, see section 1.6 WS-Discovery First Found to Be Abused for DDoS Reflection Attacks. (more…)
Blog
A Global DTLS Amplification DDoS Attack Is Ongoing
Attackers are targeting Citrix ADC (Application Delivery Controller) and utilize it to launch amplification attacks. However, no official patch has been released yet. (more…)
Annual IoT Security Report 2019-13
Introduction This chapter analyzes IoT threats from the perspective of protocols. According to the data from NSFOCUS's threat hunting system, Telnet services (port 23) were targeted most frequently1. Therefore, we first analyze the attacks launched via Telnet. WS-Discovery reflection attacks are a new type of DDoS reflection attacks emerging in...
A Preliminary Investigation into the Worm Technique Affecting Schneider’s Programmable Logic Controllers
Background Some time ago, some researchers detected a code injection vulnerability (CVE-2020-7475), which could cause Schneider's Programmable Logic Controllers (PLCs) to operate like worms. If successfully exploited, this vulnerability could allow a PLC to act as a mini PC to carry out malicious network activities or as an intranet springboard...
Adobe Releases December’s Security Updates Threat Alert
Overview On December 8, 2020, local time, Adobe released security updates which address multiple vulnerabilities in Adobe Prelude, Adobe Experience Manager, and Adobe Lightroom. (more…)
Annual IoT Security Report 2019-12
In this section, we analyze threat trends related to Netis routers according to the data captured by NSFOCUS's threat hunting system. Our data is based on log messages generated from May 21 to October 30, 2019. The following subsections analyze these log messages from the aspects of attack sources, attack...
