Blog

Considerations for Making ICS Networks Comply with CMMC

January 26, 2021 | Mina Hao

1. Background In early 2020, the US Department of Defense (DOD) released the Cybersecurity Maturity Model Classification (CMMC). On average, the USA loses USD 600 billion a year to adversaries in the cyberspace. Currently, the DOD has about 300,000 contractors, covering a variety of fields from hypersonic weapons to leather factories. Of all these contractors, […]

Attributed Graph-based Anomaly Detection and Its Application in Cybersecurity

January 26, 2021 | Mina Hao

1. Background On cyberspace battlefields, adversaries often lurk in the darkness, but will jump at the throat of victims whenever spotting a chance. Today, extensive collection of huge amounts of data from various dimensions is nothing new. This can be very useful for security defenses, but at the same time brings unprecedented challenges to security […]

Enterprise Blockchain Security 2020-2

January 26, 2021 | Mina Hao

This chapter describes the characteristics, usage scenarios, and architecture of enterprise blockchains, and illustrates three major enterprise blockchain systems in three separate sections.

Microsoft’s Security Patches for January 2021 Fix 83 Security Vulnerabilities

January 25, 2021 | Mina Hao

Overview Microsoft released January 2021 security updates on Tuesday which fix 83 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Repository, ASP.NET core & .NET core, Azure Active Directory Pod Identity, Microsoft Bluetooth Driver, Microsoft DTV-DVD Video Decoder, Microsoft Edge (HTML-based), Microsoft Graphics Component, Microsoft Malware Protection Engine, […]

Oracle January 2021 Critical Patch Update for All Product Families

January 24, 2021 | Mina Hao

Overview On January 20, 2021, NSFOCUS detected that Oracle released the January 2021 Critical Patch Update (CPU), which fixed 329 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle WebLogic Server, Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, Oracle Enterprise Manager, and Oracle Systems. Oracle […]

Non-negligible ICS Security Risks — Device Simulator Security

January 23, 2021 | Mina Hao

Background To facilitate debugging and analysis by developers, a lot of master computer configuration software often comes with a simulator that simulates a real programmable logic controller (PLC) or human-machine interface (HMI) device. Such simulators exchange data with master computer configuration software through TCP/IP and therefore some will listen on a designated port which is […]

WebLogic Multiple Remote Code Execution Vulnerabilities Threat Alert

January 22, 2021 | Mina Hao

Vulnerability Description On January 20, 2021, NSFOCUS detected that Oracle released the January 2021 Critical Patch Update (CPU), which fixed 329 vulnerabilities of varying risk levels. Seven of these vulnerabilities are severe and assigned CVE-2021-1994, CVE-2021-2047, CVE-2021-2064, CVE-2021-2108, CVE-2021-2075, CVE-2019-17195, and CVE-2020-14756. Unauthenticated attackers could exploit these vulnerabilities to execute code remotely. These vulnerabilities are […]

Annual IoT Security Report 2019-17

January 22, 2021 | Mina Hao

Malicious Behaviors Targeting UPnP Vulnerabilities We captured four kinds of UPnP exploits 1, as shown in Table 4-7. Apparently, all the exploits targeted remote command execution vulnerabilities. Besides, we found that when a vulnerability is found on a specific port, attackers usually directly hit this port by skipping the UPnP discovery phase.

JumpServer Remote Command Execution Vulnerability Threat Alert

January 21, 2021 | Mina Hao

Overview On January 15, 2021, Beijing time, JumpServer released an emergency bulletin to announce a remote command execution vulnerability in its bastion host and advised users to fix it as soon as possible, especially those whose JumpServer can be accessed via the Internet.

Suggestions on Detection and Prevention of the Incaseformat Virus

January 20, 2021 | Mina Hao

Overview On January 13, 2021, NSFOCUS’s emergency response team received feedback on the incaseformat virus from a host of customers in the government, healthcare, education, and telecom sectors. According to analysis, we found that this virus mainly infected hosts installed with financial management application systems. Also, we observed that all other files than system partition […]