Blog

IP Reputation Report-02012019

February 1, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at February 01, 2019.

Mobile Office—SIM and SD Card Security

January 31, 2019 | Mina Hao

Case AnalysisCase Analysis If you do not report the loss of the SIM card after your phone is lost, a hacker may use it to obtain SMS verification codes. Activation of the quick pay service requires only the ID card number, bank card number, and SMS verification code.

NSFOCUS Releases IP Chain Gang Report on Behavior of Recidivist Hackers

January 30, 2019 | Devika Jain

  In a new report, NSFOCUS introduced the IP Chain-Gang concept, in which each chain-gang is controlled by a single threat actor or a group of related threat actors that exhibit similar behavior among the various attacks conducted by the same gang. The report analyzes the IP Chain-Gangs attack types, volume, size of events, gang […]

APT/APT-GET RCE Vulnerability (CVE-2019-3462) Handling Guide

January 30, 2019 | Mina Hao

1 Vulnerability Overview Recently, a security researcher discovered a critical vulnerability in the Advanced Packaging Tool (APT) of Linux. This vulnerability stems from the APT’s failure to properly handle redirects, which can be triggered via a man-in-the-middle attack or a malicious package mirror, resulting in remote code execution.

Technical Report on Container Security (IV)-5

January 30, 2019 | Mina Hao

Container Security Protection – Container Network Security Container Network Security

Linux apt/apt-get Remote Code Execution (RCE) Vulnerability (CVE-2019-3462) Threat Alert

January 28, 2019 | Mina Hao

Overview On January 22, 2019, local time, security researcher Max Justicz announced his discovery of a remote code execution (RCE) vulnerability in Linux apt/apt-get. This vulnerability stems from the APT’s failure to properly handle certain parameters involved in HTTP redirects. It can be triggered via a man-in-the-middle attack or a malicious package mirror, resulting in […]

Genius? Lunatic? Maybe Both (II)

January 28, 2019 | Mina Hao

The ubiquity of the Internet is attracting more and more youths to the computer industry, especially the hacker community that holds a supreme position in the realm of cyber security. Every person eager to be part of the IT industry seems to be able to get something from it, ranging from appearing cool to making […]

IP Reputation Report-01252019

January 25, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at January 25, 2019. CN increased 1% from 43% to 44% and US stayed at 12% from last week.

Mobile Office — Two-Step Verification

January 25, 2019 | Mina Hao

Case Analysis It is a common practice to protect an account with a password. However, the account will be compromised if the password is disclosed. Now many mobile phones or apps support two-step verification. When detecting a login to your account from another phone, the mechanism requires the other form of authentication, for example, a […]

Technical Report on Container Security (IV)-4

January 24, 2019 | Mina Hao

Container Security Protection – Image Security Image Security Images are the basis of containers. Therefore, their security speaks a lot for that of the entire container ecosystem. Container images are a series of images stacked layer by layer. They are distributed and updated through image repositories. The following sections describe how to secure images from […]