UNDER ATTACK? CALL US

Blog

Botnet Trend Report-9

By NSFOCUSPosted

This chapter explores further into active botnet families detected in 2018. We concentrate on four distinct families and tools focusing our analysis on their behavior changes, sample version changes, sample variants, and average age of C&C servers, to better understand the dynamic lifecycle of botnet families throughout 2018. (more…)

IP Reputation Report-08122019

By NSFOCUSPosted

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at August 11, 2019. (more…)

Apache Solr Remote Code Execution Vulnerability (CVE-2019-0193) Threat Alert

By NSFOCUSPosted

1 Vulnerability Overview Recently, Apache Software Foundation (ASF) issued a security bulletin to announce the fix of the remote arbitrary code execution vulnerability (CVE-2019-0193) in Apache Solr. This vulnerability exists in the DataImportHandler module, a common module used to import data from databases or other sources. The whole DIH configuration...

ProFTPd Arbitrary File Copy Vulnerability (CVE-2019-12815) Threat Alert

By NSFOCUSPosted

Overview Recently, an official security bulletin was released to announce the remediation of an arbitrary file copy vulnerability (CVE-2019-12815) in ProFTPd. This vulnerability lies in the custom SITE CPFR and SITE CPTO operations in the mod_copy module. By issuing the two commands to ProFTPd, an attacker can copy any file...

Botnet Trend Report-8

By NSFOCUSPosted

3.5 Delivery and Propagation  3.5.1 Behavior Seen  Studying 25 million intrusion logs extracted from NSFOCUS managed services customers in 2018, we found that approximately 14 million logs recorded intrusions using weak password cracking mainly against Telnet, RDP, and SSH services. From other logs, a large portion of intrusions seen were...