WannaRen Surfaces as a New Strain of Ransomware Threat Alert

April 24, 2020 | Mina Hao

Overview Recently, a new strain of ransomware WannaRen came to the surface and began to spread between PCs. This ransomware encrypts almost all files in the Windows system and uses .WannaRen as the extension of encrypted files. The attacker leaves a Bitcoin wallet address and demands 0.05 Bitcoin as ransom.

IP Reputation Report-04192020

April 23, 2020 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at April 19, 2020.

DDoS Attack Landscape 5

April 22, 2020 | Mina Hao

Controlled DDoS Attack Sources According to statistics, China was still home to the largest number of controlled DDoS attack sources (36.19%) in 2019, followed by the USA and UK. Although China’s ranking remained unchanged in terms of the number, the proportion decreased compared with 2018. This indicates that China’s DDoS governance and defenses have yielded […]

Google Chrome Update Fixes Multiple High-Severity Vulnerabilities Threat Alert

April 21, 2020 | Mina Hao

Overview On March 31, 2020, local time, Google published an advisory, announcing that the newest version of Chrome 80.0.3987.162 to be rolled out in the coming days would address eight security vulnerabilities. Now this version has been released. The most severe of these vulnerabilities could allow attackers to execute arbitrary code in the context of […]

Overseas APT Organization Exploits Vulnerabilities to Breach Sangfor SSL VPNs and Deliver Malicious Code Threat Alert

April 20, 2020 | Mina Hao

Overview On April 6, Sangfor released an advisory, announcing that an overseas APT organization illegally took control of some of their SSL VPN devices and sent malicious files to clients by exploiting a client upgrade vulnerability. NSFOCUS has kept a close eye on this issue and conducted overall analysis. We advise related users to take […]

WebSphere Application Server Remote Code Execution Vulnerability (CVE-2020-4276 and CVE-2020-4362) Threat Alert

April 17, 2020 | Mina Hao

Overview IBM released security advisories to announce the fix of two remote code execution vulnerabilities (CVE-2020-4276 and CVE-2020-4362) in WebSphere Application Server. The two vulnerabilities exist when WebSphere uses token-based authentication in an admin request over the SOAP connector. By sending a maliciously crafted request to WebSphere SOAP Connector, an attacker could execute arbitrary code […]

IP Reputation Report-04122020

April 16, 2020 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at April 12, 2020.

DDoS Attack Landscape 4

April 15, 2020 | Mina Hao

Attack Distribution by Duration In 2019, the average duration of DDoS attacks was registered at 52 minutes, an 18% increase from 2018. We noticed that the longest DDoS attack in 2019 lasted around 20 days, far longer than attacks detected in previous years. In 2019, a DDoS attacks lasting less than 30 minutes accounted for […]

Vollgar Botnet Threat Alert

April 14, 2020 | Mina Hao

Overview On April 1, the Guardicore Labs team uncovered a long-running attack campaign which aims to infect Windows machines running MS-SQL servers. At least since May 2018, the campaign uses password brute force to breach victim machines, deploys multiple backdoors, and executes numerous malicious modules, such as remote access tools (RATs). We dubbed the campaign […]

A Look into RSAC 2020: Cloud Security

April 13, 2020 | Mina Hao

RSA Conference (RSAC) 2020 was held still at the Moscone Center in San Francisco in February as scheduled. Unfortunately, I failed to attend this conference. So, instead of talking about my actual feelings of visiting the scene, I focus on what I think after watching session tracks of this conference.