Blog

Linux Kernel Privilege Escalation Vulnerability (CVE-2020-14386) Threat Alert

October 20, 2020 | Mina Hao

Vulnerability Description Recently, NSFOCUS detected a privilege escalation vulnerability in the Linux kernel (CVE-2020-14386). An integer overflow exists in the way net/packet/af_packet.c processes AF_PACKET, which leads to out-of-bounds write, thereby escalating privileges. An attacker could exploit this vulnerability to gain system root privileges from unprivileged processes. This vulnerability may affect virtualized products using the Linux […]

Botnet Trend Report 2019-15

October 19, 2020 | Mina Hao

Five Major APT Groups In 2019, NSFOCUS Security Labs tracked and delved into five major APT groups: BITTER, OceanLotus, MuddyWater, APT34, and FIN7. The following sections illustrate the latest developments of these APT groups by explaining how they optimize attack chains, refine attack methods, and sharpen RAT tools. BITTER BITTER is an attack group with […]

Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2

October 17, 2020 | Mina Hao

Honeypot-captured Threats in 2020 H1 In terms of honeypot-captured threats, in 2020 H1, Internet attack activities mainly consisted of malicious scanning, over 50% of which were attacks on or scanning of port 443. As for exploits, most attacks were directed at Power cameras, Dlink routers, and JBoss servers. Weak password attacks were mainly launched from […]

Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1

October 16, 2020 | Mina Hao

Overview In the distributed denial-of-service (DDoS) botnet activities in 2020 H1, most were from Mirai, Gafgyt, and other major families. In 2020 H1, DDoS attack means were dominated by UDP floods, CC, and TCP floods. In 2020 H1, Hostwinds, Digital Ocean, and OVH were the major hosted cloud service providers of C&C servers. We predict […]

IP Reputation Report-10112020

October 15, 2020 | Mina Hao

1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at October 11, 2020.

WebSphere XML External Entity Injection Vulnerability (CVE-2020-4643) Handling Guide

October 14, 2020 | Mina Hao

Vulnerability Description Recently, IBM released a security bulletin to announce the fix of an XML external entity injection (XXE) vulnerability (CVE-2020-4643) on WebSphere Application Server (WAS). Since WAS fails to properly process XML data, a remote attacker could exploit this vulnerability to obtain sensitive information on the server. The NSFOCUS security research team reported CVE-2020-4643 […]

Intelligent Threat Analytics: Graph Data Structuring

October 13, 2020 | Mina Hao

The artificial intelligence (AI) technology based on deep neural networks has made breakthroughs in a wide range of fields, but only seen limited adoption in cybersecurity. At present, it is impractical to expect a hierarchical neural network to implement threat identification, association, and response from end to end. According to Zhou Tao, an algorithm expert, […]

Botnet Trend Report 2019-14

October 12, 2020 | Mina Hao

New Trends of APT Groups Here are three trends that shaped APT groups in 2019: Firstly, mobile devices became common constituents of the attack surface. In 2019, MuddyWater developed malicious files against Android platforms, heading towards mobile devices. Google’s Project Zero team revealed five exploit chains deployed in the wild to attack iOS systems and […]

IP Reputation Report-10042020

October 10, 2020 | Mina Hao

1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at October 4, 2020.

IBM Spectrum Protect Plus Directory Traversal and Arbitrary Code Execution Vulnerabilities (CVE-2020-4711, CVE-2020-4703) Threat Alert

October 9, 2020 | Mina Hao

Vulnerability Description On September 15, 2020, NSFOCUS detected that IBM released a security bulletin, which fixed directory traversal and arbitrary code execution vulnerabilities (CVE-2020-4711, CVE-2020-4703) in IBM Spectrum Protect Plus Administrative Console. The directory traversal vulnerability (CVE-2020-4711) exists in a script (/opt/ECX/tools/scripts/restore_wrapper.sh) within Spectrum Protect Plus. An unauthenticated attacker could send a crafted HTTP request […]