Blog

DHDiscover reflection attacks can magnify nearly 200 times of the attack 2

October 8, 2020 | Mina Hao

DHDiscover reflection attack analysis In this chapter, we’ll demonstrate the threat status quo of DHDiscover reflection attack after referring to log data captured by the NSFOCUS Threat Capture System[AZ1]  from June 1, 2020 to August 18, 2020 at the port 37810. We analyzed the number of logs at the port 37810 as shown in the […]

Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2020-16875) Handling Guide

October 7, 2020 | Mina Hao

Vulnerability Description Recently, NSFOCUS detected that security personnel disclosed the procedure for exploiting the Microsoft Exchange Server remote code execution vulnerability (CVE-2020-16875) online. The vulnerability was made public by Microsoft in its September 2020 Security Updates. A remote code execution vulnerability exists in the way that Microsoft Exchange Server handles objects in memory. The prerequisite […]

2020 H1 Cybersecurity Trends-1

October 6, 2020 | Mina Hao

Botnet Trend Report 2019-13

October 5, 2020 | Mina Hao

Mirai At present, Mirai is among the biggest IoT botnet families which have the most variants and infect the most devices to impose the most extensive impact. In 2019, NSFOCUS Security Labs captured 10,635 Mirai samples in total (excluding the repetitive malware arising from cross compilation), identified 1660 C&C addresses, and detected more than 40 […]

DHDiscover reflection attacks can magnify nearly 200 times of the attack 1

October 4, 2020 | Mina Hao

1. Abstract In March 2020, Tencent published an article about a DVR being used for reflection attacks. Service port of this DVR is 37810, we named it DHDiscover service as there was DHDiscover shown in it. In the reflection attacks captured by Tencent, the scale of attack traffic exceeded 50G, and the reflection source regions […]

PAN-OS Remote Code Execution Vulnerability (CVE-2020-2040) Threat Alert

October 3, 2020 | Mina Hao

Vulnerability Description Recently, NSFOCUS detected that Palo Alto Networks (PAN) released a security advisory, which announced a critical vulnerability (CVE-2020-2040) assigned a CVSS base score of 9.8. When Captive Portal is enabled or Multi-Factor Authentication (MFA) is configured, this buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to potentially disrupt system processes and execute […]

Netlogon Privilege Escalation Vulnerability (CVE-2020-1472) Handling Guide

October 2, 2020 | Mina Hao

1.  Vulnerability Description Recently, NSFOCUS detected that the foreign security company Secura disclosed detailed information and validation scripts about the Netlogon privilege escalation vulnerability (CVE-2020-1472), which increases vulnerability risks abruptly. Exploitation of this vulnerability requires a computer on the same local area network (LAN) as the target. When using the Netlogon Remote Protocol (MS-NRPC) to […]

IP Reputation Report-09272020

October 1, 2020 | Mina Hao

1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at September 27, 2020.

Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2020-16875) Threat Alert

September 30, 2020 | Mina Hao

Overview Microsoft has fixed a critical vulnerability in its September 2020 Security Updates, which is a remote code execution vulnerability (CVE-2020-16875) in Microsoft Exchange Server. Recently, relevant proof of concept (PoC) has appeared on the Internet. Due to incorrect verification of cmdlet arguments, an attacker may trigger this vulnerability by sending an email that contains […]

Microsoft September 2020 Security Updates for Multiple High-Risk Product Vulnerabilities Threat Alert

September 29, 2020 | Mina Hao

Vulnerability Description On September 9, 2020, Beijing time, Microsoft released September 2020 Security Updates that fix 129 vulnerabilities ranging from remote code execution to privilege escalation in various products, including Microsoft Windows, Internet Explorer, Microsoft Office, Microsoft Exchange Server, Visual Studio, and ASP.NET.