Amplification DDoS Attacks Come Again

February 26, 2021 | Jie Ji

Just in February, another two amplification DDoS attacks caught our attention. They are respectively abusing Plex Media Servers and Powerhouse VPN servers to amplify junk traffic to victims. Abuse Plex Media Server for Amplification Attacks On 3rd February, according to ZDNet, DDoS-for-hire services have found a way to abuse Plex Media servers to bounce junk […]

Microsoft February Security Updates for Multiple High-Risk Product Vulnerabilities

February 25, 2021 | Jie Ji

Vulnerability Description On February 10, 2021, Beijing time, Microsoft released February 2021 Security Updates that fix 56 vulnerabilities, including high-risk ones like remote code execution and privilege escalation in various widely used products such as Microsoft Windows, Microsoft Office, Microsoft Exchange Server, Visual Studio, and Microsoft .NET Framework. In these security updates, Microsoft fixes 11 […]

Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24074)

February 24, 2021 | Jie Ji

Vulnerability Description On February 10, NSFOCUS found that Microsoft fixed the Windows TCP/IP remote code execution vulnerability (CVE-2021-24074) in its February updates. This vulnerability exists in the IPv4 source routing which is blocked by default in Windows systems. Attackers, via a crafted IP packet, could exploit this vulnerability to execute arbitrary code on a target […]

Enterprise Blockchain Security 2020-6

February 5, 2021 | Mina Hao

Regulatory Policies With years of development, the blockchain industry has taken shape, but enterprise blockchain applications are still at an exploratory stage. The blockchain ecosystem contains SPs, application vendors, and users. SPs in this context provide blockchain information services, whose compliancerequirements are surely different from those for other information services (such as cloud services) due […]

Information Disclosure-Incurred Asset Compromise and Detection and Analysis

February 4, 2021 | Mina Hao

According to a survey, 25% of internal security incidents are attributed to information disclosure. Attackers, merely through information disclosure, without needing to resort to measures with obvious patterns, like password cracking, can further acquire sensitive information about users and enterprises. It should be noted that this kind of attack method has a high degree of […]

Enterprise Blockchain Security 2020-5

February 3, 2021 | Mina Hao

The enterprise-related blockchain security landscape has two layers of meanings: enterprise blockchain security situation and blockchain-related enterprise security situation. The former refers to the security posture of enterprises that have deployed blockchain applications. In the latter case, although an enterprise does not deploy any blockchain applications, security threats facing it point to blockchains. In terms […]

Risk Assessment for Industrial Control Systems

February 2, 2021 | Mina Hao

ICS security professionals should report ICS vulnerabilities to the vendor before attackers discover them and offer the vendor with remediation suggestions, mitigation measures, and security solutions to avoid network attack risks before the vulnerabilities are malicious exploited. Compared with Windows systems, a quite different method is used to assess ICS systems due to their heterogeneity. […]

Enterprise Blockchain Security 2020-4

February 1, 2021 | Mina Hao

This chapter analyzes security threats facing enterprise blockchains.

Annual IoT Security Report 2019-18

January 29, 2021 | Mina Hao

Introduction IoT devices are faced with a great security challenge and their security appears particularly important. On one hand, though IoT devices have had a long existence, legacy IoT devices and their application protocols contain a variety of vulnerabilities due to the ill-conceived security design. On the other hand, as noted in the analysis of […]

Adobe Security Bulletins for January 2021 Security Updates

January 28, 2021 | Mina Hao

Overview On January 12, 2021, local time, Adobe officially released January’s security updates to fix multiple vulnerabilities in its various products, including Adobe Bridge, Adobe Captivate, Adobe InCopy, Adobe Campaign, Classic,Adobe Animate, Adobe Illustrator, and Adobe Photoshop. For details about the security bulletins and advisories, visit the following link: