Botnet Trend Report 2019-16

October 26, 2020 | Mina Hao

Conclusion Botnets have evolved to use weak passwords, exploits, and phishing emails as major propagation and intrusion means. Dormant attackers that are seeking opportunities to do wrong tend to exploit vulnerabilities during the time between vulnerability disclosure and remediation. Botnet hackers often exploit newly revealed vulnerabilities to infect new targets to enlarge their attack surface […]

Adobe Releases October’s Security Updates Threat Alert

October 23, 2020 | Mina Hao

Overview On October 13, 2020 (local time), Adobe released security updates which address a vulnerability in Adobe Flash Player. For details about the security bulletins and advisories, visit the following link:

Yii2 Deserialization Remote Command Execution Vulnerability (CVE-2020-15148) Protection Solution

October 21, 2020 | Mina Hao

Overview Recently, NSFOCUS detected that Yii Framework 2 disclosed a deserialization remote command execution vulnerability (CVE-2020-15148) in its update log published on September 14, 2020. By adding the _wakeup() function to Class yii\db\BatchQueryResult, Yii Framework 2 disables yii\db\BatchQueryResult deserialization and prevents remote command execution caused by application calling ‘unserialize()’ on arbitrary user input. Yii2 is […]

Linux Kernel Privilege Escalation Vulnerability (CVE-2020-14386) Threat Alert

October 20, 2020 | Mina Hao

Vulnerability Description Recently, NSFOCUS detected a privilege escalation vulnerability in the Linux kernel (CVE-2020-14386). An integer overflow exists in the way net/packet/af_packet.c processes AF_PACKET, which leads to out-of-bounds write, thereby escalating privileges. An attacker could exploit this vulnerability to gain system root privileges from unprivileged processes. This vulnerability may affect virtualized products using the Linux […]

Botnet Trend Report 2019-15

October 19, 2020 | Mina Hao

Five Major APT Groups In 2019, NSFOCUS Security Labs tracked and delved into five major APT groups: BITTER, OceanLotus, MuddyWater, APT34, and FIN7. The following sections illustrate the latest developments of these APT groups by explaining how they optimize attack chains, refine attack methods, and sharpen RAT tools. BITTER BITTER is an attack group with […]

Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2

October 17, 2020 | Mina Hao

Honeypot-captured Threats in 2020 H1 In terms of honeypot-captured threats, in 2020 H1, Internet attack activities mainly consisted of malicious scanning, over 50% of which were attacks on or scanning of port 443. As for exploits, most attacks were directed at Power cameras, Dlink routers, and JBoss servers. Weak password attacks were mainly launched from […]

Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1

October 16, 2020 | Mina Hao

Overview In the distributed denial-of-service (DDoS) botnet activities in 2020 H1, most were from Mirai, Gafgyt, and other major families. In 2020 H1, DDoS attack means were dominated by UDP floods, CC, and TCP floods. In 2020 H1, Hostwinds, Digital Ocean, and OVH were the major hosted cloud service providers of C&C servers. We predict […]

WebSphere XML External Entity Injection Vulnerability (CVE-2020-4643) Handling Guide

October 14, 2020 | Mina Hao

Vulnerability Description Recently, IBM released a security bulletin to announce the fix of an XML external entity injection (XXE) vulnerability (CVE-2020-4643) on WebSphere Application Server (WAS). Since WAS fails to properly process XML data, a remote attacker could exploit this vulnerability to obtain sensitive information on the server. The NSFOCUS security research team reported CVE-2020-4643 […]

Intelligent Threat Analytics: Graph Data Structuring

October 13, 2020 | Mina Hao

The artificial intelligence (AI) technology based on deep neural networks has made breakthroughs in a wide range of fields, but only seen limited adoption in cybersecurity. At present, it is impractical to expect a hierarchical neural network to implement threat identification, association, and response from end to end. According to Zhou Tao, an algorithm expert, […]

Botnet Trend Report 2019-14

October 12, 2020 | Mina Hao

New Trends of APT Groups Here are three trends that shaped APT groups in 2019: Firstly, mobile devices became common constituents of the attack surface. In 2019, MuddyWater developed malicious files against Android platforms, heading towards mobile devices. Google’s Project Zero team revealed five exploit chains deployed in the wild to attack iOS systems and […]