1. Vulnerability Description On July 31, 2020, Beijing time, IBM released a security bulletin which addressed a remote code execution vulnerability (CVE-2020-4534) in WebSphere Application Server (WAS). The vulnerability is caused by improper handling of UNC paths. An authenticated local attacker could exploit the vulnerability to execute arbitrary code. The vulnerability has a CVSS score […]

Since the Promoting Scale Deployment of Internet Protocol Version 6 (IPv6) (“Plan”) 1 was published in November 2017, IPv6 deployments in China are on the rise. By June 2019, the number of active IPv6 users had reached 130 million, and 1.207 billion telecom users had been assigned an IPv6 address. At the same time, IPv6 […]

Executive Summary OpenVPN is an application layer VPN implementation based on the OpenSSL library and serves over port 1194. In September 2019, OpenVPN was found to be vulnerable to UDP reflection attacks. This document analyzes threat exposure of the entire network, common attack means, and the bandwidth amplification factor (BAF) of reflection attacks via the […]

5G World Summit September 1-3, 2020 Virtual Event

At 17:00 of May 20, NSFOCUS SOC detected an abnormal traffic alert in the global monitoring center, the IP addresses of a customer from Hong Kong were under attack and the maximum attack peak reached 634.6 Gbps. This had been the largest of all attacks targeting NSFOCUS’s customers by thetime this report was written. According […]

The first nine months of 2019 saw sharp rise in the market prices of cryptocurrencies dominated by Bitcoin. Despite a fall in the fourth quarter, the prices remained high. Meanwhile, cryptojacking malware became active with the rise of cryptocurrency prices.

Overview On August 11, 2020 (local time), Adobe released security updates to address multiple vulnerabilities in Adobe Acrobat, Reader, and Lightroom. For details about the security bulletins and advisories, visit the following link:

Overview   Microsoft released August 2020 security updates on Tuesday which fix 120 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, ASP.NET, Internet Explorer, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Video Control, Microsoft Windows, […]

From January to May 2020, except in April when the number of DDoS attacks was on a par with that a year earlier, the other months experienced a year-on-year decrease in the number. However, attack traffic in each month in the first half of 2020 increased year on year.

Overview Recently, Cisco released an announcement stating that it has repaired two high-risk vulnerabilities in Cisco SD-WAN vManager Software (CVE-2020-3374) and SD-WAN Solution Software (CVE-2020-3375). Cisco SD-WAN is a secure cloud-scale architecture with openness, programmability, and scalability. Through the Cisco vManage console, you can quickly establish SD-WAN coverage structures to connect data centers, branch offices, […]