Overview According to NSFOCUS CERT's monitoring, Microsoft released July 2021 Security Updates on July 14 to fix 117 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, Microsoft Edge, Visual Studio, and SharePoint Server. In the vulnerabilities fixed by this month's security...
Category: Blog
Cloud DPS – Optimization for a Managed Security Service Customer
Today DDoS attacks are continuing to increase in frequency, volume and duration to affect a business’s continuity and reputation. DDoS mitigation capability has become the top priority for CIO/CISOs in Enterprise, Internet content providers and government, while they may have to face the challenge of finding sufficient experienced security professionals...
SolarWinds Serv-U Remote Code Execution Vulnerability (CVE-2021-35211) Threat Alert
Overview Recently, NSFOCUS CERT, through ongoing monitoring, found that SolarWinds released a security advisory fixing a remote code execution vulnerability (CVE-2021-35211). Microsoft reported to SolarWinds that they had discovered that the vulnerability was exploited in the wild and provided a proof of concept of the exploit. Unauthenticated, remote attackers could...
A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 2
2. Encrypter: DP_Main 2.2 Self Copy and Automatic Running at Startup The program copies itself to %APPDATA%/DP/DP_Main.exe, and modifies the registry for automatic running at startup. 2.3 Deletion of Volume Shadow Backups The program uses CMD command parameters to delete volume shadow backups. 2.4 Upload of Encryption Information After obtaining...
A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 1
Event Overview Recently, NSFOCUS CERT, through ongoing monitoring, found that the source code of the Paradise ransomware was leaked. Since data encrypted by Paradise cannot be decrypted now, the source code, if widely spread over the Internet, may cause a lot of trouble. Paradise had its source code leaked on...
Windows Print Spooler RCE Vulnerabilities (CVE-2021-1675/CVE-2021-34527) Mitigation Guide
Overview On July 7, 2021, Beijing time, Microsoft released a security patch on the PrintNightmare vulnerability (CVE-2021-34527). NSFOCUS CERT recommends that users install this patch as soon as possible. On June 29, NSFOCUS CERT found that a security researcher published an exploit of the Windows Print Spooler remote code execution...
