Produced by: Yuchen PAN Introduction Recently, an IoT malware sample dubbed SBIDIOT is found to engage in malicious activities, mainly distributed denial of service (DDoS) attacks. So far, very few incidents of this malware have been discovered by VirusTotal and cybersecurity communities. Though some IoT botnets focus on cryptocurrency mining...
Category: Blog
Oracle April 2021 Critical Patch Update for All Product Families
Vulnerability Description On April 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 400 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle...
A Look into the Colonial Pipeline Hack by DarkSide on CII and Countermeasures
Background On May 7, 2021, local time, Colonial Pipeline, the largest fuel pipeline operator in the USA, was forced to shut down its critical fuel network serving states on the US East Coast after being hit by a ransomware attack. This ransomware attack had fuel supply halted across three regions,...
WebLogic Multiple Severe Vulnerabilities Threat Alert
Vulnerability Description On April 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 400 vulnerabilities of varying risk levels. Seven of these vulnerabilities are severe and easy to exploit and affect WebLogic. Users are advised to take measures without delay to protect against...
-e1619596788284.jpg)
Principles and Characteristics of TCP Reflection Attacks
Produced by: Siqi GUO, Qiwen LUO Increasingly Serious Reflection Attacks Reflection attacks, as nothing new, have become one of the most troublesome and common DDoS attacks and are dominant in bandwidth consumption DDoS attacks. According to NSFOCUS's latest 2020 DDoS Attack Landscape, reflection attacks made up 34% of all DDoS...
Microsoft April Security Updates for Multiple High-Risk Product Vulnerabilities
Vulnerability Description On April 14, 2020, Microsoft released April 2020 Security Updates that fix 114 vulnerabilities, including high-risk remote code execution and privilege escalation, in various products like Microsoft Windows, Office, Edge (Chromium-based), Visual Studio Code, Microsoft Exchange Server, Visual Studio, and Azure. In these security updates, Microsoft fixes 19...
