Author: Cody Mercer - Senior Threat Intelligence Researcher Executive Overview A new mobile banking Trojan titled ‘Swearing Trojan’ has been discovered by Tencent Security and Checkpoint researchers. The odd name of the malware is in part attributed to the various Chinese swear words sparsely distributed in the source code. The...
Category: Blog
Dridex – v4
Author: Cody Mercer - Senior Threat Intelligence Research Analyst Executive Overview A newly discovered modified version of Dridex, now termed ‘Dridex v4’, has been recognized in the wild in recent days. The upgraded version of the Dridex Trojan was at one time one of the most successful bank Trojans originally...
Dahua Cameras Unauthorized Access Vulnerability Analysis & Solution
Overview Dahua Technology, a well-known security camera and digital video recorder (DVR) vendor in China, released firmware updates to address serious security vulnerabilities for several of their products. By exploiting this vulnerability an attacker can access the user database of a Dahua camera without needing administrative privileges and extract the...
StoneDrill – Shamoon & Shamoon 2.0 Variant
Author: Cody Mercer - Senior Threat Intelligence Researcher Executive Summary It would appear that a new variant titled 'StoneDrill' has now hit the wild and conducts operations very similar to that of Shamoon 2.0 and Shamoon malware. Moreover, Kaspersky Labs has evaluated the source code and it appears to contain...
Apache Struts2 Remote Code Execution Vulnerability (S2-045)
Overview Apache Struts2 is prone to a remote code execution vulnerability (CNNVD-201703-152) in the Jakarta Multipart parser plug-in. When uploading a file with this plug-in, an attacker could change the value of the Content-Type header field of an HTTP request to trigger this vulnerability, causing remote code execution. For details,...
Does a Dropbear DDoS in the Woods?
Author: Guy Rosefelt - Dir, PM Threat Intelligence & Web Security Recently, NSFOCUS has seen some interesting DDoS behavior. Since Q4 of last year, there has been a rise in SSL/VPN and SSH based DDoS attacks. Most people would not equate VPN or SSH as a viable mechanism for what...
