Author: Cody Mercer - Senior Threat Intelligence Researcher Executive Overview A new mobile banking Trojan titled ‘Swearing Trojan’ has been discovered by Tencent Security and Checkpoint researchers. The odd name of the malware is in part attributed to the various Chinese swear words sparsely distributed in the source code. The...
Category: Uncategorized
Apache Struts2 Remote Code Execution Vulnerability (S2-045)
Overview Apache Struts2 is prone to a remote code execution vulnerability (CNNVD-201703-152) in the Jakarta Multipart parser plug-in. When uploading a file with this plug-in, an attacker could change the value of the Content-Type header field of an HTTP request to trigger this vulnerability, causing remote code execution. For details,...
Overview & Analysis of a Threat Intelligence Ecosystem
Authors: Richard Zhao, CTO & Cody Mercer, Senior Intelligence Threat Researcher Security Event Investigation and Threat Intelligence Over a year ago I purposed the three main tenants encompassing a successful Threat Intelligence framework: Define a system infrastructure for security event disclosure and case analysis. Clearly delineate security disclosure responsibilities to respective...
Threat Intelligence – You’re Purchasing the Process
By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS Over the past year, the cyber security industry has changed significantly in the light of an innovative tool called “Threat Intelligence” (TI). Organizations of all sizes are beginning to gain understanding of the value of TI; however, there is some confusion concerning what...
“Shifu” Banking Trojan – Technical Analysis and Recommendations
By: NSFOCUS Security Labs Overview The banking Trojan "Shifu" was discovered by the IBM counter fraud platform in April, 2015. Built on the Shiz source code, this Trojan employs techniques adopted by multiple notorious Trojans such as Zeus, Gozi, and Dridex. This particular Trojan targeted 14 banks in Japan and...
ElasticSearch Hit by Ransom Attack
By: Dr. Richard Zhao, SVP of Global Threat Research, NSFOCUS Overview During the week of January 21, 2017, over 34,000 vulnerable MongoDB databases fell victim to a ransom attack. Data residing on these databases was erased or encrypted and bitcoin payment was demanded in lieu for return of the data....
