Research & Reports

Thoughts on the Application of the Micro Honeypot System in the Financial Sector

October 11, 2018 | Adeline Zhang

Overview According to the Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities released by Gartner in 2015, “Deception technologies are defined by the use of deceit and/or feints designed to thwart or throw off an attacker’s cognitive processes, disrupt an attacker’s automation tools, delay an attacker’s activities or disrupt breach progression. […]

An Analysis of Qbot Variants in the Wild

October 1, 2018 | Adeline Zhang

Overview Since their source code was publicly released on GitHub, Mirai and Qbot have wreaked havoc on the Internet of things (IoT). Before such public release, Mirai had been found to have adversarial behavior against Qbot in its infection process. Recently, the research team of NSFOCUS Threat Intelligence center (NTI) captured the first Qbot variant […]

Technical Analysis and Solution | Apache Struts 2 Remote Code Execution Vulnerability (S2-057)

August 27, 2018 | Adeline Zhang

On August 22, 2018, Beijing time, Apache Software Foundation (ASF) released a security bulletin, announcing a remote code execution vulnerability (CVE-2018-11776, CNVD-2018-15894, or CNNVD-201808-740) in Apache Struts 2. This vulnerability exists in either of the following cases: The namespace value is not set for a result defined in underlying XML configurations. Also, upper action configurations […]

NSFOCUS Weekly Cybersecurity Report (ID: 201826)

July 3, 2018 | Adeline Zhang

Internet Threat Status CVE Statistics The number of new CVE IDs in last week was 193, a decrease compared with the previous week.   Threat Review   WPA3 Standard Officially Launches With New Wi-Fi Security Features (06-25-2018) The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known […]

NSFOCUS Weekly Cybersecurity Report (ID: 201825)

June 28, 2018 | Adeline Zhang

Internet Threat Status CVE Statistics From the figure above, we can see an obvious rise in CVE IDs over last week. Besides, the fact that quite a few vulnerabilites were disclosed or discovered recently also reminded people to keep close attention to their systems’ security. Threat Review Quarterly Threat Report |Q1 2018 Ransomware volumes reduced; […]

NSFOCUS Weekly Cybersecurity Report

June 20, 2018 | Adeline Zhang

(Report ID: 201824) Internet Threat Status CVE Statistics Last week we saw a slight increase in the total entries of CVE IDs.   Threat Review New ‘Lazy FP State Restore’ Vulnerability Found in All Modern Intel CPUs Date: 06-13-2018 Description: Hell Yeah! Another security vulnerability has been discovered in Intel chips that affects the processor’s […]

Drupal Remote Code Execution Vulnerability Analysis

May 31, 2018 | NSFOCUS

Overview Drupal released a security advisory on 28 March 2018 to disclose a remote execution code (RCE) vulnerability in the Drupal core, sa-core-2018-002 (CVE-2018-7600). Soon, two more security advisories were also published within a month, including a Cross-Site Scripting (XSS) vulnerability and a critical code execution vulnerability — sa-core-2018-004 (CVE-2018-7602). In the following two months, […]

2017 DDoS and Web Application Attack Landscape

April 25, 2018 | NSFOCUS

1 Introduction New Internet-based technologies and models, such as cloud computing, big data, Internet of Things (IoT), and mobile computing, are profoundly influencing transformations in the cyberspace. In this context, cyber threats keep evolving and upgrading. Distributed denial-of-service (DDoS) attacks and web application attacks are the main security threats facing the Internet at present. While […]

 2017 Fintech Security Analysis Report

April 16, 2018 | NSFOCUS

Ping An Financial Security Research Institute:As the industry’s first comprehensive organization engaging in financial security research and innovation founded by Ping An Technology, a wholly funded subsidiary of Ping An Group, it provides robust technical support for financial security of Ping An Group, the related sector, and the country and makes technical contributions to information […]

Drupal Code Execution Vulnerability Analysis

March 30, 2018 | Adeline Zhang

Recently, Drupal, a popular open-source content management framework, is found to contain a highly critical remote code execution vulnerability, which allows attackers to execute malicious code on a Drupal site, resulting in the site being completely compromised. This vulnerability is assigned CVE-2018-7600. The root cause of this vulnerability is related with Drupal’s rendering of forms: […]