In August 2017, NSFOCUS’s DDoS situation awareness platform detected anoma-lous bandwidth usage over a customer’s network, which, upon analysis, was confirmed to be a distributed denial-of-service (DDoS) attack. The attack was characterized by different types of traffic, including TCP flood, HTTP flood, and DNS flood. Tracing source IP addresses, we found that the attack had […]

The underground network industry has a long history and extensive coverage. What happened throughout its history? This document presents the definition, category, means, and examples of the underground network industry, as well as protection measures. Overview What is Underground Industry? Underground industry is a general name for a wide variety of behaviors which, using the […]

Here is a comprehensive tutorial on cross-site scripting (XSS) attacks, ranging from entry to practice. Overview Note that XSS attacks are classified according to different angles in the preceding figure, but not simply classified into reflective XSS, stored XSS, and DOM-based XSS. In essence, XSS is injection of HTML code and JavaScript code. This kind […]

  Overview Recently, Pivotal released a security advisory to reveal the Spring Data REST server is prone to a remote code execution vulnerability (CVE-2017-8046) when processing PATCH requests. Attackers could exploit this vulnerability by sending a crafted PATCH request to the Spring Data REST server. The submitted JSON data contains a SPEL expression, which could […]

Strengthening suite of services to enhance customers’ enterprise security SINGAPORE, October 10, 2017 – Pacific Internet Singapore Pte Ltd, Southeast Asia’s Internet Service Provider, has signed up with NSFOCUS, a global enterprise DDoS (Distributed Denial of Service) mitigation solution provider, to complement its Internet services with best-in-class DDoS defense strategies. According to Deloitte’s Technology, Media […]

Executive Overview There was a 34.06% increase in number of IP addresses globally in the NSFOCUS IP Reputation databases this month compared to both the beginning of the year and post WannaCry and Petya (33.17% through July). Globally the number of Botnets did not change significantly. However, the overall percentage of Botnets compared to other […]

Overview It appears that the new syndicate of the Armada Collective referred to as the Phantom Squad is planning to launch a global DDoS attack on September 30th.  Below you will find a screenshot of the mass spear-phishing email that has been distributed to many organization and companies around the world. They are currently asking […]

Overview On September 5, 2017, Apache Struts released the latest security bulletin announcing that the REST plug-in in Apache Struts 2.5.x and some 2.x versions is prone to a high-risk remote code execution vulnerability, which has been assigned CVE-2017-9805 (S2-052). When using an XStream handler with an instance of XStream for deserialization, the REST plug-in […]

Overview On August 17, 2017, the National Bank of Ukraine (NBU) warned financial institutions in the country about a potential cyberattack. The virus would exploit the CVE-2015-2545 vulnerability to cause remote code execution by sending emails with the code disguised as a Microsoft Word document. Subsequently, a cybersecurity institution found traces of such an attack […]

Overview Security researchers from the security firm ESET spotted a piece of malware dubbed Joao targeting gamers. This malware is found inside an Aeria game installation pack provided by a third party. Upon the start of a game, this malware runs in the background, sending the victim’s machine information to the attacker, including the operating […]