Vulnerability Description On March 10, 2021, Beijing time, Microsoft released March 2021 Security Updates that fix 89 vulnerabilities, including high-risk ones like remote code execution and privilege escalation in various widely used products such as Microsoft Windows, Microsoft Office, Microsoft Exchange Server, Internet Explorer, and Visual Studio. In these security updates, Microsoft fixes 14 critical […]

Produced by: NSFOCUS Security Labs FreakOut samples appearing in the campaign were a typical IRC bot Trojan program written in Python. The Trojan program would connect to IRC channels in hardcoded C&C and act as instructed by C&C to collect information, launch DDoS attacks, interact with shells, and conduct ARP sniffing attacks. Also, it carried […]

Produced by: NSFOCUS Security Labs In early January 2021, NSFOCUS Security Labs captured an unknown malicious program called “out.py” via its real-time data platform, which is usually spread with the domain name “gxbrowser.net”. NSFOCUS Security Labs conducted an in-depth research on the samples and payloads of the malware and compared the malware with NSFOCUS threat […]

Event Overview Since February 2021, NSFOCUS’s emergency response team has found that several provinces in China saw multiple SMS phishing events using fake bank domain names. As these events bear a striking resemblance in the phishing playbook, attack means, and phishing website pages, we can largely determine that these attacks were launched by the same […]

Vulnerability Description On March 2, NSFOCUS observed that Microsoft released emergency security updates to fix seven vulnerabilities in Exchange Server. Exchange server-side request forgery vulnerability (CVE-2021-26855): An unauthenticated attacker, via a crafted HTTP request, could exploit this vulnerability to scan the intranet and authenticate as Exchange Server. Exchange Server deserialization vulnerability (CVE-2021-26857): An attacker with […]

Vulnerability Description On March 1, 2021, NSFOCUS observed that Apache Software Foundation (ASF) released a security bulletin to announce the fix of a remote code execution vulnerability via session persistence. This vulnerability is due to the bypass of the patch against CVE-2020-9484. If Tomcat’s session persistence function is used, its insecure configuration allows attackers to […]

Vulnerability Description On February 23, 2021, VMware released a security bulletin to announce the fix of two high-risk vulnerabilities in vSphere Client and ESXi. CVE-2021-21972: vSphere Client (HTML5) contains a remote code execution vulnerability in the vRealize Operations plug-in in vCenter Server, with the CVSSv3 score of 9.8. The affected vRealize Operations plug-in is installed […]

Just in February, another two amplification DDoS attacks caught our attention. They are respectively abusing Plex Media Servers and Powerhouse VPN servers to amplify junk traffic to victims. Abuse Plex Media Server for Amplification Attacks On 3rd February, according to ZDNet, DDoS-for-hire services have found a way to abuse Plex Media servers to bounce junk […]

Vulnerability Description On February 10, 2021, Beijing time, Microsoft released February 2021 Security Updates that fix 56 vulnerabilities, including high-risk ones like remote code execution and privilege escalation in various widely used products such as Microsoft Windows, Microsoft Office, Microsoft Exchange Server, Visual Studio, and Microsoft .NET Framework. In these security updates, Microsoft fixes 11 […]

Vulnerability Description On February 10, NSFOCUS found that Microsoft fixed the Windows TCP/IP remote code execution vulnerability (CVE-2021-24074) in its February updates. This vulnerability exists in the IPv4 source routing which is blocked by default in Windows systems. Attackers, via a crafted IP packet, could exploit this vulnerability to execute arbitrary code on a target […]