WebSphere Application Server Remote Code Execution Vulnerability (CVE-2020-4276 and CVE-2020-4362) Threat Alert
abril 17, 2020
Overview
IBM released security advisories to announce the fix of two remote code execution vulnerabilities (CVE-2020-4276 and CVE-2020-4362) in WebSphere Application Server.
The two vulnerabilities exist when WebSphere uses token-based authentication in an admin request over the SOAP connector.
By sending a maliciously crafted request to WebSphere SOAP Connector, an attacker could execute arbitrary code on an affected server in an unauthorized way.
IP Reputation Report-04122020
abril 16, 2020
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at April 12, 2020.
DDoS Attack Landscape 4
abril 15, 2020
Attack Distribution by Duration
In 2019, the average duration of DDoS attacks was registered at 52 minutes, an 18% increase from 2018. We noticed that the longest DDoS attack in 2019 lasted around 20 days, far longer than attacks detected in previous years.
In 2019, a DDoS attacks lasting less than 30 minutes accounted for 75%, approximate to the figure registered in 2018. The high proportion of short attacks signals that attackers are attaching more
and more importance to the attack cost and efficiency and are more inclined to overwhelm the target service with floods of traffic in a short time, getting users offline and causing high latency
and jitters. In addition, Botnet-as-a-Service (BaaS) and DDoS-as-a-Service (DDoS) have gained momentum for rapid development, which were also to blame for the prevalence of short attacks.
Thanks to their availability, platform users are able to launch massive attacks in a very short time as long as they are willing to pay a certain amount of money for a whole lot of mercenary attack resources4. In the long run, repeated burst attacks, which are under effective cost control, will greatly aggravate the quality of target services.
Vollgar Botnet Threat Alert
abril 14, 2020
Overview
On April 1, the Guardicore Labs team uncovered a long-running attack campaign which aims to infect Windows machines running MS-SQL servers. At least since May 2018, the campaign uses password brute force to breach victim machines, deploys multiple backdoors, and executes numerous malicious modules, such as remote access tools (RATs). We dubbed the campaign Vollgar.
It is not uncommon for attackers to use password brute force to breach systems and then inject malware. However, according to the report, there are still 2000–3000 databases being attacked every day. Victims are distributed in different countries (including China, India, South Korea, Turkey, and the USA) and belong to various industry sectors (including healthcare, aviation, IT, telecommunications, and higher education). (mais…)
A Look into RSAC 2020: Cloud Security
abril 13, 2020
RSA Conference (RSAC) 2020 was held still at the Moscone Center in San Francisco in February as scheduled. Unfortunately, I failed to attend this conference. So, instead of talking about my actual feelings of visiting the scene, I focus on what I think after watching session tracks of this conference.
Linux Kernel Information Disclosure and Privilege Escalation Vulnerability Threat Alert
abril 10, 2020
Vulnerability Description
On March 31, the Linux kernel privilege escalation vulnerability demonstrated by the competitor Manfred Paul on the Pwn2Own contest was included in the CVE database and identified as CVE-2020-8835. This vulnerability exists because the bpf verifier in the Linux kernel does not properly calculate register bounds for certain operations. A local attacker could exploit this vulnerability to read confidential information (kernel memory) or gain administrative privileges. Users should take preventive measures as soon as possible.
IP Reputation Report-04052020
abril 9, 2020
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at April 05, 2020.
DDoS Attack Landscape 3
abril 8, 2020
DDoS Attack Type Analysis
Proportions of Different Attack Types
In 2019, most frequently seen attacks were UDP floods, SYN floods, and ACK floods, which together accounted for 82% of all DDoS attacks. By contrast, reflection attacks took up only 10%. Compared with 2018, reflection attacks rose slightly in number, but remained small in proportion. (mais…)
What’s New in NSFOCUS’s Anti-DDoS Solution in 2020
abril 7, 2020
If you are clueless about DDoS prevention in 2020 and do not understand why customers choose to adopt NSFOCUS’s anti-DDoS solution, you have to read the following contents carefully to find the answer. In 2020, ADS/NTA/ADS M V4.5R90F02 is about to be released with new functions which will enable you to win bids, upgrade your protection, and simplify your O&M. So, read on to find out what they can do for you. (mais…)
A Look into RSAC 2020: NSFOCUS’s Practices in Automated Security Orchestration and Response
abril 6, 2020
At RSA Conference Innovation Sandbox Contest 2020, SECURITI.ai was named “Most Innovative Startup”. The technical directions shown in this year’s contest covered external data representation (XDR), DevSecOps, and TVM+SOAR. Obviously, security operations are still one of the main directions that ignite the most efforts of innovation companies.
According to the topics talked about at RSAC 2020, security operations are shifting from security orchestration automation and response (SOAR) solutions to DevSevOps, which features end-to-end automation and streamlined processes, and have incorporated automated security processes (such as automated bug findings) into the security orchestration and response system to practice the concept of “automate as much as possible”. (mais…)
