2021 - Página 9 de 20

Ransomware concept with locked padlock and chains.

A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 2

Por Jie JiPostou 20 de julho de 2021

2. Encrypter: DP_Main 2.2 Self Copy and Automatic Running at Startup The program copies itself to %APPDATA%/DP/DP_Main.exe, and modifies the registry for automatic running at startup. 2.3 Deletion of Volume Shadow Backups The program uses CMD command parameters to delete volume shadow backups. 2.4 Upload of Encryption Information After obtaining...

A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 1

Por Jie JiPostou 16 de julho de 2021

Event Overview Recently, NSFOCUS CERT, through ongoing monitoring, found that the source code of the Paradise ransomware was leaked. Since data encrypted by Paradise cannot be decrypted now, the source code, if widely spread over the Internet, may cause a lot of trouble. Paradise had its source code leaked on...

Command prompt window displaying system information.

Windows Print Spooler RCE Vulnerabilities (CVE-2021-1675/CVE-2021-34527) Mitigation Guide

Por Jie JiPostou 13 de julho de 2021

Overview On July 7, 2021, Beijing time, Microsoft released a security patch on the PrintNightmare vulnerability (CVE-2021-34527). NSFOCUS CERT recommends that users install this patch as soon as possible. On June 29, NSFOCUS CERT found that a security researcher published an exploit of the Windows Print Spooler remote code execution...

2020 DDoS attack landscape report cover.

2020 DDoS Attack Landscape Report – 4

Por Jie JiPostou 8 de julho de 2021

Key Findings - 5 The Number of DDoS Attacks on Healthcare, Education, and Government Sectors Increased Significantly During the COVID-19 Pandemic The healthcare sector suffered more DDoS attacks during the COVID-19 pandemic than previous years. According to statistics2, the number of attacks in each month in 2020 H2 increased year...

DDoS attack illustration with three missiles.

Case Study: A 400G DDoS Attack Event Captured By NSFOCUS in Hong Kong S.A.R.

Por Jie JiPostou 6 de julho de 2021

Event look back A NSFOCUS Cloud DPS customer with their servers located in Hong Kong SAR has encountered a series of mass DDoS attacks lasted for four (4) days, from June 20th to 24th. The attackers managed to create serval spikes including the biggest one reaching 399.2 Gbps and followed...

Recommendations on Protection Against Random Subdomain Attacks

Por Jie JiPostou 2 de julho de 2021

What is a Random Subdomain Attack? A Random subdomain attack is also known as a pseudo-random subdomain (PRSD) attack due to the use of pseudo-random algorithms. A PRSD attack is an approach of double attack against both DNS caching servers of Internet service providers (ISPs) and local authoritative servers of...