2019 Cybersecurity Insights -14
agosto 5, 2020
Malware Threats from Mobile Platforms
Nowadays, smartphones are ubiquitous. Android, as a widely used mobile operating system, is vulnerable to an increasing large number of malware families owing to its openness and privilege issues. Such malware can even be spread via legal channels, including Google Store.
(mais…)Multiple Cisco Vulnerabilities Threat Alert 2020
agosto 4, 2020
Overview
On July 15, 2020 local time, Cisco released security advisories to address vulnerabilities across multiple products, including five Critical vulnerabilities with a CVSS base score of 9.8 (CVE-2020-3330, CVE-2020-3323, CVE-2020-3144, CVE-2020-3331, and CVE-2020-3140).
Reference link:
Botnet Trend Report -4
agosto 3, 2020
In the reconnaissance phase, a bad actor can determine which targets to attack through batch scanning. Such scanning is often focused on user names and passwords for access to and vulnerabilities in devices. Besides, an attacker may try to compromise targets by delivering malicious baits to their email addresses collected previously.
(mais…)Oracle July 2020 Critical Patch Update for All Product Families Threat Alert
julho 31, 2020
Overview
On July 14, 2020 local time, Oracle released its July 2020 Critical Patch Update (CPU), its own security advisories, and third-party security bulletins, which fix 443 vulnerabilities of varying severity levels. For details about affected products and available patches, see the appendix.
(mais…)IP Reputation Report-07262020
julho 30, 2020
1.Top 10 countries in attack counts:
The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 26, 2020.
(mais…)2019 Cybersecurity Insights -13
julho 29, 2020
Cryptojacking Malware
In 2019, the pickup in cryptocurrency prices led to an increase in the number of cryptojacking malware families. Of all these families, Monero mining trojans still took a dominant place. EternalBlue and weak password cracking were the major methods for ransomware families to compromise large enterprises in financial and telecom sectors and spread themselves. At the same time, to defeat detection devices, cryptojacking malware families have been constantly upgraded to evolve into more variants that feature better stealth and a modular design.
(mais…)Alert: Digi Devices Affected by Ripple20 Can Be Used in Reflection Attacks
julho 28, 2020
Executive Summary
In recent years, more and more protocols that may cause UDP reflection attacks have come into our sight, such as CoAP[1], Ubiquiti[2], WS-Discovery[3], OpenVPN[4], and a certain DVR protocol[5]. These attack patterns are different from DNS, SSDP, NTP, Memcached, and other reflection attacks that are well familiar to us, posing certain challenges to distributed denial-of-service (DDoS) attack protection.
In June 2020, JSOF, an Israel-based cybersecurity company, revealed that 0-day vulnerabilities in the Treck TCP/IP protocol stack might affect hundreds of millions of devices globally. After analyzing the published whitepapers, we find that the devices produced by Digi, one of the affected vendors, use the Advanced Digi Discovery Protocol (ADDP) for device discovery. ADDP uses 224.0.5.128 as a multicast address and 2362 as its port. But during implementation, ADDP also supports unicast. Besides, it is possible to spoof source IP addresses of UDP packets. Therefore, Digi devices are at risk of being used for reflection attacks.
(mais…)Botnet Trend Report -3
julho 27, 2020
Botnets can pose a variety of cyber threats. NSFOCUS Security Labs has been focused on the capture, track, and study of botnet-related threats. In 2019, the Labs further upgraded its capturing and tracking techniques and capabilities and expanded its scope of interest to cover more diverse threats, including cryptojacking, ransomware attacks, data theft by banking Trojans, and adware bundling. Besides, the Labs took up research on mobile platforms, which were quite a mess in terms of security.
(mais…)Adobe July 2020 Security Updates Threat Alert
julho 26, 2020
Overview
On July 14, 2020 local time, Adobe released its July security updates to fix multiple vulnerabilities in its various products, including Adobe Creative Cloud Desktop Application, Adobe Media Encoder, Adobe Genuine Service, Adobe ColdFusion, and Adobe Download Manager.
(mais…)Microsoft’s July 2020 Patches Fix 124 Security Vulnerabilities Threat Alert
julho 25, 2020
Overview
Microsoft released July 2020 security updates on Tuesday that fix 124 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Azure DevOps, Internet Explorer, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Malware Protection Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft OneDrive, Microsoft Scripting Engine, Microsoft Windows, Open Source Software, Skype for Business, Visual Studio, Windows Hyper-V, Windows IIS, Windows Kernel, Windows Shell, Windows Subsystem for Linux, Windows Update Stack, and Windows WalletService.
(mais…)