Jie Ji

Samba Remote Code Execution Vulnerability (CVE-2021-44142)

fevereiro 14, 2022

Overview Recently, NSFOCUS CERT detected a Samba remote code execution vulnerability (CVE-2021-44142) disclosed online. Because the default configuration of Samba’s vfs_fruit module allows out-of-bounds heap read and write through extended file attributes. When smbd parses EA metadata, a remote attacker (guest account or unauthorized user) with write access to the file’s extended attributes can execute […]

Russian APT Group Gamaredon Launches Phishing Campaign against Ukrainian Ministry of Foreign Affairs

fevereiro 10, 2022

Recently, NSFOCUS Security Labs captured a fishing document with the theme “ПАРТНЕРИ КУЛЬТУРНОЇ ДИПЛОМАТІЇ МЗС УКРАЇНИ” (Cultural Diplomatic Partner of the Ukrainian Ministry of Foreign Affairs), and confirmed that the producer of the document was Gamaredon, a Russia-based advanced persistent threat group. The phishing document contains highly credible bait content, and uses a payload protection method […]

APT Retrospection: Lorec53, An Active Russian Hack Group Launched Phishing Attacks Against Georgian Government

fevereiro 8, 2022

Summary In July 2021, several phishing documents created in Georgian were discovered by NSFOCUS Security Labs. In these phishing documents, the attackers used current political hotspots in Georgia to create bait and deliver a secret stealing Trojan to specifically targeted victims aiming to steal various documents from their computers. Correlation analysis shows that this phishing […]

Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034)

fevereiro 5, 2022

Overview On January 26, NSFOCUS CERT detected that the Qualys research team publicly disclosed a privilege escalation vulnerability (CVE-2021-4034) found in Polkit’s pkexec, also known as PwnKit. The vulnerability is due to the inability of pkexec to properly process the call parameters, thereby executing the environment variable as a command. An attacker with arbitrary user […]

APT Retrospection: FIN7 Uses Windows 11 Topics as Bait to Do Spear Phishing Attacks

fevereiro 3, 2022

Overview In July 2021, NSFOCUS Security Labs captured a number of phishing documents using windows 11 related topics as bait. These phishing documents show some ideas and techniques that are different from common phishing attacks. Through in-depth analysis, NSFOCUS Security Labs found that the phishing files are part of a large-scale spear attacks being carried out by […]

SASE Popular Science Series – Understanding SD-WAN

fevereiro 1, 2022

SASE (Security Access Services Edge) is a SaaS service that integrates security and network (To learn about what the SASE is, read SASE, Born for Digital Age). It incorporates too many new concepts. To make it easier to understand, we decided to post the popular science series on SASE, which can simplify the concepts so […]

NSFOCUS Releases 2021 Global DDoS Attack Landscape Report

janeiro 29, 2022

MILPITAS, Calif. – January 28, 2022 – NSFOCUS, a leader in holistic hybrid security solutions, today released the 2021 Global DDoS Attack Landscape, a joint report by working with Tencent, which found that DDoS attacks have entered terabit era with the largest DDoS traffic peaked at 2.4 Tbps (or 3.25 Tbps according the latest news from […]

DDoS Attacks Have Entered Terabit Era

janeiro 29, 2022

MILPITAS, Calif. – January 28, 2022 – NSFOCUS, a leader in holistic hybrid security solutions, today released the 2021 Global DDoS Attack Landscape, a joint report by working with Tencent, which found that DDoS attacks have entered the terabit era with the largest DDoS traffic peaked at 2.4 Tbps (or 3.25 Tbps according the latest news […]

HTTP Stack Remote Code Execution Vulnerability (CVE-2022-21907) Alert

janeiro 28, 2022

Overview On January 12, NSFOCUS CERT detected that Microsoft released a monthly security update, which fixed an HTTP protocol stack remote code execution vulnerability (CVE-2022-21907). A buffer overflow can occur due to a boundary error in the HTTP Trailer Support feature in the HTTP stack (HTTP.sys). An unauthenticated attacker can execute arbitrary code on a […]

Apache log4j Deserialization and SQL Injection Vulnerability (CVE-2022-23302/CVE-2022-23305/CVE-2022-23307) Alert

janeiro 26, 2022

Overview On January 19, NSFOCUS CERT detected that Apache released a security bulletin that disclosed three Log4j vulnerabilities, all of which affected the Apache Log4j 1.x version, and the official support and maintenance are no longer available. Please take measures as soon as possible to protect the relevant users. Apache log4j JMSSink Deserialization Code Execution […]

Search

Inscreva-se no Blog da NSFOCUS