XBash Malware Security Advisory
outubro 18, 2018
On September 17, 2018, Unit42 researchers published an analysis of a new malware family XBash on its official blog. According to them, XBash was developed by the Iron Group, a cybercrime organization that has been active since 2016. The malware was named XBash based on the name of the malicious code’s original main module. XBash combines functions of ransomware, coinminers, botnets, and worms to target Linux and Microsoft Windows servers. (mais…)
Git RCE Vulnerability (CVE-2018-17456)Security Advisory
outubro 17, 2018
1 Vulnerability Overview
Recently, the Git project disclosed CVE-2018-17456, a vulnerability in Git that can cause arbitrary code execution when a user clones a malicious repository. An attacker can take control of a target host by exploiting this vulnerability and at the same time using social engineering methods such as phishing. Git encourages all users to update their clients to protect themselves. (mais…)
NuggetPhantom Analysis Report
outubro 12, 2018
1.1 Executive Summary
In a recent emergency response activity, NSFOCUS Threat Intelligence center (NTI) discovered a security event that featured NuggetPhantom, a modularized malware toolkit. According to our observation, the organization behind this event made its debut at the end of 2016 in the blue screen of death (BSOD) event that targeted Tianyi Campus clients, and was again involved in another security event that leveraged Tianyi Campus clients to mine cryptocurrency at the end of 2017. (mais…)
Thoughts on the Application of the Micro Honeypot System in the Financial Sector
outubro 11, 2018
Overview
According to the Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities released by Gartner in 2015, “Deception technologies are defined by the use of deceit and/or feints designed to thwart or throw off an attacker’s cognitive processes, disrupt an attacker’s automation tools, delay an attacker’s activities or disrupt breach progression. Deceptions are achieved through use of deceitful responses, purposeful obfuscations, feints, misdirections and other falsehoods.” Gartner also predicted the market of deception-based security defense technologies, saying that 10 percent of enterprises will use deception tools or tactics to counter cyberattacks by 2018. (mais…)
Telecom Exchange LA 2018
outubro 8, 2018
Telecom Exchange LA 2018 November 6-7, 2018 Kimpton Hotel Palomar Los Angeles Beverly Hills
An Analysis of Qbot Variants in the Wild
outubro 1, 2018
Overview Since their source code was publicly released on GitHub, Mirai and Qbot have wreaked havoc on the Internet of things (IoT). Before such public release, Mirai had been found to have adversarial behavior against Qbot in its infection process. Recently, the research team of NSFOCUS Threat Intelligence center (NTI) captured the first Qbot variant […]
Xbash Malware Combines Many Malicious Functions in Worm
setembro 30, 2018
Unit 42, a research team of Palo Alto Networks found a new malware family this month and named it Xbash. This new malware combines ransomware, coinming, botnet, and worm features and targets Linux and Windows mainly. Xbash is developed in Python and was then converted into self-contained Linux ELF executables by abusing the legitimate tool […]
Cisco Released Semi-annual Security Updates for IOS and IOS XE
setembro 30, 2018
Cisco has released bundles of Cisco IOS and IOS XE software security advisories on September 26, 2018. The release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 13 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. One of the advisories describes a vulnerability that also exists in Cisco […]
Rockwell Automation Buffer Overflow Vulnerability
setembro 26, 2018
Recently Rockwell Automation fixed a critical vulnerability (CVE-2018-14829) found in its RSLinx Classic, a software platform that allows Logix 5000 Programmable Automation Controllers to connect to a wide variety of Rockwell Software applications. A remote attacker could make the device being accessed stop responding and crash by sending a malicious CIP packet to Port 44818. […]
NSFOCUS Introduces All-in-One Cloud Security Service for Regional Service Providers
setembro 20, 2018
SANTA CLARA, Calif., September 20, 2018 – NSFOCUS, a leader in holistic hybrid security solutions, announced today its newest cloud security service, Cloud-in-a-Box (CiaB), designed specifically for local and regional service providers across the globe. CiaB enables service providers to quickly deploy cloud security services with minimal expertise and without the upfront costs typically associated […]
