IDNIC (Indonesia Network Information Center)’s Training Series workshop

agosto 31, 2023

IDNIC, Aug 29-30, 2023, Aston Lampung City Hotel, Indonesia. NSFOCUS team attended IDNIC (Indonesia Network Information Center)‘s Training Series workshop in the Aston Lampung City Hotel. Together we had a fruitful discussion about BGP, Information Security, DNS and IPv6.

APT34 Unleashes New Wave of Phishing Attack with Variant of SideTwist Trojan

agosto 30, 2023

Recently, NSFOCUS Security Labs captured a new APT34 phishing attack. During the campaign, APT34 attackers disguised as a marketing services company called GGMS launched attacks against enterprise targets and released a variant of SideTwist Trojan to achieve long-term control of the victim host. Introduction to APT34 APT34, also known as OilRig or Helix Kitten, is […]

Introduction to ADS’s HTTP Keyword Checking Policy

agosto 29, 2023

HTTP Keyword Checking is a process by which ADS controls HTTP traffic through the ADS device. In addition, ADS takes a specific action (Accept, Drop, Disconnect, Add to blacklist, Add to whitelist, or Limit rate) as configured on passing packets whose source IP address and specific fields match the HTTP Keyword Checking rule. HTTP Keyword […]

Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors

agosto 29, 2023

In offensive and defensive exercises, attackers will use various attack methods to maximize their objectives, including not only common attack methods but also complex attacks. Phishing email is popular among attackers as the most commonly used and low-cost attack method. Attackers typically use a variety of techniques and deception to send emails with malicious attachments […]

Workshop – Empowering Your Organization with Cybersecurity

agosto 18, 2023

Empowering Your Organization with Cybersecurity, Aug 17, 2023, Thailand. NSFOCUS Thailand team joined the partner event organized by Ingram Micro, introducing our product portfolio. With the increasing threats of #cyberattacks, more and more organizations recognized the need to implement a robust and reliable solution to protect the network from disruption.

Path Traversal Attack Protection

agosto 18, 2023

A path traversal attack, or directory traversal, aims to access files and directories stored outside the web root folder. When the server does not check the user input strictly, by manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary […]

From Ripples to Waves: The Swift Evolution of the “Boat” Botnet

agosto 18, 2023

The botnet family “Boat” was first discovered by NSFOCUS Security Labs in June 2022. Its name comes from the fact that malicious samples in its early versions propagate with the file name “boat”. At the same time, since some malicious samples in later versions of this family retain symbolic information and there are a large […]

How to Achieve Sensitive Data Unlearning for Machine Learning Models?

agosto 11, 2023

As machine learning is increasingly used in data analysis in cybersecurity, there is a risk of privacy disclosure to some extent if models inadvertently capture sensitive information from training data. Since training data will exist in the model parameters for a long time, it is possible to directly output training samples if some data with […]

Blacklist Function Optimization on ADS R90F03

agosto 11, 2023

ADS R90F03 refactors the blacklist function. You can configure group-specific blacklist rules, and blacklists of different groups take effect independently. Besides, you can use a global blacklist to make related rules and blocked addresses take effect for all groups. Blacklist Introduction on ADS The blacklist function in ADS before R90F03 has the following features: ADS […]

KmsdBot: A Customized Botnet Family with DDoS and Mining Capabilities

Uma imagem que ilustra um hacker mexendo em um notebook.

agosto 7, 2023

I. Overview NSFOCUS Security Labs recently detected that a new botnet family KmsdBot, which combines DDoS and mining functions, has become active again. Attackers continue to replace C&C infrastructure and update Trojan versions. Compared with the traditional botnet-like family, KmsdBot adopts a brand-new architecture and is developed in the Go programming language. The simplicity, high […]


Inscreva-se no Blog da NSFOCUS