Blog

Why only have the Gi-FW and GTP inspection isn’t enough for 5G security?

junho 18, 2021 | Jie Ji

Written By: Bruno CarvalhoSystem Engineer UK & Western Europe Firstly, to become this information clearer is interesting to answer the question…What is GPRS Tunneling Protocol (GTP)? GPRS Tunneling Protocol (GTP) is a 2.5G technology that provides interconnection between various network interfaces, enabling mobile users to roam seamlessly between networks of different generations. The GTP protocol […]

Microsoft’s June 2021 Security Updates Fix Multiple Products’ High-Risk Vulnerabilities

junho 16, 2021 | Jie Ji

Overview According to NSFOCUS CERT’s monitoring, Microsoft released June 2021 Security Updates on June 9 to fix 50 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, Microsoft Edge, Visual Studio, and SharePoint Server. In the vulnerabilities fixed by this month’s security updates, there are five critical […]

NSFOCUS Protected an IDC Customer Against Volumetric Mixed DDoS Attacks

junho 11, 2021 | Jie Ji

ABOUT CUSTOMER Based in APAC, company A provides comprehensive IDC services for the world’s top 500 as well as many small and medium enterprises. Other than server rental and hosting, company A also cooperates with NSFOCUS to provide server rental service with advanced protection against DDoS attacks. The investment in DDoS protection not only protects […]

Microsoft’s May 2021 Security Updates Fix Multiple Products’ High-Risk Vulnerabilities

junho 7, 2021 | Jie Ji

Overview On May 12, 2021, Microsoft released May 2021 Security Updates to fix 55 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Microsoft Windows, Office, Exchange Server, Visual Studio Code, and Internet Explorer. In the vulnerabilities fixed by this month’s security updates, there are four critical vulnerabilities and 50 […]

VMware VCenter Server Remote Code Execution Vulnerability (CVE-2021-21985) Threat Alert

junho 4, 2021 | Jie Ji

Vulnerability Description On May 26, NSFOCUS CERT discovered that VMware released a security advisory that announces mitigation of the VMware vCenter Server remote code execution vulnerability (CVE-2021-21985) and vCenter Server plug-in authentication bypass vulnerability (CVE-2021-21986). The Virtual SAN Check plug-in in vCenter Server lacks input validation, allowing attackers who have accessed vSphere Client (HTML5) through […]

Speech by Wenmao Liu of NSFOCUS: Research on New Vectors of UDP-based DDoS Amplification Attacks of IoT

junho 2, 2021 | Jie Ji

As the world’s largest cybersecurity industry conference, the RSA Conference held its 30th annual event in 2021. It has been a driving force behind sharing, innovation, and progress in the global cybersecurity community. NSFOCUS stood out at the RSA Conference 2021 by making a debut on the conference speech podium as a Chinese security vendor. […]

2020 DDoS Attack Landscape Report – 2

maio 31, 2021 | Jie Ji

Key Findings – 2 The Bandwidth of DDoS attacks in 5G Environments Grew Steadily. Small and Medium-sized Attacks Overtook Small Attacks to Become the Mainstream Over the five-year period from 2016 to 2020, the average peak size of DDoS attacks rose to a new level since the latter half of 2018 despite obvious fluctuations. Of […]

Analysis of the SBIDIOT IoT Malware

maio 21, 2021 | Jie Ji

Produced by: Yuchen PAN Introduction Recently, an IoT malware sample dubbed SBIDIOT is found to engage in malicious activities, mainly distributed denial of service (DDoS) attacks. So far, very few incidents of this malware have been discovered by VirusTotal and cybersecurity communities. Though some IoT botnets focus on cryptocurrency mining or fraud activities, SBIDIOT-related botnets […]

Oracle April 2021 Critical Patch Update for All Product Families

maio 17, 2021 | Jie Ji

Vulnerability Description On April 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 400 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle strongly recommends users fix these […]

A Look into the Colonial Pipeline Hack by DarkSide on CII and Countermeasures

maio 13, 2021 | Jie Ji

Background On May 7, 2021, local time, Colonial Pipeline, the largest fuel pipeline operator in the USA, was forced to shut down its critical fuel network serving states on the US East Coast after being hit by a ransomware attack. This ransomware attack had fuel supply halted across three regions, affecting 17 states. On May […]