Overview In the distributed denial-of-service (DDoS) botnet activities in 2020 H1, most were from Mirai, Gafgyt, and other major families. In 2020 H1, DDoS attack means were dominated by UDP floods, CC, and TCP floods. In 2020 H1, Hostwinds, Digital Ocean, and OVH were the major hosted cloud service providers of C&C servers. We predict […]

Vulnerability Description Recently, IBM released a security bulletin to announce the fix of an XML external entity injection (XXE) vulnerability (CVE-2020-4643) on WebSphere Application Server (WAS). Since WAS fails to properly process XML data, a remote attacker could exploit this vulnerability to obtain sensitive information on the server. The NSFOCUS security research team reported CVE-2020-4643 […]

The artificial intelligence (AI) technology based on deep neural networks has made breakthroughs in a wide range of fields, but only seen limited adoption in cybersecurity. At present, it is impractical to expect a hierarchical neural network to implement threat identification, association, and response from end to end. According to Zhou Tao, an algorithm expert, […]

New Trends of APT Groups Here are three trends that shaped APT groups in 2019: Firstly, mobile devices became common constituents of the attack surface. In 2019, MuddyWater developed malicious files against Android platforms, heading towards mobile devices. Google’s Project Zero team revealed five exploit chains deployed in the wild to attack iOS systems and […]

Vulnerability Description On September 15, 2020, NSFOCUS detected that IBM released a security bulletin, which fixed directory traversal and arbitrary code execution vulnerabilities (CVE-2020-4711, CVE-2020-4703) in IBM Spectrum Protect Plus Administrative Console. The directory traversal vulnerability (CVE-2020-4711) exists in a script (/opt/ECX/tools/scripts/restore_wrapper.sh) within Spectrum Protect Plus. An unauthenticated attacker could send a crafted HTTP request […]

DHDiscover reflection attack analysis In this chapter, we’ll demonstrate the threat status quo of DHDiscover reflection attack after referring to log data captured by the NSFOCUS Threat Capture System[AZ1]  from June 1, 2020 to August 18, 2020 at the port 37810. We analyzed the number of logs at the port 37810 as shown in the […]

GovWare Virtual Conference and Exhibition October 7-8, 2020 Virtual Event

Vulnerability Description Recently, NSFOCUS detected that security personnel disclosed the procedure for exploiting the Microsoft Exchange Server remote code execution vulnerability (CVE-2020-16875) online. The vulnerability was made public by Microsoft in its September 2020 Security Updates. A remote code execution vulnerability exists in the way that Microsoft Exchange Server handles objects in memory. The prerequisite […]

Mirai At present, Mirai is among the biggest IoT botnet families which have the most variants and infect the most devices to impose the most extensive impact. In 2019, NSFOCUS Security Labs captured 10,635 Mirai samples in total (excluding the repetitive malware arising from cross compilation), identified 1660 C&C addresses, and detected more than 40 […]