AISecOps Technology and System

novembro 3, 2021 | Jie Ji

Core Connotations Literally, AISecOps is composed of three core technologies, i.e. AIOps, AISec, and SecOps. AISec-enabled technology fusion brings new expectations to the industry. Both AI security and AI-based security applications have become hot topics in academia and industry. AI has been successfully applied in multiple single-point security technologies and specified scenarios, such as malware […]

Microsoft October Security Updates for Multiple High-Risk Product Vulnerabilities

outubro 27, 2021 | Jie Ji

Overview According to NSFOCUS CERT’s monitoring, Microsoft released October Security Updates on October 13 to fix 81 vulnerabilities, including high-risk vulnerabilities like privilege escalation and remote code execution, in widely used products like Windows, Microsoft Office, Microsoft Visual Studio, and Exchange Server. This month’s security updates fix 3 critical vulnerabilities and 70 important ones, including […]

VMware vCenter Server Multiple High-Risk Vulnerabilities Threat Alert

outubro 22, 2021 | Jie Ji

Overview According to NSFOCUS CERT’s monitoring, VMware’s official security advisory, disclosing multiple vulnerabilities in VMware vCenter Server on September 22. Those issues allow attackers to cause information disclosure, privilege promotion and remote code execution. Now VMware has released security updates to fix the vulnerabilities. Affected users are advised to take measures for protection. vCenter Server […]

SecOps Development: Brief History, Outlook and Challenges

outubro 20, 2021 | Jie Ji

With the boom of the global digital economy, cybersecurity is converging with the Internet of Things (IoT), industrial Internet, cloud computing, and 5G, bringing about disruptive changes to security in various aspects, including traditional physical security, biological security, public security, and national security. Meanwhile, the attack surface keeps expanding in cyberspace as malicious attackers, larger […]

XStream Multiple High-Risk Vulnerabilities Threat Alert

outubro 15, 2021 | Jie Ji

Overview Recently, NSFOCUS found that XStream released security advisories disclosing 14 security vulnerabilities in its products. An attacker could exploit these vulnerabilities to conduct a DoS, server-side request forgery (SSRF), or remote code execution (RCE) attack. XStream is a tool to serialize Java objects to XML and back again. When serializing JavaBeans or deserializing XML […]

Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444) Threat Alert

outubro 12, 2021 | Jie Ji

Overview On September 8, Beijing time, NSFOCUS CERT found that Microsoft released a security bulletin to disclose a remote code execution vulnerability (CVE-2021-40444) in Microsoft MSHTML. Attackers could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine, and convince the user to open a malicious […]

Attack Path Visualization in Security Operations

outubro 7, 2021 | Jie Ji

Cyberattacks are becoming increasingly sophisticated, usually involving multiple steps. This necessitates corresponding protections. Attack path analysis is a process of analyzing detected attacks from the network attributes, alerts, vulnerabilities, and assets, finding out the attack logic, and identifying attack paths. Such analysis can inform security operations personnel in their event and risk analysis so that […]

Atlassian Confluence Remote Code Execution Vulnerability (CVE-2021-26084) Threat Alert

outubro 4, 2021 | Jie Ji

Overview Recently, NSFOCUS CERT found that Atlassian released a security bulletin to announce the fix of the Confluence Server Webwork OGNL Injection Vulnerability (CVE-2021-26084). This vulnerability allows an authenticated attacker, and in some instances, an unauthenticated user, to execute arbitrary code on Confluence Server or Data Center by injecting a crafted OGNL expression. This vulnerability […]

How to Analyze Security Alarms (1): A Perspective into Data

setembro 30, 2021 | Jie Ji

In today’s business security operations, the tide of security information and event management (SIEM) is on the ebb. Many enterprises have established the security operations center (SOC) and collected massive security data. But how to make use of and analyze such data remains a problem to be resolved. Data, after being collected, is usually stored, […]

Insights into Ransomware Spread Using Exchange 1-Day Vulnerabilities 2-2

setembro 27, 2021 | Jie Ji

Analysis of the Kill Chain of the LockFile Ransomware Group KDU Tool Terminating Multiple Antivirus Processes The attacker renames the KDU tool (open-source Windows driver loader implementing DSG bypass via an exploit) autologin, copies the related program to the temporary directory, and loads and executes the designated driver file to execute code with kernel privileges […]