NSFOCUS

NSFOCUS’s Presence at Botconf 2018

December 17, 2018

On December 7, 2018 security experts from NSFOCUS Fu Ying Labs delivered a speech at Botconf 2018, presenting WASM security threat analysis technologies with researchers from security firms, media personnel, and security practitioners from CERTs (Computer Emergency Response Teams) of various countries. Their striking insights were highly accepted and acknowledged by the international security industry. […]

Satan Variant Analysis & Handling Guide

December 6, 2018

1 Background

In early November 2018, NSFOCUS discovered that some of its financial customers had been infected with a worm virus FT.exe that could affect both Linux and Windows platforms. Like the ransomware Satan, the virus spreads itself by exploiting multiple application vulnerabilities. However, this virus, after breaking into the system, does not do anything obviously damaging, but only spreads itself.

At the end of Novemb (more…)

NSFOCUS Present at the CS3STHLM Summit as the Only Asia-Pacific Security Vendor

November 12, 2018

On October 24, 2018, the CS3STHLM industrial cyber security & Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems (“the Stockholm summit”) kicked off in Sweden for the fifth consecutive year,  bringing together cybersecurity experts worldwide. NSFOCUS, as the only participating security vendor from Asia-Pacific, delivered a speech titled Attacking PLCs by PLC in Deep, sharing the company’s security research experience in the industrial control system (ICS) realm. (more…)

Cisco ASA Security Product Denial-of-Service Vulnerability (CVE-2018-15454) Threat Alert

November 12, 2018

  1. Vulnerability Overview

Recently, Cisco officially released a security advisory to fix the denial-of-service (DoS) vulnerability (CVE-2018-15454) in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability exists in the Session Initiation Protocol (SIP) inspection engine used by Cisco ASA and FTD. An unauthorized attacker could exploit this vulnerability remotely to cause an affected device to reload or trigger a high CPU usage, causing a denial of service to the device. (more…)

FreeRTOS Multiple Remote Code Execution Vulnerabilities Threat Alert

October 25, 2018

Overview

Recently, researchers from Zimperium disclosed 13 critical vulnerabilities in FreeRTOS, including four remote code execution vulnerabilities. (more…)

Drupal Remote Code Execution Vulnerability Threat Alert

October 24, 2018

Overview

Recently, Drupal released an official security advisory to announce the fixes for multiple security issues, including two critical remote code execution vulnerabilities which affect Drupal 7 and 8.

The two critical vulnerabilities are described as follows: (more…)

libssh Server-Side Identity Authentication Bypass Vulnerability (CVE-2018-10933)Threat Alert

October 23, 2018

Overview

On October 16, local time, libssh officially released an update to fix the server-side identity authentication bypass vulnerability (CVE-2018-10933) existing in libssh 0.6 and later versions. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials. (more…)

WebLogic Remote Code Execution Vulnerability(CVE-2018-3191)Threat Alert

October 23, 2018

Overview

On October 17, Beijing time, Oracle officially released a Critical Patch Update (CPU), which contains a fix for the critical WebLogic remote code execution vulnerability (CVE-2018-3191). This vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle WebLogic Server. Successful exploitation of it can result in takeover of Oracle WebLogic Server, hence remote code execution.

(more…)

XBash Malware Security Advisory

October 18, 2018

On September 17, 2018, Unit42 researchers published an analysis of a new malware family XBash on its official blog. According to them, XBash was developed by the Iron Group, a cybercrime organization that has been active since 2016. The malware was named XBash based on the name of the malicious code’s original main module. XBash combines functions of ransomware, coinminers, botnets, and worms to target Linux and Microsoft Windows servers. (more…)

Doing It Better

January 21, 2016

Track:  Technical

Author: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS

arrow-945254_1920

Flying at 40,000 feet above the ground always gives one a sense of clarity.  Looking down on the world from such a height can make a person feel somewhat insignificant.  However, my trip today is very noteworthy.  I will be landing in Las Vegas in a few hours and the next four days will be filled with excitement, entertainment, and education.  I am not going to Vegas for the adult playground activities like many of my fellow passengers.  I am going there to attend the most exciting event of my career; the 2016 Sales Kickoff for a widely-unknown company in the U.S. called NSFOCUS IB. (more…)