Analysis on Exposed IoT Assets in China

With the maturity of sensing, computing, and communication technologies, the Internet of Things (IoT) will be more and more widely used in various industries. Gartner, a market research agency, predicts that endpoints of the IoT will grow at a 33% CAGR from 2015 through 2020, reaching an installed base of 20.4 billion units, with almost two-thirds of them consumer applications. Spending on networked consumer and business endpoints will displace non-networked, growing at a 20% CAGR to $2.9 trillion. 阅读全文 “Analysis on Exposed IoT Assets in China” »

《工业控制系统信息安全防护指南》在核电数字化仪控系统的落地实施

随着我国国民经济的快速发展,环境日趋恶劣,能源供应正在成为制约我国经济、社会和环境发展的一个瓶颈,传统能源的外部性环境成本得到重视,我国能源结构向清洁低碳化倾斜,核电始终被寄予厚望。根据核电十三五规划,到2020年,我国核电将达到5800万千瓦在运,3000万千瓦在建的规模。 阅读全文 “《工业控制系统信息安全防护指南》在核电数字化仪控系统的落地实施” »

【威胁通告】内容管理系统Joomla! 3.7.0 SQL注入漏洞

当地时间5月17日(北京时间5月18日),内容管理系统(CMS)Joomla! 发布通告称修复了一个SQL注入漏洞(CVE-2017-8917)。该漏洞源于3.7.0版本新引入的“com_fields”组件,该组件无需验证,任何人均可访问使用。这意味着,攻击者可以通过直接访问受影响的网站来进行SQL注入攻击,获取密码哈希或者劫持用户的session从而有可能全面控制该网站。 阅读全文 “【威胁通告】内容管理系统Joomla! 3.7.0 SQL注入漏洞” »

Analysis Report on the WannaCry Sample

The sample exploits the ETERNALBLUE SMB vulnerability or DOUBLEPULSAR backdoor for propagation and infection of the ransomware. The sample first connects to the domain name http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, to test network connectivity. If the network is reachable, the sample exits; otherwise, the sample carries out subsequent behaviors. Therefore, a reachable domain name can be registered to stop further attacks. 阅读全文 “Analysis Report on the WannaCry Sample” »