The banking trojan “Shifu” was discovered by the IBM counter fraud platform in April, 2015. Built based on the Shiz source code, this trojan employs techniques adopted by multiple notorious trojans such as Zeus, Gozi, and Dridex.
Recently, some hacker organizations have turned their eyes to ransom attacks targeting certain products. As of last week, hacker organizations had taken control of and wiped data from at least 34,000 MongoDB databases, asking for a ransom to return the stolen files.
On November 27 (Sunday), at around 17:00 (local time), Deutsche Telekom was hit by a cyberattack, resulting in more than 900,000 routers getting disconnected, as confirmed by the company. The outage lasted several hours. Later, the problems continued on Monday morning from 08:00. Besides network access, the affected routers are used by Deutsche Telekom customers for fixed telephony and TV services.
In Q3, the global distributed denial-of-service (DDoS) attacks increased by 40%.
In Q3, a total of 71,416 DDoS attacks were detected, up 40% from Q2 (50,988).
With the robust development of the Internet of Things (IoT), more and more security issues are found with IoT devices. These imminent threats, especially those from network video surveillance systems (NVSSs) that account for a large majority of IoT devices, have drawn attention from security professionals from home and abroad. (In this paper, network video monitors (NVMs), web cameras, and digital video recorders (DVRs) are all referred to as NVSSs.)
On November 30, 2016, Mozilla Firefox released an emergency update on its official website to fix a vulnerability assigned CVE-2016-9079.
On November 15, 2016 (local time), legalhackers.com released an advisory about a privilege escalation vulnerability, assigned CVE-2016-1247, found in the Nginx server. Nginx web server packaging on Debian-based distributions, such as Debian or Ubuntu, was found to allow creating log directories with insecure permissions.
On October 31, 2016 (local time), Cisco Talos published three integer overflow vulnerabilities with the Memcached server on its official website http://www.talosintelligence.com.
On October 31, 2016 (local time), Cisco Talos published three integer overflow vulnerabilities with the Memcached server on its official website http://www.talosintelligence.com.
The memory subsystem of the Linux kernel contains a race condition in the way of handling the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could exploit this vulnerability to gain write access to otherwise read-only memory mappings, thus escalating his or her privileges on the system.
OpenSSH contains a memory exhaustion issue during key exchange. An unauthenticated client can increase the memory allocated to each connection on the server to 384 MB, by repeating the KEXINIT process. An attacker can exploit this vulnerability by initiating multiple connections, to exhaust memory resources of the server and therefore lead to a denial of service.
As shown in Figure 1, there are two folders. The loader folder, as its name implies, is a loader that creates servers and monitors the status of connections.