Since May 12, 2017, WannaCry has spread on a massive scale around the world, causing significant impacts. Therefore, security firms start to analyze and prevent the spread of this ransomware. Technical personnel of NSFOCUS also analyzed the sample immediately and released a detailed analysis report. 阅读全文 “Traceback Analysis of WannaCry Ransomware” »
The sample exploits the ETERNALBLUE SMB vulnerability or DOUBLEPULSAR backdoor for propagation and infection of the ransomware. The sample first connects to the domain name http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, to test network connectivity. If the network is reachable, the sample exits; otherwise, the sample carries out subsequent behaviors. Therefore, a reachable domain name can be registered to stop further attacks. 阅读全文 “Analysis Report on the WannaCry Sample” »
拿到wannaCry蠕虫病毒，其原理的分析，这里再不重复，可以参考freebuf发的逆向分析报告http://www.freebuf.com/articles/system/134578.html这里就不再重复测试。 阅读全文 “wannaCry(想哭)蠕虫病毒查杀及善后应急方案” »
In this report, we present a multi-dimensional analysis of DDoS attack data and botnet data and summarize and analyze typical attack events in 2016, revealing threats of DDoS attacks and the overall threat trend in 2016.
Ukrenergo, a major energy provider in Ukraine, experienced a power failure on the night of December 17, 2016, which involved the automatic control system of the “North” substation in New Petrivtsi close to Kiev. The blackout affected the northern part of Kiev, the country’s capital, and surrounding areas. 阅读全文 “Power Outage Caused by the Cyber Attack on Ukrenergo Technical Analysis and Solution” »
The banking trojan “Shifu” was discovered by the IBM counter fraud platform in April, 2015. Built based on the Shiz source code, this trojan employs techniques adopted by multiple notorious trojans such as Zeus, Gozi, and Dridex. 阅读全文 ““Shifu” Banking Trojan Technical Analysis and Solution” »
随着互联网企业的迅猛发展，其自身核心业务安全性的不断提升和行业监管力度的不断加强，如何应对与日俱增的内部需求和外部驱动，本文分析了互联网企业面临的安全威胁及合规监管，以及业内现有的针对该行业的安全建设内容，然后提出了我们基于三级等保的互联网企业信息安全建设思路，从整体上发现并解决互联网行业的安全问题。 阅读全文 “互联网企业的等级保护建设之路” »
On November 15, 2016 (local time), legalhackers.com released an advisory about a privilege escalation vulnerability, assigned CVE-2016-1247, found in the Nginx server. Nginx web server packaging on Debian-based distributions, such as Debian or Ubuntu, was found to allow creating log directories with insecure permissions. 阅读全文 “Nginx Local Privilege Escalation Vulnerability Technical Analysis and Solution” »