绿盟科技互联网安全威胁周报NSFOCUS-2019-30
FreeBSD r343786之前和r338618之后的11.2-STABLE版本,r343781之前的12.0-STABLE版本,以及12.0-RELEASE-p3之前的12.0-RELEASE版本中存在本地权限提升漏洞,该漏洞源于UNIX域套接字的引用计数实现中的一个错误,它可能导致错误释放文件结构。
绿盟科技互联网安全威胁周报NSFOCUS -2019-28
截止到2019年7月12日,绿盟科技漏洞库已收录总条目达到43709条。本周新增漏洞记录46条,其中高危漏洞数量24条,中危漏洞数量21条,低危漏洞数量1条。
Apache Solr中存在反序列化远程代码执行漏洞,该漏洞源于5.0.0到5.5.5和6.0.0到6.6.5版本中,Config API允许通过HTTP POST请求配置JMX服务器。
绿盟科技互联网安全威胁周报NSFOCUS -2019-27
截止到2019年7月5日,绿盟科技漏洞库已收录总条目达到43663条。本周新增漏洞记录46条,其中高危漏洞数量26条,中危漏洞数量19条,低危漏洞数量1条。在Apache HTTP Server 2.4版本2.4.37和2.4.38中,当使用TLSv1.3进行每位置客户端证书验证时,mod_ssl中的错误允许客户端绕过已配置的访问控制限制。成功利用此问题可能允许攻击者绕过某些安全限制并执行未经授权的操作。
绿盟科技互联网安全威胁周报NSFOCUS -2019-26
截止到2019年6月28日,绿盟科技漏洞库已收录总条目达到43617条。本周新增漏洞记录48条,其中高危漏洞数量30条,中危漏洞数量18条,低危漏洞数量0条。
在5.1.1之前的Linux内核中,arch / powerpc / mm / mmu_context_book3s64.c对于powerpc有一个错误,在这种情况下,不相关的进程可以通过512 TB以上的mmap在某些条件下读/写彼此的虚拟内存。本地攻击者可以利用此问题获得提升的权限。目前厂商还没有提供补丁程序
Traceback Analysis of WannaCry Ransomware
Since May 12, 2017, WannaCry has spread on a massive scale around the world, causing significant impacts. Therefore, security firms start to analyze and prevent the spread of this ransomware. Technical personnel of NSFOCUS also analyzed the sample immediately and released a detailed analysis report.
Analysis Report on the WannaCry Sample
The sample exploits the ETERNALBLUE SMB vulnerability or DOUBLEPULSAR backdoor for propagation and infection of the ransomware. The sample first connects to the domain name http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, to test network connectivity. If the network is reachable, the sample exits; otherwise, the sample carries out subsequent behaviors. Therefore, a reachable domain name can be registered to stop further attacks.
wannaCry(想哭)蠕虫病毒查杀及善后应急方案
拿到wannaCry蠕虫病毒,其原理的分析,这里再不重复,可以参考freebuf发的逆向分析报告http://www.freebuf.com/articles/system/134578.html这里就不再重复测试。
2016 DDoS Threat Trend
In this report, we present a multi-dimensional analysis of DDoS attack data and botnet data and summarize and analyze typical attack events in 2016, revealing threats of DDoS attacks and the overall threat trend in 2016.
Power Outage Caused by the Cyber Attack on Ukrenergo Technical Analysis and Solution
Ukrenergo, a major energy provider in Ukraine, experienced a power failure on the night of December 17, 2016, which involved the automatic control system of the “North” substation in New Petrivtsi close to Kiev. The blackout affected the northern part of Kiev, the country’s capital, and surrounding areas.
“Shifu” Banking Trojan Technical Analysis and Solution
The banking trojan “Shifu” was discovered by the IBM counter fraud platform in April, 2015. Built based on the Shiz source code, this trojan employs techniques adopted by multiple notorious trojans such as Zeus, Gozi, and Dridex.
互联网企业的等级保护建设之路
随着互联网企业的迅猛发展,其自身核心业务安全性的不断提升和行业监管力度的不断加强,如何应对与日俱增的内部需求和外部驱动,本文分析了互联网企业面临的安全威胁及合规监管,以及业内现有的针对该行业的安全建设内容,然后提出了我们基于三级等保的互联网企业信息安全建设思路,从整体上发现并解决互联网行业的安全问题。
Nginx Local Privilege Escalation Vulnerability Technical Analysis and Solution
On November 15, 2016 (local time), legalhackers.com released an advisory about a privilege escalation vulnerability, assigned CVE-2016-1247, found in the Nginx server. Nginx web server packaging on Debian-based distributions, such as Debian or Ubuntu, was found to allow creating log directories with insecure permissions.