新的沙盒逃逸技术
自从诞生沙盒技术来阻挡恶意软件之后,恶意软件也在时刻想办法逃避沙盒,所谓沙盒逃逸技术。绿盟科技安全研究员做分析的过程中,发现Upatre木马新变种采用了新的逃逸技术。
Redis数据库漏洞防护
Redis是一个高性能的数据库,Redis Crackit及Redis安全漏洞本质上是由于Redis自身缺乏安全防护机制,同时Redis的使用者又未曾遵循官方的安全规范所导致的。
Fareit Trojan Analysis and Prevention
On November 5, 2015, NSFOCUS Threat Analysis Center (TAC) intercepted an unknown virus targeting a bank and then named it Fareit trojan after sample analysis. Attackers could exploit Fareit trojan to compromise the target host by sending spam to trick users into clicking an .exe file, thereby stealing website information and passwords stored on the FTP client.
Fareit木马分析与防护
11月5日,绿盟威胁分析系统TAC在某行截获未知病毒样本,随即进行样本分析,后续该病毒被命名为Fareit木马。Fareit木马,主要是通过发送垃圾邮件,骗取用户点击运行exe文件来入侵目标主机,进而窃取FTP客户端保存的站点信息与用户密码。
本文对该木马的执行过程及行为进行了详细分析,并从执行检测、网络防护、终端防护等方面给出方法及整体解决方案。文章中呈现的分析过程较为详细,可以成为木马分析的实操手册,并可以为类似的信息窃取类木马分析及防护提供经验借鉴。
An Analysis of the vBulletin 5.x Remote Code Execution Exploit
vBulletin is a commercial Internet forum software package, boasting tens of thousands of users which are growing rapidly worldwide. It is written in the PHP web language and uses the MySQL database. Owing to its large user base, vBulletin is frequently reported to have vulnerabilities. In NSFOCUS Vulnerability Database (NSVD), there are 49 entries related to vBulletin, most of which are SQL injection vulnerabilities. The vulnerability disclosed this time is of a relatively high risk level, known as remote code execution (RCE). Theoretically, an attacker can exploit this vulnerability to execute arbitrary code or even take complete control of a forum that uses this program.
vBulletin5远程代码执行漏洞分析
vBulletin 是一个商用的论坛程序套件,在全球拥有数万用户且增长速度很快。该论坛采用PHP Web语言及MySQL数据库。正是由于其用户较多,其漏洞出现频率较高,在绿盟科技漏洞库(NSVD)中共有[49条记录][1],大部分是SQL注入漏洞。此次漏洞等级较高,为远程代码执行漏洞(RCE),理论上说攻击者可执行任意代码,甚至完全控制论坛 。
百度SDK漏洞分析及防护
近日,百度SDK被报存在WormHole虫洞漏洞,该漏洞从理论上说可以远程执行任意代码,攻击者可以窃取大量用户安卓手机数据。本文对该漏洞进行了分析及验证方法,并给出防护方案。
Attack Chain-based Threat Aware System
With the network threat forms becoming more and more diversified and complex and challenges from advanced persistent threat (APT) attacks, new-generation threats spread more quickly on a larger scale, covering mobile devices, desktops, networks, web, applications, and social networks. In the new normal situation, it is far from enough for customers to obtain threat information only from traditional network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) devices, and professional, systematical, and intelligent devices are becoming really crucial. In particular, with the development of the Internet and improvement of user experience requirements, network threat behaviors should be detected through big data analysis to show customers the entire dynamic attack process intuitively.
XcodeGhost危害国内苹果应用市场
据称,苹果公司官方发言人表示,苹果公司已经开始清查下架相关应用,并且正与开发者积极沟通,确保他们使用官方版本的Xcode重建应用,并建议开发者在下载Xcode的时候,开启Gatekeeper功能。那么事情就这么结束了吗?
绿盟云:XcodeGhost分析及在线检测
什么是Xcode
Xcode 是苹果公司开发的编程软件,是开发人员进行苹果电脑及手机程序开发的工具。根据斯诺登提供的资料,美国政府研究人员创建了一个特殊版本的Xcode,希望借此将监控后门植入到手机应用程序APP中,并通过苹果应用商店App Store散发。(该信息引自百度百科等词条)
SYNful Knock, a New Backdoor Targeting Cisco Routers
How many people and companies use Cisco routers? You do not need to be a system integration engineer to know the specific figure. Baidu will tell you the answer. Do you panic when knowing that a backdoor targeting Cisco routers may affect most models? An experienced network administrator knows that the firmware of routers is not frequently upgraded. Once an attacker gets the knack of exploiting such backdoors, he or she can use them against those routers in a long time. Are you scared of that?
新型思科路由器后门SYNful Knock
新型思科路由器后门SYNful Knock
思科路由器在国内有多大的使用量?做过系统集成的知道,在百度搜索中也可以知道,那思科路由器出现后门,可能影响其大多数型号,你惊慌吗?做过网络管理的都知道,路由器可能很长时间都不会升级其系统固件,攻击者拿到这些后门利用方法,就可以长期使用,你害怕吗?