Past and Present of Underground Network Industry

''

The underground network industry has a long history and extensive coverage. What happened throughout its history? This document presents the definition, category, means, and examples of the underground network industry, as well as protection measures. Overview What is Underground Industry? Underground industry is a general name for a wide variety […]

Analysis and Solution of Spring Data REST Server PATCH Request RCE Vulnerability

''

  Overview Recently, Pivotal released a security advisory to reveal the Spring Data REST server is prone to a remote code execution vulnerability (CVE-2017-8046) when processing PATCH requests. Attackers could exploit this vulnerability by sending a crafted PATCH request to the Spring Data REST server. The submitted JSON data contains […]

Struts 2 S2-052 REST Plug-in Remote Code Execution Vulnerability Analysis

''

Overview On September 5, 2017, Apache Struts released the latest security bulletin announcing that the REST plug-in in Apache Struts 2.5.x and some 2.x versions is prone to a high-risk remote code execution vulnerability, which has been assigned CVE-2017-9805 (S2-052). When using an XStream handler with an instance of XStream […]

Analysis of Phishing Attacks Targeting Ukrainian Banks

''

Overview On August 17, 2017, the National Bank of Ukraine (NBU) warned financial institutions in the country about a potential cyberattack. The virus would exploit the CVE-2015-2545 vulnerability to cause remote code execution by sending emails with the code disguised as a Microsoft Word document. Subsequently, a cybersecurity institution found […]

Moyou Trojan Analysis

''

Overview On August 2, 2017, ANTIY discovered a new DDoS trojan and dubbed it Moyou. After obtaining the related sample, NSFOCUS conducted a detailed analysis of the trojan. Sample Analysis The following figure shows the detection result of NSFOCUS Threat Analysis Center (TAC). The sample obtains the C&C server address […]