Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability

''

Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through analysis, NSFOCUS believes that these events are all associated with the malware-infected WebLogic Server (WLS) host. Specifically, attackers exploit the WLS component vulnerability (CVE-2017-10271) to attack the […]

Miner Virus Attacked Large Numbers of WebLogic Hosts Recently

''

On the 15th this month, K.Orange twittered a message, saying that unpatched WebLogic has a vulnerability that could be employed by attackers using a “watch-smartd” program. Recently NSFOCUS received requests from customers in many industries (finance, telecom carriers, the Internet companies and so on) asking for emergence response service as […]

GoldenEye & NoPetya Attack

''

Executive Overview Believed to be a modified version of the once successful Petya ransomware, NoPetya seems to be a variant to the GoldenEye ransomware family with source code structuring nearly identical after initial analysis. Unlike its predecessors WannaCry and Petya, GoldenEye incorporates multiple encryption points on its compromised systems. Not […]

EternalBlue & DoublePulsar – NSA Equation Group Breakdown

''

WANNACRY Overview  May 12th marked one of the largest cyber-security breaches in history. With the onset of a ransomware strain titled ‘WannaCry’ several variants have since  been re-engineered and introduced into the wild. Our crew of Threat Intelligence Researchers, Incident Response Team, and Security Operations Center personnel have diagnosed of […]

Apache Struts2 Remote Code Execution Vulnerability (S2-045)

''

Overview Apache Struts2 is prone to a remote code execution vulnerability (CNNVD-201703-152) in the Jakarta Multipart parser plug-in. When uploading a file with this plug-in, an attacker could change the value of the Content-Type header field of an HTTP request to trigger this vulnerability, causing remote code execution. For details, […]

“Shifu” Banking Trojan – Technical Analysis and Recommendations

''Trojan Horse

Overview The banking Trojan “Shifu” was discovered by the IBM counter fraud platform in April, 2015. Built on the Shiz source code, this Trojan employs techniques adopted by multiple notorious Trojans such as Zeus, Gozi, and Dridex. This particular Trojan targeted 14 banks in Japan and re-emerged in Britain compromising […]