Iran’s 3,500 Switches Attacked – Cisco IOS/IOS XE Remote Code Execution Vulnerability CVE-2018-0171 Exploitation

''

News from The Iran Project, the Iranian cyber police confirmed Friday night that the country’s data center was attacked. The attack involved Iran 3500 switches, but the official in the country emphasized that the attack didn’t lead to sensitive data leakage. From description, the suspected attacker exploited the Cisco IOS / IOS […]

Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485)

''

At the beginning of 2018, jackson-databind was reported to contain another remote code execution (RCE) vulnerability (CVE-2017-17485) that affects versions 2.9.3 and earlier, 2.7.9.1 and earlier, and 2.8.10 and earlier. This vulnerability is caused by jackson-dababind’s incomplete blacklist. An application that uses jackson-databind will become vulnerable when the enableDefaultTyping method […]

Technical Analysis and Recommended Solution of GoAhead httpd/2.5 to 3.5 LD_PRELOAD Remote Code Execution Vulnerability (CVE-2017-17562)

''

A remote RCE vulnerability (CVE-2017-17562) was found in all GoAhead Web Server’s versions earlier than 3.6.5. The vulnerability is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters, and will affect all users who have CGI support enabled with dynamically linked executables (CGI scripts). […]

Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability

''

Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through analysis, NSFOCUS believes that these events are all associated with the malware-infected WebLogic Server (WLS) host. Specifically, attackers exploit the WLS component vulnerability (CVE-2017-10271) to attack the […]

IcedID Banking Trojan Sample Technical Analysis and Solution

''

IcedID Banking Trojan Sample Technical Analysis and Solution Date of Release: November 17, 2017 Overview Recently, the IBM X-Force research team discovered a brand new banking Trojan dubbed IcedID. This Trojan was first found spreading in the wild in September 2017, mainly targeting systems used in the financial sectors of […]

Technical Analysis Report on Rowdy, A New Type of IoT Malware Exploiting STBs

''

In August 2017, NSFOCUS’s DDoS situation awareness platform detected anoma-lous bandwidth usage over a customer’s network, which, upon analysis, was confirmed to be a distributed denial-of-service (DDoS) attack. The attack was characterized by different types of traffic, including TCP flood, HTTP flood, and DNS flood. Tracing source IP addresses, we […]

Past and Present of Underground Network Industry

''

The underground network industry has a long history and extensive coverage. What happened throughout its history? This document presents the definition, category, means, and examples of the underground network industry, as well as protection measures. Overview What is Underground Industry? Underground industry is a general name for a wide variety […]