Hackers use the latest high-risk WebLogic vulnerabilities to attack servers.
Recently, ThreatBook has discovered hackers' use of WebLogic vulnerability (CVE-2017-3248) and WebLogic WLS component vulnerability (CVE-2017-10271) to launch a wide range of remote attacks on enterprise servers, a large number of enterprise servers have been captured, and the number of attacked enterprises is showing a clear upward trend, which needs to be highly valued. Among them, CVE-2017-12071 is the latest remote code execution vulnerability using WLS components in Oracle WebLogic, which is a detail not published.
ThreatBook notification-Bad Rabbit ransomware event notification
On October 24, 2017, security companies such as Kaspersky and ESET found Bad Rabbit, a new type of ransomware, spreading rapidly in Eastern European countries, at a speed not lower than NotPetya in May and WannaCry ransomworm in June of this year. Up to now, it has attacked Russia, Ukraine, Bulgaria and Turkey and spread to the United States. ThreatBook has analysed and followed up of the incident, and our main findings include.
The US released an analysis report on hacking tools of North Korean Lazarus group
On November 14, 2017, US-CERT released an analysis report on FALLCHILL and Volgmer, the tools often used by the "Hidden Cobra" group (Lazarus), pointing out that the group was backed by the North Korean government. ThreatBook has also recently published many internal analysis reports on the organization's attack trends. By contrast, we found that the FALLCHILL described in the US-CERT report is highly consistent with the capability features of the latest backdoor program of the group we found. The specific contents include.
By making use of the hot spot of China vs. India, and disguising as Youku 360, the WhiteElephant attack continues.
WhiteElephant, also known as Patchwork or Dropping Elephant, has been active since December 2015. It has been attacking Chinese infrastructure and other business assets for a long time. In July 2016, many security companies such as Cymmetria, ANTIY, Forcepoint, Kaspersky and Symantec revealed it. The gang mainly disseminates Trojan horses through phishing mail and counterfeit websites. The Trojan horses are usually carried by Doc or PPS documents related to military and political topics. The common vulnerabilities include CVE-2012-0158 and CVE-2014-.
What is "CEO fraud"? An analysis report on the BEC attack technique
The spear phishing mail attack has been a major threat to the line of defense at the border of the enterprise. Launching directed attacks by attacking the enterprise's or its partner's mail system is a greater attack means in sppear phishing mail attacks, which is also called BEC (Business E-mail Compromise) attack, also known as "CEO fraud". ThreatBook has sorted out several cases of attacks in recent years, summarized the typical attack scenarios and attack characteristics, and puts forward defense advice accordingly.