May 2nd week business Wind Control Focus | Central bank: Prohibit unauthorized access to the credit system

This article is published by NetEase Cloud.

The Wind control weekly reports the security technologies and events that are worth paying attention to, including but not limited to content security, mobile security, business security and network security, and helps enterprises to be vigilant and avoid these security risks, which are small and large and affect the healthy development of the business.

1. Central bank: Prohibit unauthorized access to the credit system

With the establishment of a unified market for personal credit, credit information security is on the agenda. In a recent notice issued by the Central bank, the credit operators and access agencies are not authorized to search the credit report, and unauthorized access to the credit system is strictly forbidden. In addition, the need to establish a credit information security work Leadership team, clear leadership in charge of the letter of responsibility for the work of the first person responsible.

2. Synack ransomware uses a variety of advanced technologies to evade detection

Recently, researchers have found that the latest variants of Synack ransomware use a variety of novel and complex techniques to evade detection. Typically, in order to be able to exist in an infected system for longer periods of time, attackers often add a variety of defense techniques to identify detection tool reviews. SynAck ransomware deploys "common technologies" and adds processdoppelg?nging code injection technology to new variants. This technology was first seen at Black Hat's European conference, and it was used to attack all Windows platforms, and to attack mainstream security products. With this technology, Synack Ransomware can disguise itself as a legitimate program stored on disk, eventually running malicious code without changing the files that could trigger an alert. In addition, SynAck uses obfuscation techniques, common identification techniques, and even tests the keyboard language settings of the target system to evade detection.

3. Cyber security company discovers the new virus "Kitty" of the Monroe Mining

Recently, cyber security company Impervaincapsula found that the xmr of the new virus "Kitty" mining. It is learnt that the virus exploits the Remote Code execution Vulnerability (CVE-2018-7600) in the updated version of Drupal published March 8, 2018. The new virus has been attacked in various forms since it was discovered in early April. If this virus is infected, it will bind to the server and start launching the Salomon mining program called "Kkworker".

4. Botnet is still active in the event of device restart

Security researchers found the first IoT zombie virus that stops the system after a device restarts, and remains on the device after attacking the system. This is a major change in the IoT zombie virus, a virus that has previously been used by device users to remove those viruses simply by restarting the device. The restart operation refreshes the device's flash memory, and all of the device's work data is also kept in RAM, including those viruses. But now, Bitdefender researchers have announced that they have discovered an internet of things malware that in some cases replicates to/etc/init.d/, a path that is used by Linux systems to place daemon scripts, by placing viruses in them, The process by which the device automatically starts the malware after it restarts.

5. Developer Error reading chip maker Debug document leads to new kernel vulnerability

The U.S. computer Security Emergency Response Center (hereinafter referred to as CERT) released a recent announcement that Windows, MacOS, Red Hat, Ubuntu, SUSE Linux, FreeBSD, Systems such as VMware and Xen are likely to be affected by a major security vulnerability (CVE-2018-8897), due to the fact that operating system developers misinterpret the debug documentation of both Intel and AMD chip vendors.

6. High-risk vulnerabilities can be caused by the Sea Conway video camera, DVR and account is remote hijacked

Hoi Kang Granville See also burst loopholes, this time the flaw is http://hik-connect.com identity authentication security problem. If the vulnerability is exploited, an attacker can access, manipulate, and hijack other users ' devices.

The vulnerability of the discovery of Stykas DVR to do firmware updates found that the Hik-connect cloud service can directly access the camera without the router port forwarding, and the value of the cookie is not valid validation.

7. Copenhagen's shared bike system Bycyklen hacked

1,860 bicycles in the entire city of Copenhagen cannot be used from Friday to Saturday. It is unclear whether the hacker's identity and which vulnerability is being exploited, but there are indications that the attacker is familiar with the system. Bycyklen said the hackers did not steal data, but the direct attack caused the entire system to crash. Bycyklen had to manually upgrade every bike in the city. Bycyklen also affirms that it does not store user's payment information, and that the user's personal information is encrypted and saved, even if the employee is unable to view it. Still, Bycyklen urged users to change their passwords.

8. Mobile phone apt attack rise

At the INTEROPITX meeting in Las Vegas last week, Lookout's security vice president, Mike Murray, said modern handsets had become an entry point for various attacks.

Murray, citing Verizon's latest 2018 data leak report, points out that phishing and SMS scams have become a common means of social engineering attacks-both of which can be done via mobile phones. Murray also pointed out that the two major organizations NSO group and dark Caracal focus on mobile phone apt attack to steal information. Unlike the computer apt attackers, which were not technically mature at first, the mobile apt attacker could quickly become a good attack initiator by accumulating experience from the computer, and the defender needed to deal with the attack faster, Murray said.

NetEase Cloud Yi Shield provides the corresponding security measures, interested friends can click DDoS High-anti-spam business free trial.

Learn about NetEase Cloud:
NetEase Cloud Official Website: https://www.163yun.com/
New User package: Https://www.163yun.com/gift
NetEase Cloud Community: https://sq.163yun.com/

May 2nd week business Wind Control Focus | Central bank: Prohibit unauthorized access to the credit system