More and more companies pay attention to confidentiality, so does business spies really exist in our work?

5 thoughts on “More and more companies pay attention to confidentiality, so does business spies really exist in our work?”

  1. Review important events, the development of Zhixian.com’s security industry. What are the important events in the domestic and foreign Internet security industry recently, and what kind of development has shown? The China Net Security Technology Intelligence Research Team will start from the perspective of the industry, leading everyone to review important events in domestic and foreign industries in the near future, and explore the development trend.
    event overview:
    1, Tencent released host safety flagship version
    2, “Shanghai Anti -Spy Safety Prevention Regulations” released
    3, network security technology application pilot demonstration work startup
    4 , National standard “Important Data Identification Guide” drafted major modification
    5, the Swiss army requires their personnel to use Threema’s instant messaging application
    6, evidence collection experts retain the murder of the murder and jail on the PC
    7, the Internet The thief raid Grass Valley
    8, more than half of the small and medium -sized enterprises have experienced cyber security vulnerability attack
    9, the United States issues warnings on commercial spy software
    10, researchers in a dozen extensive URL parsing library libraries I found the error
    11, ABCBOT zombie network link to the operator of Xanthe malware
    12, APT hacker achieved its own goals in the recent malware attack
    13, the organization suffers 925 attacks per week , Create a new high
    14, the new ZLoader malware event attacked more than 2,000 victims in 111 countries
    The domestic
    01 Tencent released the host security flagship version
    January 9, 2022 In the afternoon, the “Tencent Host Safety Flagship Edition” conference was held online. The newly upgraded cloud host safety flagship version, with new engines, new capabilities, and new experiences, to help invade detection, traceability, document detection, loophole management, and safety early warning, to create cloud security for enterprises on cloud safety Protection closed loop.
    In Zhang Yin, an expert in Tencent’s senior product, Tencent Security is based on the core needs of the user and builds the host safety protection system from the four stages of “prevention → defense → detection → response”. At the same time, the cloud hosting security flagship version relies on the seven core engines, millions of terminal protection, and tens of billions of threats to help enterprises in real -time protection of core assets of core protection, meet the needs of equal preparation, asset risk management and invasion protection needs.
    Zhang Yin said: “The flagship version of the new security broadcast, security protection module, support the unified management of hybrid clouds, help enterprises realize the visualization of assets, and provide one -click detection, automatic repair, mirror snapshot function to achieve minute -level vulnerability detection Efficiency, while optimizing the scanning performance while improving the accuracy, making safety easier! “
    At present, Tencent Cloud hosting security products have been widely covered in the pan -Internet industry of finance, media, automobiles, transportation, e -commerce, education, etc. He also won the leaders’ quadrant in the “2021 China Cloud Host Market Security Report”.
    02 “The Regulations on the Safety Prevention of Shanghai Anti -Spy Safety”
    Recently, the 38th meeting of the Standing Committee of the 15th People’s Congress of Shanghai officially adopted the “Shanghai Anti -Spy Safety Prevention Regulations” (hereinafter “Regulations” for short) will be implemented from January 1, 2022. The “Regulations” total 7 chapters and 35 articles, which further improved the legal system of anti -spy security and maintained national security in accordance with the law.
    The “Regulations” pointed out in the first chapter of the general rule that national security organs are the competent authority of anti -spy security prevention work. Public security, confidentiality, and Internet information, economic informationization, business, education, science and technology, national religion, planning resources, housing urban and rural construction management, agricultural and rural, cultural tourism, financial supervision, foreign affairs, state -owned assets, customs and other relevant departments shall, with national security organs Cooperate closely and do a good job of anti -spy security prevention within their respective responsibilities.
    The staff members and their staff should strictly keep secrets of national secrets, work secrets, business secrets, personal privacy, and personal information that they know about the duties of anti -spy security prevention. At the same time, Shanghai strengthened the cooperation exchanges with the anti -spy security prevention work with the Yangtze River Delta region and other provinces, autonomous regions, and municipalities in the country, and promoted the realization of information interoperability, resource sharing, and disposal linkage, and enhanced the effectiveness of anti -spy security prevention work.
    The “Regulations” pointed out in the work responsibilities of the second chapter that Shanghai has strengthened anti -spy security risks in the fields of economy, finance, technology, biology, network, communication, data and other fields. The national security organs shall, together with the industry authorities, regularly conduct anti -spy security risk assessments, and dynamically adjust the key matters and scope of anti -spy security prevention.
    G relevant government departments and national security organs shall establish a comprehensive supervision working mechanism. When reviewing and regulating construction projects involving national security matters, law enforcement linkages, strengthening data information sharing, and within their respective responsibilities, supervise construction according to law The construction, all, use, and management of the project implement the relevant safety precautions.
    The “Regulations” pointed out in the third chapter of security precautions that units involving economic security, scientific and technological security, and security of new fields other than key areas other than key units other than key units in the anti -spy security prevention ,还应当履行下列反间谍安全防范义务:rn(1)涉及国民经济命脉的重要行业和关键领域的单位,应当加强反间谍安全风险管控,定期开展资金流向、数据处理、技术应用、 Self -inspection of anti -spy security prevention work in talent exchanges and cargo circulation; (2) units, scientific research institutions, national defense military industry and other units involving scientific and technological security should strengthen confidential experts, high -tech projects, trial venues and other aspects, etc. Anti -spy security prevention management; (3) units involving new types of safety in biological and data shall be based on the guidance of national security organs and relevant industry authorities, and strengthen the anti -spy security prevention work in the corresponding fields under the need for new security needs.
    The “Regulations” pointed out in Chapter 4 Publicity and Education that Shanghai will organize anti -spy security prevention publicity and education activities on April 15th of the National Security Education Day of the National Security Education Day each year.
    The national security organs should strengthen patriotic education and national security education, carry out law education, risk warning education, preventive education, and general knowledge education on anti -spy security prevention, and guide institutions, people’s organizations, corporate business organizations, and other social organizations Spy security prevention publicity and education and training; together with relevant departments, organize and mobilize residents ‘committees and villagers’ committees to carry out anti -spy security prevention publicity and education work.
    03 network security technology application pilot demonstration work startup
    The Ministry of Industry and Information Technology, National Internet Information Office, Ministry of Water Resources, National Health and Health Commission, Emergency Management Department, People’s Bank of China, State Administration of Radio and Television, Bank of China, Bank of China The 12 departments such as the Insurance Supervision and Administration Commission, the China Securities Regulatory Commission, the National Energy Administration, the National Railway Administration, and the China Civil Aviation Administration have recently issued a notice to organize the pilot demonstration work of the application of network security technology.能源、交通、水利、应急管理、金融、医疗、广播电视等重要行业领域网络安全保障需求,从云安全、人工智能安全、大数据安全、车联网安全、物联网安全、智慧城市安全、网络安全Together technology, network security innovation services, and network security “high -precision” technology innovation platform 9 key directions, and select a batch of pilot demonstration projects with advanced technology and significant application results.
    04 National standard “Important Data Identification Guide” drafted major modifications
    “Data Security Law” and “Network Data Security Management Regulations (Draft for Opinions)” (hereinafter referred to as the “Regulations”) were proposed that the state established data Classified classification protection system. In accordance with the influence and importance of data on national security, public interests or individuals, and organizational legitimate rights and interests, the data is divided into general data, important data, and core data. Different levels of data at different levels of data are taken. Not only that, the “Regulations” also set up Chapter 5 “Important Data Security”. This means that my country is establishing an important data security supervision system through legislation, and important data processors must fulfill a series of legal obligations. Therefore, what is “important data” has become a problem that is urgent in my country’s data security work. In 2020, the National Information Security Standardization Technology Commission was established to formulate a national standard “Important Data identification Guide”. In September 2021, the standard drafting group announced the latest standard draft in Beckham Said. After the “Regulations” publicly solicited the opinions on November 14, 2021, according to the work arrangements of the Secretariat of the National Information Security Standardization Technology Commission, the standard drafting group amended the “Important Data Recognition Guide”. After this revision, the standard content has changed significantly. The drafting group publicly publicly disclosed the latest version of the draft draft and disclosed the revision idea. It should be pointed out that this version is authorized by the preparation group of “Important Data Recognition Guidelines”. It is for the safety of the safety of the safety in the Beckham that it is for the reference and suggestions and suggestions of all parties. It is reported that the standard will officially solicit opinions on the official website of the National Information Security Standardization Technology Commission.

    Recently, the drafted national standard “Important Data Identification Guide” has been modified. On January 7, 2022, the Secretariat of the National Information Security Standardization Technology Commission organized a review of the standard. Based on the conference opinion, the preparation group had revised the formation of consultation drafts. This article will introduce the basic ideas of this major amendment, and authorize the current progress of the first standard of the first announcement of the current progress. Standard official text is subject to recent official website announcement.
    The main changes of the standards are reflected in the “features” description of important data, because these characteristics still inevitably involve industry classification, and the formulation departments, the industry, the system, the system, and the field of the localities and departments are still unavoidable. Important data recognition rules bring unnecessary constraints. To this end, the standard preparation group further investigated the situation of similar standards in other countries around the world in the field of network security and data security, and chose the “Guidelines for the National Security System Identification Guide” formulated by the United States as a reference. The guide has been running for 13 years, and its operability has been fully proven. At present, the drafting idea of ​​the “Important Data identification Guide” is similar to it.
    In abroad
    01 Swiss army requires their personnel to use Threema’s instant messaging application
    . According to January 9th, the Swiss army has banned foreign instant messaging applications such as SIGNAL, Telegram, and WhatsApp, allowing them to allow it Members use the Threema message transmission application developed in Switzerland.
    threema is an instant messaging tool, which aims to generate as little user data as possible. All communication is end -to -end encryption, and the application is open source. Threema does not require users to provide phone numbers or email addresses when registering, which means that the identity of the user cannot be linked through these data.
    Recently, the media shared a training document of the Federal Investigation Bureau, which reveals the surveillance capabilities of the US law enforcement department and explains in detail what data can be extracted from the encrypted message application.
    The legal access to multiple encrypted messages transmission applications, including iMessage, LINE, SIGNAL, Telegram, Threema, Viber, WhatsApp, WeChat or WICKR.
    The information reported in the training document provides the latest situation of the law enforcement department’s ability to access popular messages to transmit applications. The Federal Investigation Bureau cannot access the contents of Signal, Telegram, Threema, Viber, WeChat, and WICKR. At the same time, they can access encrypted communication content from iMessage, LINE and WhatsApp.
    Anyway, according to a single encrypted message, the application is transmitted by a single encryption message, and the law enforcement department can extract different metadata to unveil the veil of the end user.
    S weirdly, the Swiss army requires military personnel to use Threema as private users, rather than using a commercial version called Threema Work.
    02 evidence collection experts retained the murder of the murder and prison on the PC
    . According to reports on January 10, a police forensic experts downloaded thousands of severe images from the police computer system to his own computer. And he was sent to the British prison.
    Darren Collins, a 56 -year -old Darren Collins near Hywood near Stafford, acknowledged the photos of illegal access to the crime scene and a corpse inspection on the victims of the murder.
    The Royal Procuratorate (CPS) said that Collins used his digital expertise to create his own access database, and he had no right to do so, described as a backdoor technology, avoiding appropriate and legal access procedures Essence
    The Collins copied these images to the USB memory stick, took the storage device home, and then transmitted its content to his own personal electronic device.
    In January 2014 to December 2018, digital evidence expert Collins illegally visited more than 3,000 images stored on the police computer system.
    03 network thief raid Grass Valley
    . According to January 10, cyber attacks on a city of California have leaked the individual and financial data of suppliers, urban employees and their spouses.
    Grass Valley issued a data security incident notification that it was four months last year, an unknown attacker can access some IT systems in the city.
    The city said that the attackers used unauthorized interviews that they enjoyed from April 13th to July 1st, 2021 to steal data that was unspecified.
    The victims affected by data leaks include Grass Valley employees, former employees, spouses, family members, and individual suppliers hired by the city. Other victims include individuals who may have provided information to the Grass Valley Police Station, as well as individuals who provide information to the Grass Valley Community Development Department in the loan application document.
    December 1st, what documents the threatening participants visited and which data had been invaded. The information exposed during the attack was found to include social security numbers, driving license numbers, supplier names, and limited medical or health insurance information.
    For individuals who may provide information to the Grass Valley Police Station, the affected data include name and the following items or more: social security number, driving license number, financial account information, payment card information, limited medical care, limited medical care Or health insurance information, passport numbers, and user names and password credentials for online accounts.
    Make names and social security numbers, driving license numbers, financial accounts, and payment card numbers for those who apply for community development loans are invaded.
    04 more than half of SMEs have experienced cyber security vulnerability attacks
    . According to a new study from the insurance company Markel Direct, more than half of the British (51%) SMEs and self -employed workers People have experienced cyber security vulnerability attacks.
    The survey results come from surveys of 1,000 small and medium-sized enterprises and self-employed people in the UK, highlighting people’s concerns, that is, due to lack of resources and network security expertise, these organizations are facing particularly high risk of cyber attacks. During the COVID-19 period This problem exacerbated.
    The most common attack methods faced by these organizations are (24%), data leaks (16%) and online fishing attacks related to malware/viruses. More than two -thirds (68%) respondents said the cost of illegal behavior they experienced was as high as 5,000 pounds.
    This also analyzes the degree of network security measures adopted by small and medium -sized enterprises and self -employed people. Nearly 90%(88%) respondents said they had at least one form of cyber security, such as anti -virus software, firewalls, or multi -factor authentication, 70%of the respondents said that they were quite arranged for their network security arrangements for their own network security arrangements. Confident or very confident.
    among these organizations and individuals, 53%have anti -virus/malware, and 48%of people invest in firewalls and security networks. In addition, nearly one -third (31%) respondents said they conducted risk assessment and internal/external audits every month.
    The worry that 11%of the respondents said that they would not spend any money on cyber security measures, thinking that this was “unnecessary cost”.
    Markel Direct’s direct and partnership director Rob Rees commented: “The network attack of large companies is usually headline news, especially considering some major violations of the past few years. People are also facing risks, and their consequences may cause devastating blows on small enterprises. These companies may not be able to recover from the financial influence of network vulnerabilities or lose their trust. For the goal, because they lack the resources of large enterprises in network security. SMEs and self -employed people have become the goal of cyber attacks. In the end, they may face financial and operating consequences. Some of them may never be recovered from it.
    05 The United States issued warnings on commercial spy software
    . According to reports on January 10, US government security experts issued a new guide for the possible goals for commercial spy software to protect them from unnecessary surveillance.
    “Some The government is using commercial surveillance software to aim at the world’s different political opinions, reporters, and other people who think they are critics, “National Anti -Intelligence and Security Center (NCSC) warned in Twitter’s post.
    ” Business The use of monitoring tools also constitutes serious anti -spy and security risks for American personnel and systems.
    This explanation that spy software is using Wi-Fi and cellular data to be deployed to mobile and other Internet connection devices.
    “In some cases, malicious actors can infected the target equipment without taking action. In other cases, they can use infected links to access the device,” it said.
    The guidance file was jointly released by NCSC and the State Council, warning that spy software can monitor almost any content on the phone, equipment location and equipment, including text messages, files, chats, message transmission applications, contacts and browsing historical records Essence
    The suggestions for potential targets include regular update software. Do not click on links in unreasonable messages, encrypt and password protection equipment, and regain the device regularly to help delete malware implants.
    06 Researchers found errors in a dozen widely used URL parsing libraries
    . According to January 10, the study of 16 different unified resource positioning (URL) analysis libraries found that it was inconsistently inconsistent With confusion, these inconsistencies and chaos can be used to bypass verification and open the door for various attack media.
    In in -depth analysis of network security company Claroty and SYNK jointly conducted in in -depth analysis, using C, PHP, Python, and Ruby Language in many third -party libraries used by multiple web applications found eight security vulnerabilities found in many third -party libraries. Essence
    It using multiple parsers is one of the two main reasons for discovering these eight vulnerabilities. The other is the problem caused by inconsistency caused by different URL specifications when the library is followed, and the available vulnerabilities are effectively introduced.
    This scope includes confusion involving URLs containing back slope (“”), and the irregular number (eg,/) or URL encoding data (“%”) of the slope is These URLs may be used to obtain remote code execution, and even staged rejection or service (DOS) and open redirection to fishing for the Internet.
    The eight vulnerabilities found as follows, all these vulnerabilities have been solved by their respective maintenancers-
    · SIP stack (C, CVE-2021-33056))
    · video .js.js (, CVE-2021-23414)
    · Nagios xi (PHP, CVE-2021-37352)
    · Flask-Security (Python, CVE-2021-23385)
    · Flask-Security- TOO (Python, CVE-2021-32618)
    · Flask-UnchaINED (Python, CVE-2021-23393)
    · Flask-User (Python, CVE-2021-23401)
    · Clear removal (Ruby, CVE-2021-23435)
    07 ABCBOT zombie network link to the operator of Xanthe malware
    . According to reports on January 10, the new infrastructure behind the emerging DDOS zombie network named ABCBOT The study discovered the connection with cryptocurrency mining zombie network attacks exposed in December 2020.
    The NetLAB security team of Qihoo 360 first disclosed an attack involving ABCBOT in November 2021. The attack was triggered by a malicious shell script. In the unsafe cloud examples of business operations, the following is a malicious software that selects the machine to the zombie network, but before that, it will not terminate the process from the competitors of competitive threats and establish persistence.
    The problems with problems are the iterations of the early version of Trend Technology in October 2021, which attacks the ECS instance that is vulnerable to attacked by Huawei Cloud.
    But what is interesting is that through mapping all known invasion indicators (IOC), including IP address, URL, and samples, the continuous analysis of the zombie network reveals the code and functional level of ABCBOT and the cryptocurrency called Xanthe. The code and functional similarity of the excavation operation, the operation uses the docker implementation of the error configuration to spread the infection.
    “The same threat actor is also responsible for Xanthe and ABCBOT, and is transferring its goals from the infected host to the traditionally -related activities related to zombie networks, such as DDOS attacks,” Cado Security of the Cado Security Matt Muir said in a report shared with The Hacker News.
    The semantic overlapping range between the two malware series from the formatting method of the source code to the name provided by the routine. Some functions not only have the same name and implementation (for example, “”) The word “Go” is attached to the end of the function name (for example, “FILERUNGO”).
    “This may indicate that the ABCBOT version of the function has been iterated several times, and new features will be added every iteration,” MUIR explanation.
    In addition, in -depth inspections of malware revealing the zombie network created Duoduo Four their own users to avoid testing and add them to the Sudoers file to enable rogue users to have management authority for infected systems.
    “Code reuse or even copying a specific sample that often appears between malware families and any platform,” MUIR said. “From the perspective of development, this makes sense. Just as the code of legal software is reused to save development time, the same is true of illegal software or malware. Objective
    In January 9, threatening hunters have revealed a strategy, technology and procedure used by Indian hackers named Patchwork. This is part of the new movement began in late November 2021. The campaign focuses on the Pakistani government entities and individuals. The research focuses on molecular medicine and biological science.
    “” Ironics that all the information we collect is possible. Remote visit Trojan] Infected themselves, causing the capture of their key and their own computer and virtual machine screenshots, “the threatening intelligence team said in a report released on Friday. The victims include the Ministry of Defense of Pakistan, the Islamabad National Defense University, the UVAS Lader School of Biology, the International Chemistry and Biological Sciences Center (ICCBS), H.E.J. Institute of Chemistry and the University of Salim Habib (SBU). The spy organization is mainly known for combating Pakistan, China, US think tanks, and other goals located on the Indian subcontinent. The name comes from the following facts: Most of the code used for the malware tools is replicated and pasted from various sources disclosed from the Internet. .
    “The code used by the threat actor is copied and pasted from various online forums. In a way that reminds us of a patchwork quilt,” the currently closed Israeli network security startup Cymmetrid researchers are in 2016 The results of the survey issued in July of the year pointed out.
    Over the years, their continuous secret operations have tried to give up and perform Quasarrat and the implantation called Badnews. Victims machine. In January 2021, it also observed that the threat organization uses remote execution code vulnerabilities (CVE-2017-0261) in the use of Microsoft Office. The opponent uses RTF files to attract potential goals. These files pretend to be a Pakistani authorities and eventually act as a channel to deploy the new variant of Badnews Trojan -Ragnatela -in Italian means “spider web” -enable operators to execute any command, capture key and screenshots, screenshots List and upload files and download other malware.
    The new bait is said to be the Pakistani Defense Officer Housing Authority (DHA) from Karachi, including the vulnerability of the Microsoft Architecture editor. The vulnerability is triggered to destroy the victim The computer and execute the effective load of Ragnatela.
    But in the case of OPSEC’s failure, the threat actor also infected with RAT infection with their own development machine because they could reveal a lot of them. Strategy, including the use of dual -key plate layout (English and Hindu), and virtual machines and VPNs, such as VPN Secure and to hide its IP address.
    09 Organization suffered 925 attacks every week, creating a record high in history
    . According to reports on January 10, the researchers found that the cyber attack in 2021 increased by 50%year -on -year. The network attack caused a peak in December due to LOG4J vulnerabilities.
    2021 dragged himself into the end of the lightning war caused by LOG4Shell. Since the vulnerability was discovered last month, there were millions of attacks on log4j per hour, and each organization around the world had a record peak of 925 cyber attacks per week.
    The Monday report from the CHECK POINT Research (CPR) reported that the LOG4Shell attack was the main reason why the overall number of attacks on the corporate network in 2021 increased by 50%year -on -year.
    As of October, the CPR report increased by 40%. Early data showed that one of the 61 organizations around the world was attacked by ransomware every week.
    CPR researchers said that education/research is the industry with the highest attack volume in 2021, with an average of 1,605 attacks per week: 75 more than 2020. For example: As of December 30, Aquation Panda was using Log4Shell vulnerabilities to use tools to aim at the university to steal industrial intelligence and military secrets using Log4Shell vulnerabilities.
    The second popular department is the government/army, with 1,136 attacks occur every week: increased by 47%. Next is the communications industry. Each organization has 1,079 attacks every week: increased by 51%.
    If Africa experienced the most attack last year. Each organization has an average of 1,582 attacks per week: an increase of 13%over 2020.
    The weekly attacks of each organization in the Asia -Pacific region increased by 25%, with an average weekly attack number of 1,353 times. Latin America has 1,118 attacks a week, an increase of 38%; 670 attacks in Europe per week, an increase of 68%; each organization in North America has an average of 503 attacks per week, an increase of 61%over 2020. rnCPR的建议是:”在混合环境中,边界现在无处不在,安全性应该能够保护一切。该公司表示,电子邮件、网页浏览、服务器和存储”仅仅是基础”:移动应用程序、 Clouds and external storage are also “indispensable”, and the compliance of the connected movement and endpoint devices and the Internet of Things (IoT) devices is also the same.
    Loads, containers, and server applications should always be part of the list.
    The best security practice standards: timely understanding the security patches to prevent the use of known defect attacks in a timely manner, conduct segments on the network, and apply strong firewalls and IPS protection measures between network segments to curb infections on the entire network throughout the network. Communication and educate employees to identify potential threats.
    “In many cases, user consciousness can prevent attacks before attacking,” CPR researchers suggested. “Take time to educate your users and make sure that if they see abnormal situations, they will immediately report to your security team. User education has always been a key factor to avoid malicious software infection.
    Finally, implement advanced security Technology, CPR said. “No kind of silver bomb technology can protect the organization from all threats and all threat media infringement. However, there are many great technologies and ideas to be available -machine learning, sandbox, abnormal detection and so on.
    CPR is recommended to consider two key components: threatening extraction (file cleaning) and threat simulation (advanced sandbox). “Each element provides different protection. When used together, a comprehensive solution provides a comprehensive solution that can prevent unknown malicious software infringement at the network level and directly at the end -point device. More than 2,000 victims in 111 countries
    . According to reports on January 10, experts from Check Point Research discovered a new ZLOADER malware activity in early November 2021. Malicious software activities are still active. As of 2022, 2022 On January 2nd, the threat actor had stolen data and credentials of more than 2,000 victims in 111 countries/regions.

    zloader is a kind of bank malicious software that has been active since 2016. It has been active. From the infamous Zeus 2.0.8.9 bank Trojan borrowed some functions, and used to spread the bank Trojan (ie Zeus Openssl) similar to Zeus (ie, Zeus Openssl).系统的初始访问权限。感染链从在受害者的机器上安装Atera软件开始。Atera 是一种合法的企业远程监控和管理软件,可以使用包含所有者电子邮件地址的唯一.msi文件安装代理并将The endpoint is allocated to a specific account. The attacker uses the temporary email address “[email protected]” to create this installation program. Like the previous ZLOADER activity, the file disguised as Java installation.
    , then malicious software Use Microsoft’s digital signature verification method to inject its effective load into the signature system DLL to avoid testing.
    Repair, but in 2014, Microsoft revised the repair program.
    The function processing the Windows signature verification method of the PE file has a remote execution code vulnerability. Anonymous attacker can modify the existing signature executable file to execute the file can be executed. Utilize this vulnerability to use the unbelievable part of the file, so as to add a malicious code to the file without the signature invalid. The attacker who successfully uses this vulnerability can fully control the affected system. During the process, the experts found an open directory that held it up, and it held some files downloaded in the advertising series. Mysterious software operators would change the document every few days. The list of victims of ZLoader and its original country.
    “The two noteworthy methods seen here are to use legal RMM software as the initial access to the target machine, and add the code to the signature of the file. At the same time Still maintaining the effectiveness of the signature and run it with mshta.exe.
    The ability to attach code to the file signature has existed for many years, and multiple CVEs are allocated as described above. “In order to alleviate this problem, all suppliers should abide by new specifications and use these settings as the default settings instead of choosing to add updates. Before that, we can never determine whether we can truly trust the signatures of the documents.

  2. Review important events, the development of Zhixian.com’s security industry. What are the important events in the domestic and foreign Internet security industry recently, and what kind of development has shown? The China Net Security Technology Intelligence Research Team will start from the perspective of the industry, leading everyone to review important events in domestic and foreign industries in the near future, and explore the development trend.
    event overview:
    1, Tencent released host safety flagship version
    2, “Shanghai Anti -Spy Safety Prevention Regulations” released
    3, network security technology application pilot demonstration work startup
    4 , National standard “Important Data Identification Guide” drafted major modification
    5, the Swiss army requires their personnel to use Threema’s instant messaging application
    6, evidence collection experts retain the murder of the murder and jail on the PC
    7, the Internet The thief raid Grass Valley
    8, more than half of the small and medium -sized enterprises have experienced cyber security vulnerability attack
    9, the United States issues warnings on commercial spy software
    10, researchers in a dozen extensive URL parsing library libraries I found the error
    11, ABCBOT zombie network link to the operator of Xanthe malware
    12, APT hacker achieved its own goals in the recent malware attack
    13, the organization suffers 925 attacks per week , Create a historical high
    14, the new Zloader malware event attacked more than 2,000 victims in 111 countries

  3. Knowing and knowing each other, never fighting!

    The malls are like battlefields. For fierce competitive shopping malls, they can master the dynamics of competitors at any time.

    The is naturally understandable to collect business intelligence in legitimate channels. However, some merchants ignore professional ethics and laws to steal the commercial secrets of competitors through business spies. Among them, there are many giants. A survey in 2017 showed that the top 1,000 companies in the world were ranked in the world, with an average of 2.45 commercial spy incidents per year, with a total loss of 45 billion US dollars.

    In March 2017, a news that “Dr. Checked by Dr. Can was stealing commercial secrets with unfair means” spread on the Internet.

    In the founder and COO Kang Jinliang of the car identification, Dr. Cha and the car identified as competitors in the same industry.

    At the end of July 2016, Dr. Checked the “undercover” Zhang Moumou’s car appraisal and paid it to him 4,000 yuan per month. During the six months, Zhang Moumou used his post to identify business secrets to Dr. Zha to identify the internal operation data, customer information, business activity planning cases and pricing strategies until the incident in February 2017. Since then, Dr. Charca ’s operating subject, Beijing Cool Car Network Technology Co., Ltd. and Zhang Moumou, will be reported to court, asking Dr. Chada to stop improper competition and publish an apology statement on the media, claiming RMB 20 million.

    behind this bizarre “Infernal Affairs” is a well -known Internet group in China.

    The enterprise must attach great importance to business secret management and make a set of business secret management systems for themselves. Once you find that your business secrets are stolen, enterprises should immediately take different legal means to protect themselves with the assistance of the professionals to combat business spies and business spy employers.

  4. Regardless of the company’s size, I think it should exist! Together with various means, the news of each other has been repeatedly everywhere!

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top