Picture Technical Standard Specification
Cross-border data flow | Full text translation of the new EU standard contract clauses (final version)
Global SaaS Cloud Computing Industry Research: Answers to Some Key Questions in the Domestic Software SaaS Industry
Notice of the National Medical Security Administration on Issuing Guidance Opinions on Strengthening Cyber Security and Data Protection
Announcement of the Central Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration of Market Supervision on the implementation of centralized control of black products such as camera peeping
Heavy | Data Security Law Passed by Vote
The Ministry of Industry and Information Technology and the Central Cyberspace Affairs Office issued the “Guiding Opinions on Accelerating the Application of Blockchain Technology and Industrial Development”
Picture industry development trends
The Massachusetts ferry operator, the largest U.S. ferry service operator, suffered a ransomware attack
The U.S. Army plans to invest heavily in network modernization
The White House issues a memo to avoid ransomware against companies
The Kimsuky APT organization continues to use AppleSeed backdoors to attack the South Korean government
Military operations are an option to combat cybercrime; the Secretary of Energy raises the alarm: the adversary has the ability to shut down the U.S. power grid
Enlightenment from Colonial Pipeline Attack
FBI develops “phishing” encryption platform, destroys international drug trafficking organization
Amazon, GitHub and other websites go offline collectively, and Fastly CDN is interrupted
Image security threat analysis
Kaspersky: 2021 Q1 IT threat evolution report
Interpretation｜Network Security Attack and Defense: Threat Intelligence
Original | Texas power failure highlights power grid attack hazards
Searching for remote desktop application AnyDesk on Google will show fake malicious programs
TeaBot: Android malware targeting European banks
GitHub’s new policy sparked heated debate: allow hosting of malware for security research purposes
Global Internet “blackout”, CDN security exposes vulnerabilities
International Phishing Law Enforcement Action Net: Intercept communication information through encrypted chat platform
Azure Confidential Ledger: Microsoft launches blockchain-based secure ledger
Mediator: a powerful end-to-end encrypted reverse shell
Extortion attacks affect political security, and U.S. congressmen voter communication platform interrupted service
Picture Security Technology Solution
Original | China-US cyber security review and my country’s countermeasures
Original | Analysis of Siemens S7CommPlus_TLS protocol
Fight against extortion gangs-Australian Defence Signals Agency will implement a “progressive counterattack”
Google releases open source dependency “endoscope”
Hyper-V vulnerability analysis and PoC
SideWinder arsenal update: analysis of attacks against Pakistan using foreign policy
Zero trust network construction and some detailed discussions
Commonly used logic programming for industrial safety entry
Original | A report on the exploitation of 2 0Day vulnerabilities of QNAP equipment-RoonServer permission authentication vulnerability and command injection vulnerability
Use MYSQL to read arbitrary files to make a honeypot
Analysis of the difference between big data security and traditional data protection
Technical Standard Specification
1. Cross-border data flow | Full text translation of the new EU standard contract clauses (final version)
On June 4, the European Commission announced the final version of the new standard contract clauses (new SCCs) for the transfer of personal data from the EU to third countries. Personal information protection practitioners around the world have been waiting for a long time for the new standard contract clauses.
2. Global SaaS cloud computing industry research: answers to some key questions in the domestic software SaaS industry
At present, the domestic market has basically formed a full consensus on the excellent characteristics of the software SaaS industry itself. It has also seen the good performance of the software SaaS sector in the US stock market in recent years. However, the current domestic market is weak in the software industry foundation and high-quality listed software SaaS companies are relatively scarce. As well as the seemingly slow development pace of the industry itself, they have become the main concerns and points of divergence in the current capital market. Therefore, it is urgent and necessary to clarify the long-term development logic of the domestic software SaaS industry.
3. Notice of the National Medical Security Administration on Issuing Guidance Opinions on Strengthening Cyber Security and Data Protection
The “Guiding Opinions of the National Medical Security Administration on Strengthening Network Security and Data Protection” has been deliberated and approved at the 44th Director-General’s Office Meeting. It is now issued to you. Please follow and implement it.
4. Announcement of the Central Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration of Market Supervision on the implementation of centralized control of black products such as camera peeping
In recent years, criminals have used hacking techniques to hack and control cameras in homes and public places, convert smartphones, sports bracelets, etc. into sneak shots, sell cracking software, and teach sneak shots to allow customers to “spy” on private images and use them for profit. A chain of black production has been formed, which has seriously violated the privacy of citizens, and the people have responded strongly to this.
5. Blockbuster | Data Security Law is voted on
According to CCTV News, on June 10, the 29th meeting of the Standing Committee of the 13th National People’s Congress passed a number of bills and two decisions, including the recent data security law.
6. The Ministry of Industry and Information Technology and the Central Cyberspace Administration of China issued the “Guiding Opinions on Accelerating the Application of Blockchain Technology and Industrial Development”
Blockchain is an important part of a new generation of information technology. It is a new type of database software integrated with a variety of technologies such as distributed networks, encryption technologies, and smart contracts. It is expected to solve the trust and Security issues promote the transformation of the Internet from transmitting information to transmitting value, and reconstruct the information industry system.
Industry Development Trends
7. The Massachusetts ferry operator, the largest ferry service operator in the United States, suffered a ransomware attack
At present, the largest ferry service operator in the United States was attacked by ransomware on Wednesday and some operations were blocked. This is the latest in a series of cyber attacks in recent weeks.
8. The U.S. Army plans to invest heavily in network modernization
According to George Bush, the US Army’s agent procurement chief, approximately US$2.7 billion is spent on network upgrades, more than any other Army’s priority area.
9. The White House issued a memo to avoid ransomware against companies
The US Biden administration aims to prevent ransomware infection, data theft, and payment of huge sums of money to cybercriminal groups through a series of security directives and practices.
10. The Kimsuky APT organization continues to use AppleSeed backdoors to attack the South Korean government
Kimsuky (also known as Thallium, BlackBanshee, VelvetChollima) APT is a North Korean cyber espionage organization that mainly conducts cyber threat activities against South Korean government entities. The organization has been active since 2012. In December 2020, KISA (Korea Internet and Security Agency) provided a detailed analysis of the infrastructure and TTP used by Kimsuky for phishing.
11. Military operations are an option to combat cybercrime; the Secretary of Energy raises the alarm: the adversary has the ability to shut down the U.S. power grid
US Secretary of Energy Jennifer Granholm (Jennifer Granholm) said in an interview with CNN that the US energy network is vulnerable to enemy attacks.
12.Colonial pipeline attack incident enlightenment
Colonial is an important artery in the eastern United States and the main source of gasoline, diesel, and aviation fuel on the East Coast. Its systems range from Houston to North Carolina and New York. Four weeks ago, the closure of the Colonial pipeline aroused great concern from security agencies, governments and consumers.
13. The FBI develops a “phishing” encryption platform to destroy the international drug trafficking organization
In recent days, in the largest and most complex global joint law enforcement operation to date, international law enforcement agencies have used a fake end-to-end encrypted chat platform (including customized encrypted mobile phones) to arrest members of international drug cartels on a large scale. , And seized large quantities of drugs, guns and other illegal assets.
14. Amazon, GitHub and other websites are collectively offline, and Fastly CDN is interrupted
On June 8, due to the outage of Fastly CDN, the global Internet content delivery network, a large number of websites around the world, including Reddit, Spotify, PayPal, GitHub, gov.uk, CNN, and BBC, encountered a “dilemma” of being inaccessible for more than an hour. .
Security threat analysis
15. Kaspersky: 2021 Q1 IT threat evolution report
In December 2020, SolarWinds, an international IT management software provider, was found to have an infected update program on its Orion software update server. This incident caused more than 18,000 SolarWinds customers (including many large companies and government agencies) around the world to be infected. , A custom backdoor named Sunburst was deployed on the victim’s machine.
16. Interpretation｜Network Security Attack and Defense: Threat Intelligence
Security confrontation in cyberspace is becoming increasingly fierce, and traditional security technologies cannot fully meet the needs of security protection. At present, the security industry generally agrees with the idea that defense alone is not enough, and continuous detection and response are more necessary. However, for continuous and effective detection and rapid response, security breaches and security intelligence are indispensable.
17. Original | Texas power failure highlights the harm of power grid attacks
The power system has always been a key driver of economic growth and prosperity in all countries. Nowadays, with the increasing popularity and importance of Internet services in various economic sectors, and the increasing momentum of the electrification of heating energy for automobiles and buildings, its importance is growing exponentially.
18. Searching for remote desktop application AnyDesk on Google will show fake malicious programs
The well-known remote desktop application AnyDesk provided a malicious version of the program in an ad in Google search results. The search ranking of this malicious version even surpassed the legal AnyDesk ad ranking on Google.
19.TeaBot: Android malware targeting European banks
Bank malware has always been the focus of our Shadow Lab. Recently, a new type of Android malware appeared in Italy. Researchers found that it is not related to the currently known banking Trojan horse family. They named this new banking Trojan family TeaBot (also named Anatsa).
20. GitHub’s new policy sparked heated debate: allow hosting of malware for security research purposes
As a super popular source code management platform, GitHub has reached the position of the world’s largest code repository with its practical functions and user-friendly interface. Today, it hosts more than 80 million source code repositories. Companies and individuals are using GitHub to store and manage source code to keep software development projects going smoothly.
21. The global Internet “blackout”, CDN security exposes vulnerabilities
On Tuesday, June 8, 2021, at around 7 pm (11 am on Tuesday, British Summer Time), a global Internet outage occurred and lasted for about half an hour. During this period, most of the Internet was temporarily offline, including well-known sites such as Amazon, Reddit, and Twitch.
22. International Phishing Law Enforcement Operation Nets: Interception of Communication Information through Encrypted Chat Platform
In 2018, the US FBI and the Australian police jointly seized the encrypted chat platform Phantom Secure and arrested a large number of criminals during the control of the platform. The occurrence of this incident also gave the FBI new ideas, why not operate it yourself How about an encrypted chat platform for phishing law enforcement?
23.Azure Confidential Ledger: Microsoft launches a blockchain-based secure ledger
On May 10, Microsoft announced that it will stop Azure blockchain services on September 10, 2021. Services that have been deployed will continue to be supported until September 10, but new deployments or member creation will no longer be supported after May 10.
24.Mediator: a powerful end-to-end encrypted reverse shell
Mediator is a powerful end-to-end encrypted reverse shell. This tool can help researchers connect with a “Mediator” server through a Shell, so that there is no need for researchers or handlers to set up port forwarding to monitor connections.
25. Extortion attacks affect political security, and the communication platform for U.S. congressmen and voters is interrupted.
Catherine Szpindor, Chief Administrative Officer of the U.S. House of Representatives, said that lawmakers did receive news that the iConstituent communication system was attacked by ransomware. But the attackers did not obtain or access any data from the House of Representatives, and the network used by the House of Representatives was not affected.
Security Technical Solution
26. Original | China-U.S. Cyber Security Review and Research on my country’s Countermeasures
The U.S. government’s governance of cybersecurity is subordinate to the national security strategy. Based on the importance and particularity of cybersecurity issues, the United States has individually designed strategies, policies, and legal systems, and developed many corresponding organizational structures and review principles.
27. Original | Analysis of Siemens S7CommPlus_TLS protocol
Siemens is the world’s top supplier of automation systems. The Siemens SIMATIC series PLC is used on a large scale in key infrastructures around the world. It is precisely because of its reliability and stability that more users will choose to use it.
28. Fight against extortion gangs-Australian Defence Signals Agency will implement a “progressive counterattack”
A member of the Australian Parliament called on government intelligence agencies to take action against the most notorious ransomware group in the world.
29. Google releases open source dependency “endoscope”
The software development of modern enterprises is highly dependent on open source projects, and it has also caused many enterprises (including users of these enterprises) to seriously underestimate the dependence of software projects on open source code, and the huge security risks caused by this.
30. Hyper-V vulnerability analysis and PoC
This is an explanation of the Hyper-V remote code execution vulnerability (CVE-2021-28467), which is an arbitrary memory read in vmswitch.sys (network virtualization service provider) patched by Microsoft in May 2021.
31. SideWinder arsenal update: analysis of attacks against Pakistan using foreign policy
The Rattlesnake (also known as SideWinder) APT organization is an APT organization suspected of having a South Asian background. Its attack activities can be traced back to 2012. Attacks are mainly aimed at the government, military, energy and other fields of neighboring countries, with the purpose of stealing sensitive information.
32. Zero-trust network construction and some detailed discussions
The construction of a zero-trust network is a difficult and long-term task. The construction process involves a lot of work done in collaboration with the SRE team, the network team and even the business team, but its visible effects are worth the investment and continuous iteration of the enterprise.
33. Commonly used logic programming for industrial safety entry
SIMATIC Step 7 is an engineering configuration software based on the TIA Portal platform. It supports SIMATIC S7-1500, SIMATIC S7-1200, SIMATIC S7-300 and SIMATIC S7-400 controllers. It also supports HMI and PC-based SIMATIC WinAC automation systems. . Due to the support of various programmable controllers, SIMATIC Step 7 has flexible and expandable software engineering configuration capabilities and performance, which can meet various requirements of automation systems.
34. Original | A report on the exploitation of 2 0Day vulnerability combinations of QNAP equipment-RoonServer permission authentication vulnerability and command injection vulnerability
On May 9, 2021, according to the monitoring clues of the CNCERT IoT threat intelligence data platform, the Venus Chen Jinjing security research team and the CNCERT IoT security research team discovered two zero-day vulnerabilities in the wild.
35. Use MYSQL to read arbitrary files to make a honeypot
You can access the remote server when you log in. When logging in to a maliciously constructed Mysql server, you can use load data infile to read any file on the server. Of course, the prerequisite is that it is in the directory allowed by the secure_file_priv parameter, and the user of phpmyadmin has the permission to read the file.
36. Analysis of the difference between big data security and traditional data protection
In recent years, thanks to the rise of digital transformation and big data, data security has become a hot topic that has received widespread attention. Although the concept of big data was proposed as early as 2005, there has been no leap from quantity to quality until the Internet of Things and the construction of smart cities in recent years have quickly made big data a reality.