Picture technical standard specification
Cross-border flow of data | Full text translation of the new EU standard contractual clauses (final version)
Global SaaS Cloud Computing Industry Research: Answers to Some Key Questions in the Domestic Software SaaS Industry
Notice of the National Medical Security Administration on Printing and Distributing Guiding Opinions on Strengthening Network Security and Data Protection
Announcement of the Central Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation on the Centralized Control of Black Products such as Camera Peeping
Heavy | Data Security Law passed by vote
The Ministry of Industry and Information Technology and the Central Cyberspace Administration of China issued the “Guiding Opinions on Accelerating the Application of Blockchain Technology and Industrial Development”
Development trends of the picture industry
Massachusetts Ferry Operator Hit by Ransomware Attack
U.S. Army plans to invest heavily in cyber modernization
White House issues ransomware avoidance memo for businesses
Kimsuky APT group continues to use AppleSeed backdoor to attack South Korean government
Military action is an option to fight cybercrime; energy secretary raises alert: adversary has ability to shut down U.S. grid
Inspiration from Colonial Pipeline Attack
FBI develops “phishing” encryption platform to destroy international drug trafficking organizations
Websites such as Amazon and GitHub are collectively offline, and Fastly CDN is interrupted
Image security threat analysis
Kaspersky: 2021 Q1 IT Threat Evolution Report
Interpretation｜Network Security Attack and Defense: Threat Intelligence
Original | Texas power failure highlights the danger of grid attacks
A Google search for the remote desktop app AnyDesk turns up fake malware
TeaBot: Android malware targeting European banks
GitHub’s new policy sparks heated debate: allowing malware for security research purposes to be hosted
Global Internet “Blackout”, CDN Security Exposes Vulnerability
International phishing enforcement action closed: intercepted communications through encrypted chat platforms
Azure Confidential Ledger: Microsoft unveils blockchain-based secure ledger
Mediator: A Powerful End-to-End Encrypted Reverse Shell
Ransomware Attacks Affect Political Security, US Congressional Voter Communication Platform Disrupted
Image Security Technology Solution
Original | Sino-US Cyber Security Review and my country’s Countermeasure Research
Original | Analysis of Siemens S7CommPlus_TLS Protocol
Fighting ransomware gangs – Australian Defence Signals Directorate to carry out ‘progressive counterattack’
Google releases open source dependency ‘endoscope’
Hyper-V Vulnerability Analysis and PoC
SideWinder arsenal update: Analysis of attacks against Pakistan using foreign policy
Zero trust network construction and some detailed discussions
Introduction to Industrial Control Security Common Logic Programming
Original | Report on 2 0Day Vulnerability Combination Attacks on QNAP Devices – RoonServer Permission Authentication Vulnerability and Command Injection Vulnerability
Use MYSQL arbitrary file reading to make honeypot
Analysis of the difference between big data security and traditional data protection
Technical standard specification
1. Cross-border flow of data | full-text translation of the new EU standard contractual clauses (final version)
On June 4, the European Commission published the final version of the new Standard Contractual Clauses (new SCCs) for the transfer of personal data from the EU to third countries. Personal information protection practitioners around the world have been waiting for a long time for new standard contractual clauses.
2. Research on the global SaaS cloud computing industry: answers to some key questions in the domestic software SaaS industry
At present, the domestic market has basically formed a sufficient consensus on the excellent characteristics of the software SaaS industry itself, and has also seen the good performance of the software SaaS sector of the US stock market in recent years, but the current domestic market has a weak software industry foundation and high-quality listed software SaaS companies are relatively scarce. As well as the seemingly slow pace of development of the industry itself, they have become the main concerns and divergence points in the current capital market. Therefore, it is urgent and necessary to clarify the long-term development logic of the domestic software SaaS industry.
3. Notice of the National Medical Security Administration on Printing and Distributing Guiding Opinions on Strengthening Network Security and Data Protection
The “Guiding Opinions of the National Medical Security Administration on Strengthening Network Security and Data Protection” has been deliberated and adopted at the 44th director’s office meeting, and is hereby issued to you for your compliance and implementation.
4. Announcement of the Central Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation on the centralized management of black products such as camera voyeurism
In recent years, criminals have used hacking technology to crack and control cameras in households and public places, convert smartphones, sports bracelets, etc. into candid photography equipment, sell cracked software, and teach candid photography techniques for customers to “peep” private images and make profits. A black production chain has been formed, seriously infringing on citizens’ personal privacy, and the people have reacted strongly to this.
5. Heavy | Data Security Law passed by vote
According to CCTV news, on June 10, the 29th meeting of the Standing Committee of the 13th National People’s Congress voted to pass a number of bills and two decisions, including the data security law that has recently attracted much attention.
6. The Ministry of Industry and Information Technology and the Central Network Information Office issued the “Guiding Opinions on Accelerating the Application of Blockchain Technology and Industrial Development”
Blockchain is an important part of the new generation of information technology. It is a new type of database software that integrates various technologies such as distributed networks, encryption technology, and smart contracts. Through data transparency, not easy to tamper with, and traceability, it is expected to solve the problem of trust and security in cyberspace. Security issues, promote the transformation of the Internet from transmitting information to transmitting value, and reconstruct the information industry system.
Industry development trends
7. Massachusetts Ferry Operator Hit by Ransomware Attack
The largest U.S. ferry service operator was hit by a ransomware attack on Wednesday, disrupting some operations. It is the latest in a string of cyberattacks that have occurred in recent weeks.
8. The U.S. Army plans to invest heavily in cyber modernization
About $2.7 billion was spent on network upgrades, more than any other Army priority, according to Doug Bush, the Army’s acting acquisition chief.
9. White House issues ransomware avoidance memo for businesses
The Biden administration aims to stop ransomware infections, data theft and huge payments to cybercriminal groups through a series of security directive practices.
10. The Kimsuky APT group continues to use the AppleSeed backdoor to attack the South Korean government
Kimsuky (also known as Thallium, BlackBanshee, VelvetCholima) APT is a North Korean cyber espionage group that conducts cyber threat activities primarily against government entities in South Korea, and has been active since 2012. In December 2020, KISA (Korea Internet and Security Agency) provided a detailed analysis of Kimsuky’s infrastructure and TTP for phishing.
11. Military action is an option to fight cybercrime; Energy Secretary raises alert: Adversaries have the ability to shut down U.S. grid
U.S. Energy Secretary Jennifer Granholm said in an interview with CNN that the U.S. energy grid is vulnerable to enemy attacks.
12. Inspiration from Colonial Pipeline Attack
Colonial is a vital artery in the eastern United States and is the primary source of gasoline, diesel and jet fuel for the East Coast, with a system from Houston to North Carolina and New York. Four weeks ago, the closure of the Colonial pipeline drew heightened attention from security services, governments and consumers.
13. FBI develops “phishing” encryption platform to destroy international drug trafficking organizations
In the largest and most complex joint global law enforcement operation to date, international law enforcement has made a record-breaking arrest of members of an international drug cartel via a fake end-to-end encrypted chat platform, including a custom encrypted mobile phone. , and seized large quantities of drugs, firearms and other illegal assets.
14. Amazon, GitHub and other websites are collectively offline, which is due to the interruption of Fastly CDN
On June 8, a large number of websites around the world, including Reddit, Spotify, PayPal, GitHub, gov.uk, CNN and the BBC, suffered a “predicament” of being inaccessible for more than an hour due to an outage in the global Internet content delivery network Fastly CDN. .
Security Threat Analysis
15. Kaspersky: 2021 Q1 IT Threat Evolution Report
In December 2020, SolarWinds, an international IT management software provider, was found to have a compromised updater on its Orion software update servers. This incident infected more than 18,000 SolarWinds customers around the world, including many large corporations and government agencies. , a custom backdoor called Sunburst was deployed on the victim machine.
16. Interpretation｜Network Security Attack and Defense: Threat Intelligence
The security confrontation in cyberspace is becoming increasingly fierce, and traditional security technologies cannot fully meet the needs of security protection. At present, a concept generally accepted by the security industry is that defense alone is not enough, and continuous detection and response are required. However, to achieve continuous and effective detection and rapid response, security vulnerabilities and security intelligence are essential.
17. Original | Texas power failure highlights grid attack hazards
The power system has been a key driver of economic growth and prosperity in countries. Today, its importance is growing exponentially with the increasing popularity and importance of internet services in various sectors of the economy and the electrification of energy sources for heating in cars and buildings.
18. Searching for the remote desktop app AnyDesk on Google will bring up fake malicious programs
The well-known remote desktop application AnyDesk served up a malicious version of the program in an ad in Google search results. The malicious version’s search ranking even surpassed the legitimate AnyDesk’s ad position on Google.
19. TeaBot: Android malware targeting European banks
Banking malware has always been a focus for us at Shadow Labs. Recently, a new type of Android malware appeared in Italy. Researchers found that it is not related to the currently known banking Trojan family, and named this new banking Trojan family TeaBot (also named Anatsa).
20. GitHub’s new policy sparks heated debate: allowing malware for security research purposes to be hosted
GitHub, the super popular source code management platform, has climbed to the position of the world’s largest code repository with its useful features and user-friendly interface, and today hosts more than 80 million source code repositories. Companies and individuals alike use GitHub to store and manage source code, keeping software development projects running smoothly.
21. Global Internet “Blackout”, CDN Security Exposes Vulnerability
This Tuesday, June 8, 2021, at around 7:00 pm (11:00 am BST on Tuesday), the global Internet experienced a network outage that lasted about half an hour. During this period, most of the Internet was temporarily offline, including well-known sites such as Amazon, Reddit and Twitch.
22. International phishing law enforcement operations: intercepting communication information through encrypted chat platforms
In 2018, the US FBI and the Australian police jointly seized the encrypted chat platform Phantom Secure, and arrested a large number of criminals during the control of the platform, and the occurrence of this incident also gave the FBI a new idea, why not operate it yourself What about an encrypted chat platform for phishing enforcement?
23. Azure Confidential Ledger: Microsoft launches blockchain-based secure ledger
On May 10, Microsoft announced that it will discontinue the Azure Blockchain Service on September 10, 2021. Already deployed services will continue to be supported until September 10, but new deployments or member creation will no longer be supported after May 10.
24.Mediator: A powerful end-to-end encrypted reverse shell
Mediator is a powerful end-to-end encrypted reverse shell that helps researchers connect to a “Mediator” server through a shell, so that researchers or handlers do not need to set up port forwarding to listen for connections.
25. Ransomware attacks affect political security, and the service of the communication platform for US congressmen and voters is interrupted
U.S. House of Representatives Chief Administrative Officer Catherine Szpindor said lawmakers did receive news of a ransomware attack on iConstituent’s communications systems. But the attackers did not obtain or access any data from the House of Representatives, and the networks used by the House of Representatives were not affected.
Safety Technology Solutions
26. Original | Sino-US cybersecurity review and my country’s countermeasure research
The U.S. government’s governance of cybersecurity falls under the National Security Strategy. Based on the importance and particularity of cybersecurity issues, the United States has individually designed strategies, policies and legal systems, and has developed many corresponding organizational structures and review principles.
27. Original | Analysis of Siemens S7CommPlus_TLS protocol
Siemens is the world’s top supplier of automation systems. Siemens SIMATIC series PLCs are used on a large scale in key infrastructures around the world. It is precisely because of their reliability and stability that more users choose to use them.
28. Fighting extortion gangs – Australian Defence Signals Directorate will carry out ‘progressive counterattack’
An Australian MP has called on government intelligence agencies to take action against the world’s most notorious ransomware gang.
29. Google releases open source dependency ‘endoscope’
The software development of modern enterprises is highly dependent on open source projects, and at the same time, many enterprises (including users of these enterprises) seriously underestimate the dependence of software projects on open source code, and the huge security risks caused by this.
30. Hyper-V Vulnerability Analysis and PoC
This is an illustration of the Hyper-V Remote Code Execution Vulnerability (CVE-2021-28467), an arbitrary memory read in vmswitch.sys (Network Virtualization Service Provider) patched by Microsoft in May 2021.
31. SideWinder arsenal update: Analysis of attacks against Pakistan using foreign policy
The Sidewinder (also known as SideWinder) APT group is an APT group suspected of having a South Asian background, and its attack activities can be traced back to 2012. It mainly conducts attacks on the government, military, energy and other fields of its neighboring countries, with the purpose of stealing sensitive information.
32. Zero trust network construction and some detailed discussions
The construction of a zero-trust network is a difficult and long-term task. The construction process involves a lot of work done in collaboration with the SRE team, the network team, and even the business team, but the visible results are worth investing in and continuing to iterate.
33. Common Logic Programming for Introduction to Industrial Control Security
SIMATIC Step 7 is an engineering software based on the TIA Portal platform and supports SIMATIC S7-1500, SIMATIC S7-1200, SIMATIC S7-300 and SIMATIC S7-400 controllers, as well as HMI and PC-based SIMATIC WinAC automation systems . Due to the support of various programmable controllers, SIMATIC Step 7 has flexibly scalable software engineering capabilities and performance to meet various requirements of automation systems.
34. Original | Report on the combined exploit attack of 2 0Day vulnerabilities in QNAP devices – RoonServer Permission Authentication Vulnerability and Command Injection Vulnerability
On May 9, 2021, according to the monitoring clues of the CNCERT IoT threat intelligence data platform, the Venusian Chen Jinjing security research team and the CNCERT IoT security research team discovered two zero-day vulnerabilities in the wild.
35. Use MYSQL arbitrary file reading to make honeypot
You can access the remote server when you log in. When you log in to a maliciously constructed Mysql server, you can use load data infile to read any file on the server. Of course, the prerequisite is that it is in the directory allowed by the secure_file_priv parameter, and the user of phpmyadmin has read permission to the file.
36. Briefly analyze the difference between big data security and traditional data protection
In recent years, thanks to the rise of digital transformation and big data, data security has become a hot topic of widespread concern. Although the concept of big data was proposed as early as 2005, there has been no leap from quantity to quality until the construction of the Internet of Things and smart cities in recent years has made big data a reality.
The Links: 7MBP75RE120 CM150DY-24A