content

Picture technical standard specification

Cross-border flow of data | Full text translation of the new EU standard contractual clauses (final version)

Global SaaS Cloud Computing Industry Research: Answers to Some Key Questions in the Domestic Software SaaS Industry

Notice of the National Medical Security Administration on Printing and Distributing Guiding Opinions on Strengthening Network Security and Data Protection

Announcement of the Central Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation on the Centralized Control of Black Products such as Camera Peeping

Heavy | Data Security Law passed by vote

The Ministry of Industry and Information Technology and the Central Cyberspace Administration of China issued the “Guiding Opinions on Accelerating the Application of Blockchain Technology and Industrial Development”

Development trends of the picture industry

Massachusetts Ferry Operator Hit by Ransomware Attack

U.S. Army plans to invest heavily in cyber modernization

White House issues ransomware avoidance memo for businesses

Kimsuky APT group continues to use AppleSeed backdoor to attack South Korean government

Military action is an option to fight cybercrime; energy secretary raises alert: adversary has ability to shut down U.S. grid

Inspiration from Colonial Pipeline Attack

FBI develops “phishing” encryption platform to destroy international drug trafficking organizations

Websites such as Amazon and GitHub are collectively offline, and Fastly CDN is interrupted

Image security threat analysis

Kaspersky: 2021 Q1 IT Threat Evolution Report

Interpretation｜Network Security Attack and Defense: Threat Intelligence

Original | Texas power failure highlights the danger of grid attacks

A Google search for the remote desktop app AnyDesk turns up fake malware

TeaBot: Android malware targeting European banks

GitHub’s new policy sparks heated debate: allowing malware for security research purposes to be hosted

Global Internet “Blackout”, CDN Security Exposes Vulnerability

International phishing enforcement action closed: intercepted communications through encrypted chat platforms

Azure Confidential Ledger: Microsoft unveils blockchain-based secure ledger

Mediator: A Powerful End-to-End Encrypted Reverse Shell

Ransomware Attacks Affect Political Security, US Congressional Voter Communication Platform Disrupted

Image Security Technology Solution

Original | Sino-US Cyber ​​Security Review and my country’s Countermeasure Research

Original | Analysis of Siemens S7CommPlus_TLS Protocol

Fighting ransomware gangs – Australian Defence Signals Directorate to carry out ‘progressive counterattack’

Google releases open source dependency ‘endoscope’

Hyper-V Vulnerability Analysis and PoC

SideWinder arsenal update: Analysis of attacks against Pakistan using foreign policy

Zero trust network construction and some detailed discussions

Introduction to Industrial Control Security Common Logic Programming

Original | Report on 2 0Day Vulnerability Combination Attacks on QNAP Devices – RoonServer Permission Authentication Vulnerability and Command Injection Vulnerability

Use MYSQL arbitrary file reading to make honeypot

Analysis of the difference between big data security and traditional data protection

Technical standard specification

1. Cross-border flow of data | full-text translation of the new EU standard contractual clauses (final version)

On June 4, the European Commission published the final version of the new Standard Contractual Clauses (new SCCs) for the transfer of personal data from the EU to third countries. Personal information protection practitioners around the world have been waiting for a long time for new standard contractual clauses.

https://mp.weixin.qq.com/s/F0yxItU88cBlMHxtNiGQqQ

2. Research on the global SaaS cloud computing industry: answers to some key questions in the domestic software SaaS industry

At present, the domestic market has basically formed a sufficient consensus on the excellent characteristics of the software SaaS industry itself, and has also seen the good performance of the software SaaS sector of the US stock market in recent years, but the current domestic market has a weak software industry foundation and high-quality listed software SaaS companies are relatively scarce. As well as the seemingly slow pace of development of the industry itself, they have become the main concerns and divergence points in the current capital market. Therefore, it is urgent and necessary to clarify the long-term development logic of the domestic software SaaS industry.

https://mp.weixin.qq.com/s/FrKBosUc0JkSAkheO0XPPw

3. Notice of the National Medical Security Administration on Printing and Distributing Guiding Opinions on Strengthening Network Security and Data Protection

The “Guiding Opinions of the National Medical Security Administration on Strengthening Network Security and Data Protection” has been deliberated and adopted at the 44th director’s office meeting, and is hereby issued to you for your compliance and implementation.

https://mp.weixin.qq.com/s/DwXsiGf3HAJe5avYUvKDQA

4. Announcement of the Central Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation on the centralized management of black products such as camera voyeurism

In recent years, criminals have used hacking technology to crack and control cameras in households and public places, convert smartphones, sports bracelets, etc. into candid photography equipment, sell cracked software, and teach candid photography techniques for customers to “peep” private images and make profits. A black production chain has been formed, seriously infringing on citizens’ personal privacy, and the people have reacted strongly to this.

https://mp.weixin.qq.com/s/1aHwWPgNEejO8_pkGW2Suw

5. Heavy | Data Security Law passed by vote

According to CCTV news, on June 10, the 29th meeting of the Standing Committee of the 13th National People’s Congress voted to pass a number of bills and two decisions, including the data security law that has recently attracted much attention.

https://mp.weixin.qq.com/s/vOwdax3_WgQpWwZVTBEDHQ

6. The Ministry of Industry and Information Technology and the Central Network Information Office issued the “Guiding Opinions on Accelerating the Application of Blockchain Technology and Industrial Development”

Blockchain is an important part of the new generation of information technology. It is a new type of database software that integrates various technologies such as distributed networks, encryption technology, and smart contracts. Through data transparency, not easy to tamper with, and traceability, it is expected to solve the problem of trust and security in cyberspace. Security issues, promote the transformation of the Internet from transmitting information to transmitting value, and reconstruct the information industry system.

https://mp.weixin.qq.com/s/e5c6qVuBERVdT3YzMSDwIw

Industry development trends

7. Massachusetts Ferry Operator Hit by Ransomware Attack

The largest U.S. ferry service operator was hit by a ransomware attack on Wednesday, disrupting some operations. It is the latest in a string of cyberattacks that have occurred in recent weeks.

https://mp.weixin.qq.com/s/yrjigdBDWqCR8UvkFA3Vmw

8. The U.S. Army plans to invest heavily in cyber modernization

About $2.7 billion was spent on network upgrades, more than any other Army priority, according to Doug Bush, the Army’s acting acquisition chief.

https://mp.weixin.qq.com/s/Y3BqITy-O9n2lnprIjtj7Q

9. White House issues ransomware avoidance memo for businesses

The Biden administration aims to stop ransomware infections, data theft and huge payments to cybercriminal groups through a series of security directive practices.

https://mp.weixin.qq.com/s/nLuTwZii3TpKnBufmKqi5g

10. The Kimsuky APT group continues to use the AppleSeed backdoor to attack the South Korean government

Kimsuky (also known as Thallium, BlackBanshee, VelvetCholima) APT is a North Korean cyber espionage group that conducts cyber threat activities primarily against government entities in South Korea, and has been active since 2012. In December 2020, KISA (Korea Internet and Security Agency) provided a detailed analysis of Kimsuky’s infrastructure and TTP for phishing.

https://mp.weixin.qq.com/s/ge3Ip-w0JTYlGgvadwzAkg

11. Military action is an option to fight cybercrime; Energy Secretary raises alert: Adversaries have the ability to shut down U.S. grid

U.S. Energy Secretary Jennifer Granholm said in an interview with CNN that the U.S. energy grid is vulnerable to enemy attacks.

https://mp.weixin.qq.com/s/Yciv_NorC5VYXbtpEBalbQ

12. Inspiration from Colonial Pipeline Attack

Colonial is a vital artery in the eastern United States and is the primary source of gasoline, diesel and jet fuel for the East Coast, with a system from Houston to North Carolina and New York. Four weeks ago, the closure of the Colonial pipeline drew heightened attention from security services, governments and consumers.

https://mp.weixin.qq.com/s/l6f-yGSxMRcrmmL43Q7RGA

13. FBI develops “phishing” encryption platform to destroy international drug trafficking organizations

In the largest and most complex joint global law enforcement operation to date, international law enforcement has made a record-breaking arrest of members of an international drug cartel via a fake end-to-end encrypted chat platform, including a custom encrypted mobile phone. , and seized large quantities of drugs, firearms and other illegal assets.

https://mp.weixin.qq.com/s/cPkmTaWIF1-jRRaNT8LydQ

14. Amazon, GitHub and other websites are collectively offline, which is due to the interruption of Fastly CDN

On June 8, a large number of websites around the world, including Reddit, Spotify, PayPal, GitHub, gov.uk, CNN and the BBC, suffered a “predicament” of being inaccessible for more than an hour due to an outage in the global Internet content delivery network Fastly CDN. .

https://mp.weixin.qq.com/s/7hmBNSZNqXA985y_c-NF8A

Security Threat Analysis

15. Kaspersky: 2021 Q1 IT Threat Evolution Report

In December 2020, SolarWinds, an international IT management software provider, was found to have a compromised updater on its Orion software update servers. This incident infected more than 18,000 SolarWinds customers around the world, including many large corporations and government agencies. , a custom backdoor called Sunburst was deployed on the victim machine.

https://mp.weixin.qq.com/s/1aKsx22xMdKXLRz1mdgsGw

16. Interpretation｜Network Security Attack and Defense: Threat Intelligence

The security confrontation in cyberspace is becoming increasingly fierce, and traditional security technologies cannot fully meet the needs of security protection. At present, a concept generally accepted by the security industry is that defense alone is not enough, and continuous detection and response are required. However, to achieve continuous and effective detection and rapid response, security vulnerabilities and security intelligence are essential.

https://mp.weixin.qq.com/s/XX4RaLTChPnR6Fs-QcVjxQ

17. Original | Texas power failure highlights grid attack hazards

The power system has been a key driver of economic growth and prosperity in countries. Today, its importance is growing exponentially with the increasing popularity and importance of internet services in various sectors of the economy and the electrification of energy sources for heating in cars and buildings.

https://mp.weixin.qq.com/s/UdSfQP_ub9K2GJ76WLSKeg

18. Searching for the remote desktop app AnyDesk on Google will bring up fake malicious programs

The well-known remote desktop application AnyDesk served up a malicious version of the program in an ad in Google search results. The malicious version’s search ranking even surpassed the legitimate AnyDesk’s ad position on Google.

https://mp.weixin.qq.com/s/XgdF2SQ_gIk_4amatTMSJA

19. TeaBot: Android malware targeting European banks

Banking malware has always been a focus for us at Shadow Labs. Recently, a new type of Android malware appeared in Italy. Researchers found that it is not related to the currently known banking Trojan family, and named this new banking Trojan family TeaBot (also named Anatsa).

https://mp.weixin.qq.com/s/Eeya-u6HuC5JYBqRx2OW9g

20. GitHub’s new policy sparks heated debate: allowing malware for security research purposes to be hosted

GitHub, the super popular source code management platform, has climbed to the position of the world’s largest code repository with its useful features and user-friendly interface, and today hosts more than 80 million source code repositories. Companies and individuals alike use GitHub to store and manage source code, keeping software development projects running smoothly.

https://mp.weixin.qq.com/s/3qYHpkUbRvsAXoCtPGJSaA

21. Global Internet “Blackout”, CDN Security Exposes Vulnerability

This Tuesday, June 8, 2021, at around 7:00 pm (11:00 am BST on Tuesday), the global Internet experienced a network outage that lasted about half an hour. During this period, most of the Internet was temporarily offline, including well-known sites such as Amazon, Reddit and Twitch.

https://mp.weixin.qq.com/s/QPJaCESGgETRiGxYn1twjA

22. International phishing law enforcement operations: intercepting communication information through encrypted chat platforms

In 2018, the US FBI and the Australian police jointly seized the encrypted chat platform Phantom Secure, and arrested a large number of criminals during the control of the platform, and the occurrence of this incident also gave the FBI a new idea, why not operate it yourself What about an encrypted chat platform for phishing enforcement?

https://mp.weixin.qq.com/s/1292TrqP-_uPOBFyA5B9vA

23. Azure Confidential Ledger: Microsoft launches blockchain-based secure ledger

On May 10, Microsoft announced that it will discontinue the Azure Blockchain Service on September 10, 2021. Already deployed services will continue to be supported until September 10, but new deployments or member creation will no longer be supported after May 10.

https://mp.weixin.qq.com/s/VyZtCSA7KhF-yvaQPBDW4A

24.Mediator: A powerful end-to-end encrypted reverse shell

Mediator is a powerful end-to-end encrypted reverse shell that helps researchers connect to a “Mediator” server through a shell, so that researchers or handlers do not need to set up port forwarding to listen for connections.

https://mp.weixin.qq.com/s/BDuGABzJAR4D-h38PN4JUg

25. Ransomware attacks affect political security, and the service of the communication platform for US congressmen and voters is interrupted

U.S. House of Representatives Chief Administrative Officer Catherine Szpindor said lawmakers did receive news of a ransomware attack on iConstituent’s communications systems. But the attackers did not obtain or access any data from the House of Representatives, and the networks used by the House of Representatives were not affected.

https://mp.weixin.qq.com/s/yWZMM7qzILrIrcHZe0HjRQ

Safety Technology Solutions

26. Original | Sino-US cybersecurity review and my country’s countermeasure research

The U.S. government’s governance of cybersecurity falls under the National Security Strategy. Based on the importance and particularity of cybersecurity issues, the United States has individually designed strategies, policies and legal systems, and has developed many corresponding organizational structures and review principles.

https://mp.weixin.qq.com/s/kTfA8E36OEMue7XDRWwHpw

27. Original | Analysis of Siemens S7CommPlus_TLS protocol

Siemens is the world’s top supplier of automation systems. Siemens SIMATIC series PLCs are used on a large scale in key infrastructures around the world. It is precisely because of their reliability and stability that more users choose to use them.

https://mp.weixin.qq.com/s/VkT7Q_eRybA8QuGdQT8XCw

28. Fighting extortion gangs – Australian Defence Signals Directorate will carry out ‘progressive counterattack’

An Australian MP has called on government intelligence agencies to take action against the world’s most notorious ransomware gang.

https://mp.weixin.qq.com/s/5iFhPcNoUXk7T-fHWr7VXA

29. Google releases open source dependency ‘endoscope’

The software development of modern enterprises is highly dependent on open source projects, and at the same time, many enterprises (including users of these enterprises) seriously underestimate the dependence of software projects on open source code, and the huge security risks caused by this.

https://mp.weixin.qq.com/s/h5rVQGeC67Q94Yh69HAtMA

30. Hyper-V Vulnerability Analysis and PoC

This is an illustration of the Hyper-V Remote Code Execution Vulnerability (CVE-2021-28467), an arbitrary memory read in vmswitch.sys (Network Virtualization Service Provider) patched by Microsoft in May 2021.

https://mp.weixin.qq.com/s/QQEABKY4XgY6PJB4pKHc2w

31. SideWinder arsenal update: Analysis of attacks against Pakistan using foreign policy

The Sidewinder (also known as SideWinder) APT group is an APT group suspected of having a South Asian background, and its attack activities can be traced back to 2012. It mainly conducts attacks on the government, military, energy and other fields of its neighboring countries, with the purpose of stealing sensitive information.

https://mp.weixin.qq.com/s/YQtiZ8qacHvRUE73KLYfsg

32. Zero trust network construction and some detailed discussions

The construction of a zero-trust network is a difficult and long-term task. The construction process involves a lot of work done in collaboration with the SRE team, the network team, and even the business team, but the visible results are worth investing in and continuing to iterate.

https://mp.weixin.qq.com/s/DuywtGrfU14M35tDgaYZpg

33. Common Logic Programming for Introduction to Industrial Control Security

SIMATIC Step 7 is an engineering software based on the TIA Portal platform and supports SIMATIC S7-1500, SIMATIC S7-1200, SIMATIC S7-300 and SIMATIC S7-400 controllers, as well as HMI and PC-based SIMATIC WinAC automation systems . Due to the support of various programmable controllers, SIMATIC Step 7 has flexibly scalable software engineering capabilities and performance to meet various requirements of automation systems.

https://mp.weixin.qq.com/s/z2DKVHJzewsWvn6HB51s2g

34. Original | Report on the combined exploit attack of 2 0Day vulnerabilities in QNAP devices – RoonServer Permission Authentication Vulnerability and Command Injection Vulnerability

On May 9, 2021, according to the monitoring clues of the CNCERT IoT threat intelligence data platform, the Venusian Chen Jinjing security research team and the CNCERT IoT security research team discovered two zero-day vulnerabilities in the wild.

https://mp.weixin.qq.com/s/xfT3LkYNlzFYJdG1z0c7ug

35. Use MYSQL arbitrary file reading to make honeypot

You can access the remote server when you log in. When you log in to a maliciously constructed Mysql server, you can use load data infile to read any file on the server. Of course, the prerequisite is that it is in the directory allowed by the secure_file_priv parameter, and the user of phpmyadmin has read permission to the file.

https://mp.weixin.qq.com/s/I-_15gvfByjOzZmrxLgkLg

36. Briefly analyze the difference between big data security and traditional data protection

In recent years, thanks to the rise of digital transformation and big data, data security has become a hot topic of widespread concern. Although the concept of big data was proposed as early as 2005, there has been no leap from quantity to quality until the construction of the Internet of Things and smart cities in recent years has made big data a reality.