Alibaba Cloud Security

1445 Reputation

Activities(32) Posts(32) Series(0) Areas of Expertise Following Followers
Areas of Expertise

Following (0)

See All

Followers (15)

See All

Alibaba Cloud Released Industry's First Trusted and Virtualized Instance with Support for SGX 2.0 and TPM

Recently, Alibaba Cloud announced its support for SGX 2.0 and released a virtualized ECS instance based on SGX 2.0 and TPM.

A New Chapter in Modernizing Security with Cloud-Native Technologies: Identity Management

A discussion about the "Human Element" of cybersecurity, why it's so important, why no one is talking about it, and how it can be improved.

Alibaba Cloud Security Center Launches a One-Click Anti-ransomware Feature

Alibaba Cloud Security Center released a one-click feature that provides multi-layer defense against ransomware.

Cloud-based Mining Botnet Trends in 2019: Mining Trojans Spreading as Worms

This article provides an in-depth analysis of the trends of mining trojans observed in 2019 based on the long-term monitoring data of the Alibaba Cloud Security team.

New Outbreak of h2Miner Worms Exploiting Redis RCE Detected

In this post, we'll discuss the recent outbreak of h2Miner worms, which exploit Redis's Remote Command Execution (RCE), and also share some useful security tips by the Alibaba Cloud Security team.

What Defenders Must Do to Fight Hackers and Cyber Attacks Using More Powerful Weapons?

By Wu Fan (Wufan) and Guo Weibo (Sangduo) Special thanks to: Huangxing, Cangbo, Muming, Xijun, Ziyi, Xuzheng, Nanxun, Suddy (In no particular order) ...

Six Key Elements of an Off-Premises Data Security System

This article enumerates six elements of an off-premises data security system, highlighted by Xiao Li, General Manager of Alibaba Cloud Intelligent Security division at the 2nd Data Security Summit.

How to Deal With DDoS Attacks on a Global Scale

This article discusses the new network security challenges under IPv6 and recommends the best practices of IPv6 DDoS defense by Alibaba Cloud to tackle DDoS attacks on a global scale.

Decoding the AI Defense System Behind Alibaba Cloud Web Application Firewall (WAF)

This article explains how the AI defense system of Alibaba Cloud's WAF solves security challenges concerning open-loop problem spaces and asymmetric positive and negative spaces.

Successful Defense against 6 Billion Attacks through Human-Machine Collaboration

This article explores how Alibaba Cloud security solutions helped ensure the success of this year's Alibaba Singles' Day (Double 11) Shopping Festival through human-machine collaboration.

Learn the Strategies and Tactics of Cryptocurrency Mining Trojans

This article will look at some common technologies and development trends of cryptocurrency mining Trojans, showing you how you can better project yourself.

Next-Gen Enterprise Security Based on Cloud-Native Technology

The senior director of the Cloud security department at Alibaba Cloud discusses the idea of next-gen enterprise security architecture designs based on cloud-native tech.

Solr Dataimport Vulnerability Becomes a New Attack Method for Mining Organizations

Alibaba Cloud security team has detected a new attack method using the Solr dataimport RCE vulnerability (CVE-2019-0193) that implants mining programs into target hosts.

Alibaba Cloud Offers FIPS Validated HSM for Crypto Key Security

Alibaba Cloud has announced the beta release of Managed HSM, a cloud-managed hardware security module to protect your most sensitive workloads and assets.

8220 Mining Group Now Uses Rootkit to Hide Its Miners

The Alibaba Cloud Security Team has recently discovered that the 8220 Mining Group began using rootkit to hide its mining programs.

A New Trend of DDoS Attacks: Mobile Devices Are Becoming a New Generation of Botnets

This article analyzes the characteristic features of a new trend of DDoS attacks launched by mobile botnets.

Xulu: Cryptojacking Leveraging Shodan, Tor, and Malicious Docker Container

Alibaba Cloud has recently detected Xulu, a mining botnet that deploys malicious containers by exploiting Docker's remote API unauthorized Access vulnerability.

Deep Dive into Cloud Firewall: Addressing Aggressive Mining Worms

This article provides an in-depth analysis of how Alibaba Cloud's Cloud Firewall addresses aggressive mining worms.

Return of Watchbog: Exploiting Jenkins CVE-2018-1000861

Watchbog, a cryptocurrency-mining botnet, has made a comeback by exploiting Jenkins CVE-2018-1000861 this time.

ImposterMiner Trojan Takes Advantage of Newly Published Jenkins RCE Vulnerability

Alibaba Cloud Security team has recently detected a crypto-mining attack which uses the newly published Jenkins RCE vulnerability as its attack vector.

Latest Comments

hertavein Commented on The Qakbot Family Extends: Introducing a New QBot Variant

From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! Keep up the good work .../.<a href=" http://www.jobz.pk/testresult/">Jobs test results</a>

Raja_KT Commented on Threat Alert: Multiple Cryptocurrency Miner Botnets Start to Exploit the New ThinkPHP Vulnerability

Thanks for the recommendation.

5697346405925554 Commented on Alibaba Cloud Discovers the Latest ThinkPHP v5 Vulnerability

Informative!Upgrade your shipping plans to digitally with ecourierz - best, cheapest and fastest courier service in India. For more details visit www.ecourierz.com

srowen Commented on Alibaba Cloud Security Team Discovers Apache Spark Rest API Remote Code Execution (RCE) Exploit

I am posting on behalf of the Apache Spark PMC. This is *not* considered a security vulnerability and should not be advertised as such. This simply says that if one runs an inherently private service (Spark standalone master), but without enabling any ACLs or network security to block public access to it, that it can be accessed publicly. Of course it can.There is in general no expectation that a Spark cluster is publicly accessible. (The standalone master is also intended for 'simple' usage, and secure environments typically use another resource manager with its own security mechanisms.) Undoubtedly, someone somewhere has left one running on the public internet. However, these are not software problems, but unreasonably poor choices from individual deployments.The remedy is indeed to not provide public access to these services, or otherwise adopt other Spark resource managers with more elaborate security integrations. We can improve documentation to make this very clear.However, this should not be described as a security vulnerability. It suggests there will be a CVE and that a software patch is required. It isn't. Normal network security practices, and other Spark resource manager mechanisms, provide security to prevent this.Of course, we would not normally post about this in public. I do so because this blog was posted publicly at the same time it was raised with the Apache Spark PMC. If it were a vulnerability requiring a fix, this disclosure would be considered highly irresponsible. We encourage anyone reporting a vulnerability to follow the standard protocol at https://apache.org/security/

No series yet.