NSFOCUS DDoS Protection Service Neutralized a Terabit-Scale DDoS Attack

December 10, 2024 | NSFOCUS

In Q4 of 2024, NSFOCUS observed and successfully mitigated the largest DDoS attack ever recorded under the cloud-based DDoS Protection Service (DPS). This massive DDoS attack targeted a telecommunications service provider, one of NSFOCUS’s global clients. The telecommunications industry frequently faces such cyber threats. However, the scale of this attack was unprecedented, with peak traffic […]

NSFOCUS’s Coogo: An Automated Penetration Testing Tool

December 6, 2024 | NSFOCUS

The video above demonstrates an automated penetration test in a simple container escape scenario. In this video, in addition to using NSFOCUS’s open-source cloud-native cyber range software Metarget (for quickly and automatically building vulnerable cloud-native target machine environments), NSFOCUS’s own developed cloud-native attack suite Coogo is also utilized. Today, we will provide a brief introduction […]

Metarget Update: Enhanced Open-Source Cyber Range with Over 330 Vulnerabilities and Seamless One-Click Recovery

December 4, 2024 | NSFOCUS

When researching vulnerabilities, we often find that environment setup takes up a significant amount of time, and in comparison, the actual time spent testing PoCs and exploits may be relatively short. Meanwhile, there are excellent security projects in the open-source community, such as Vulhub and VulApps, which package vulnerability scenarios into images, allowing researchers to […]

Zabbix Server SQL Injection Vulnerability (CVE-2024-42327)

December 3, 2024 | NSFOCUS

Overview Recently, NSFOCUS CERT detected that Zabbix released a security announcement and fixed the SQL injection vulnerability (CVE-2024-42327) of Zabbix server. Due to the SQLi vulnerability in the CUser class in the addRelatedObjects function, attackers with default user permission or API access can call the CUser.get function. This could lead to unauthorized access to sensitive […]

Alert: XorBot Comes Back with Enhanced Tactics

November 21, 2024 | NSFOCUS

I. Overview According to the monitoring by NSFOCUS, since the beginning of 2024, a new-type botnet family with a high level of anti-tracking awareness—XorBot—has been continuously updating its versions and introducing new features, undergoing significant changes. This botnet family first emerged in November 2023 and was exclusively disclosed by the NSFOCUS Security Labs in December […]

Microsoft’s Security Update in November on High-Risk Vulnerabilities in Multiple Products

November 15, 2024 | NSFOCUS

Overview On November 13, NSFOCUS CERT detected that Microsoft released a security update patch for November, which fixed 89 security issues, including Windows, Microsoft SQL Server, Microsoft Office, Azure, Open Source Software, Microsoft Visual Studio, System Center and other widely used products, including high-risk vulnerabilities such as privilege escalation vulnerability and remote code execution vulnerability. […]

Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2024-21216)

November 8, 2024 | NSFOCUS

Overview Recently, NSFOCUS CERT detected that Oracle issued a security announcement and fixed the deserialization vulnerability in WebLogic Server (CVE-2024-21216). Since WebLogic does not strictly filter incoming data through the T3/IIOP protocol, when the T3/IIOP protocol is enabled, an unauthenticated remote attacker sends a special request to the server through the T3/IIOP protocol to execute […]

Behind the 2024 US Election Curtain: Cyberwar’s Silent Sabotage

November 7, 2024 | NSFOCUS

On November 5th, Eastern Standard Time, the United States held its 47th presidential and congressional elections. The 2024 US election process, which began with the Republican Party’s candidate nomination on July 15th, concluded after nearly four months of intense campaigning. Former President Donald Trump and his Republican Party secured a decisive victory, with Trump projected […]

Discover NSFOCUS RSAS V6.0R04F04’s Enhanced Web Scanning Capabilities

November 6, 2024 | NSFOCUS

The recently released RSAS version, V6.0R04F04, not only boasts a refreshed user interface but also packs a punch with enhanced web scanning capabilities. In addition to the already impressive Web Crawler 2.0, which is capable of handling front-end and back-end separated architectures, we’ve fortified the crawler engine with new features and a brand-new policy configuration […]

What is a Cyber Range?

November 5, 2024 | NSFOCUS

Today, we’re diving into the fascinating world of cyber ranges—a critical component in the ever-evolving landscape of cybersecurity. But what exactly is a cyber range? Let’s break it down. What is a Cyber Range? A cyber range is a sophisticated environment that leverages technologies such as virtualization, hybrid reality, security orchestration, behavior and traffic simulation, […]

Search

Subscribe to the NSFOCUS Blog