Blog

Linux Kernel Arbitrary Code Execution Vulnerability (CVE-2021-3490) Threat Alert

September 18, 2021 | Jie Ji

Overview Recently, NSFOCUS CERT found that a security researcher published details and the PoC of an arbitrary code execution vulnerability (CVE-2021-3490) in eBPF and exploited this vulnerability to cause local privilege escalation on Ubuntu 20.10 and 21.04. This vulnerability exists because the eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the […]

Cloud Native Security in Infrastructure Construction

September 15, 2021 | Jie Ji

Cloud native security is the development trend of cloud security in the coming years. On the one hand, inherent security of cloud native is worthy of in-depth study. On the other hand, with the reconstruction and upgrade of infrastructure, there is a clear trend towards the integration of cloud native technologies and information infrastructure. 5G, edge […]

Top Four Risks When Using Serverless Function in Cloud Native Applications

September 10, 2021 | Jie Ji

Serverless is a new computing mode of the cloud native architecture, mainly taking the form of function as a service (FaaS). For the serverless mode, developers will write a function and define when and how to invoke it and then the function will run in the server provided by the cloud provider. All developers need […]

API Security in Cloud Native Applications

September 7, 2021 | Jie Ji

Cloud native applications, based on the microservice architecture, interact with each other by sending requests or response through APIs. Arguably, API communications play an essential role in interactions of cloud native applications. Therefore, API security is an indispensable part of cloud native application security. API-related security issues shown below have a direct impact on security […]

INFRAHALT: NicheStack TCP/IP Stack High-Risk Vulnerabilities Threat Alert

September 3, 2021 | Jie Ji

Overview Recently, researchers from JFrog and Forescout released a joint report to publicly disclose 14 security vulnerabilities (collectively referred to as INFRA:HALT) in the NicheStack TCP/IP stack, announcing that these vulnerabilities could lead to remote code execution, denial of service, information disclosure, TCP spoofing, or DNS cache poisoning. Researchers noted that attackers that successfully exploited […]

Zero-Trust Cloud Native Network Security Enabled by Micro-segmentation

August 31, 2021 | Jie Ji

Traditional networks or virtual networks have employed network segregation technologies like VLAN or VPC which are, however, more often used for segregation of deterministic networks or tenant networks. In cloud native environments, containers or microservices have a shorter lifecycle and change more frequently compared with traditional networks or tenant networks. Complex business access relationships are […]

Exim Remote Code Execution Vulnerability (CVE-2020-28020) Threat Alert

August 30, 2021 | Jie Ji

Overview In May, Qualys publicly disclosed 21 security vulnerabilities in the Exim server, announcing that these vulnerabilities affected all Exim versions released after 2004 and most of them can be exploited in default configurations. Recently, NSFOCUS found that certain vulnerability details and PoCs were publicly available. Among the vulnerabilities, the most severe one is the […]

Microsoft August Security Updates for Multiple High-Risk Product Vulnerabilities

August 27, 2021 | Jie Ji

Overview According to NSFOCUS CERT’s monitoring, Microsoft released August 2021 Security Updates on August 11 to fix 46 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, ASP.NET Core, Visual Studio, and Azure. This month’s security updates fix seven critical vulnerabilities and 39 important ones, including three […]

Security Visibility Augmented by Cloud Native

August 25, 2021 | Jie Ji

In the cloud native era, containerized infrastructure makes possible much more lightweight applications that run faster. Dozens or even hundreds of containers can be rapidly deployed and run on a host. What’s more, Kubernetes and other container orchestration platforms provide excellent security management mechanisms like load balancing, task scheduling, and fault tolerance. Therefore, in a […]

Windows Privilege Escalation Vulnerability (CVE-2021-36934) Threat Alert

August 24, 2021 | Jie Ji

Overview Recently, NSFOCUS CERT discovered a critical security bulletin released by Microsoft to disclose a privilege escalation vulnerability (CVE-2021-36934) in Windows. A privilege escalation vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files (including the Security Account Manager (SAM) database). When a built-in administrator account is enabled in the system, […]