Cutting-Edge Technologies Empowering Security and Compliance of User Privacy Data

December 8, 2021 | Jie Ji

Compliance has seen radical changes in the requirements and driving force of data security and a broader category of data objects under data security protection. Application scenarios covered by data security will become more diversified, and data security requirements will cover all phases of the data lifecycle. In order to better cope with the challenges […]

Compliance-driven Data Security

November 30, 2021 | Jie Ji

In the big data era, data receives more and more attention. Deep integration of big data and artificial intelligence (AI) has produced a profound and widespread impact on all walks of life, including government, finance, carriers, electricity, and the Internet. In addition, the circulation and release of data value have further promoted the development of […]

GitLab Remote Command Execution Vulnerability (CVE-2021-22205) Threat Alert

November 23, 2021 | Jie Ji

Overview Recently, NSFOCUS monitored that researchers disclosed the exploitation program of GitLab remote command execution vulnerability (CVE-2021-22205), and found that the existence of unauthorized endpoints in GitLab cause the vulnerability exploitable without authentication. Both Community Edition (CE) and Enterprise Edition (EE) are affected. On April 15, GitLab official released a security update to fix the […]

CODESYS V2 Multiple High-Risk Vulnerabilities Threat Alert

November 22, 2021 | Jie Ji

Overview Recently, CODESYS officially issued four security update advisories that fixed 10 vulnerabilities in CODESYS V2. NSFOCUS received a letter of acknowledgement from CODESYS for NSFOCUS Gewu Lab’s reporting of three vulnerabilities that were rated high-risk. All of the three vulnerabilities are exploited for attacks via private communication protocols supported by CODESYS runtime. By using […]

Oracle October Critical Patch Update for All Product Families

November 16, 2021 | Jie Ji

Overview On October 20, 2021, NSFOCUS detected that Oracle released the October Critical Patch Update (CPU), which fixed 419 vulnerabilities of varying risk levels. The update involves multiple commonly used products, such as Oracle MySQL, Oracle WebLogic Server, Oracle Java SE, Oracle Fusion Middleware and Oracle Retail Applications. Oracle strongly recommends that users fix these […]

AISecOps Development Trend

November 10, 2021 | Jie Ji

As an old saying goes, “Rome was not built in a day”, it is impossible to build AISecOps capabilities simply by following the example of other businesses. In fact, the most topical and mature AI technology is widely applied, but needs to be delved a little deeper. For instance, typical intelligence services like intelligence speech […]

AISecOps Technology and System

November 3, 2021 | Jie Ji

Core Connotations Literally, AISecOps is composed of three core technologies, i.e. AIOps, AISec, and SecOps. AISec-enabled technology fusion brings new expectations to the industry. Both AI security and AI-based security applications have become hot topics in academia and industry. AI has been successfully applied in multiple single-point security technologies and specified scenarios, such as malware […]

Microsoft October Security Updates for Multiple High-Risk Product Vulnerabilities

October 27, 2021 | Jie Ji

Overview According to NSFOCUS CERT’s monitoring, Microsoft released October Security Updates on October 13 to fix 81 vulnerabilities, including high-risk vulnerabilities like privilege escalation and remote code execution, in widely used products like Windows, Microsoft Office, Microsoft Visual Studio, and Exchange Server. This month’s security updates fix 3 critical vulnerabilities and 70 important ones, including […]

VMware vCenter Server Multiple High-Risk Vulnerabilities Threat Alert

October 22, 2021 | Jie Ji

Overview According to NSFOCUS CERT’s monitoring, VMware’s official security advisory, disclosing multiple vulnerabilities in VMware vCenter Server on September 22. Those issues allow attackers to cause information disclosure, privilege promotion and remote code execution. Now VMware has released security updates to fix the vulnerabilities. Affected users are advised to take measures for protection. vCenter Server […]

SecOps Development: Brief History, Outlook and Challenges

October 20, 2021 | Jie Ji

With the boom of the global digital economy, cybersecurity is converging with the Internet of Things (IoT), industrial Internet, cloud computing, and 5G, bringing about disruptive changes to security in various aspects, including traditional physical security, biological security, public security, and national security. Meanwhile, the attack surface keeps expanding in cyberspace as malicious attackers, larger […]