From November 21, 2022 to December 4, 2022, NSFOCUS Security Labs found activity clues of 60 APT groups, 2 malware families (Mozi ransomware and Banload Trojan horse), and 510 threat actors targeting critical infrastructure. APT Groups Among the 60 discovered APT groups, the APT group Outlaw affected the most significant...
Year: 2022
Citrix ADC and Citrix Gateway Remote Code Execution Vulnerability (CVE-2022-27518)
Overview On December 14, NSFOCUS CERT detected that Citrix officially released a remote code execution vulnerability (CVE-2022-27518) in Citrix ADC and Gateway. Due to deficiencies in the system's control over the lifecycle of resources, an unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on a target system...
Security Concept for Software Supply Chain (Part 2) — Assessable Capabilities of Software Supply Chain Compositions
To deal with threats from supply chains and ensure the security of their own IT infrastructure, companies shall set a list of software compositions to sort out the supply chain products, identify and manage key software suppliers, control security risks through security assessments at all stages of the life cycle...
Fortinet FortiOS sslvpnd Remote Code Execution Vulnerability (CVE-2022-42475)
Overview Recently, NSFOCUS CERT detected that Fortinet officially fixed a remote code execution vulnerability (CVE-2022-42475) in FortiOS sslvpnd. Due to the flaw in sslvpnd's validation of user input, an unauthenticated attacker can trigger a buffer overflow by sending a specially crafted packet, which can eventually execute arbitrary code on the...
Mapa de conhecimento de segurança: o que é e como funciona?
O mapa de conhecimento de segurança é a chave para a realização da inteligência cognitiva em segurança cibernética, e também estabelece uma base tecnológica indispensável para lidar com ameaças e riscos avançados, contínuos e complexos no ciberespaço. Com o desenvolvimento das principais tecnologias de infraestrutura de informação, como computação em...
Thinkphp Remote Code Execution Vulnerability Alert
Overview Recently, NSFOCUS CERT has monitored that the exploit details of the Thinkphp remote code execution vulnerability are publicly disclosed on the Internet. Due to the incoming parameter inspection defect in the Thinkphp program, when Thinkphp enables the multilingual function, unauthenticated attackers can pass in parameters through get, header, cookie,...
