Overview On November 2, 2022, NSFOCUS CERT detected that openssl officially released a security notice and fixed multiple buffer overflow vulnerabilities in OpenSSL. OpenSSL is an open source software library package. Applications can use this package to communicate securely, avoid eavesdropping, and confirm the identity of the other end of...
Year: 2022
Threats against Software Supply Chain Security
In the last post of this series, we had an overview of software supply chain security and summarized some observations during the research. You can read the previous post here. In this post, we’re going to talk about the threats faced by the software supply chain. Globalized economic development...
Google Chrome Remote Code Execution Vulnerability (CVE-2022-3723) Alert
Overview Recently, NSFOCUS CERT monitored that Google Chrome has officially released a security bulletin and fixed a remote code execution vulnerability in Chrome V8 (JavaScript engine). Due to a type confusion vulnerability in Chrome V8, a remote attacker could exploit the vulnerability to execute arbitrary code on the target system....
Introduction of RESTful APIs for NIPS Version 5610 and 5611
A RESTful API means that API works in REST standard. RESTful API requires the front end to send requests in one predefined format, so the server only needs to use one unified interface to process. NSFOCUS NIPS can use RESTful API to get the device information or change settings. API...
Stay Alert to Traps in Updates: A New Variant of Magniber Ransomware
Overview The Magniber is a notorious ransomware. Unlike the common ransomware families such as Hive and LockBit that target companies, it is primarily used to blackmail individuals with a relatively low ransom around USD 2,500. The Magniber ransomware can neither be transmitted automatically nor used to upload user files, but...
GovWare Focus 2022
GovWare 2022 went back in-person in Singapore from 18th to 20th Oct 2022. The conference & exhibition was held with the theme of “Fostering a safe and sustainable cyberspace amidst disruption.†At the 3-day event, Richard, Hai Siang, Meng Kiat and Cindy were there to introduce our newly launched Cloud WAAP service, DDoS...
