Good News! NSFOCUS Named as a Representative Vendor in Gartner® Market Guide for Security Orchestration, Automation and Response Solutions Again
July 4, 2023
Santa Clara, Calif. July 4, 2023 – We are thrilled to announce that NSFOCUS has been included as a Representative Vendor in Gartner Market Guide for Security Orchestration, Automation and Response Solutions again. It is the 2nd consecutive year for NSFOCUS to be listed in this report. This report provides a detailed analysis of the […]
Grafana Identity Authentication Bypass Vulnerability (CVS 2023-3128) Notification
June 30, 2023
Overview Recently, NSFOCUS CERT detected a vulnerability in Grafana’s authentication bypass (CVE-2023-3128). Azure AD can support multiple users with the same email address. When configuring Azure AD to support multiple users, unauthenticated attackers can exploit this vulnerability by creating malicious email account requests. Due to Grafana’s failure to uniquely authenticate Azure AD email accounts based […]
Global Threat Intelligence Function of NSFOCUS ADS
June 29, 2023
Powered by NSFOCUS Threat Intelligence (NTI), NSFOCUS ADS can block IP addresses that pose serious threats and high risks. To ensure data reliability, ADS updates intelligence data daily and provides available update time frames for users to select. For the purpose of preventing IP blocking by mistake, you can configure IP exceptions to exclude a […]
VMware vCenter Server Multiple High Risk Vulnerabilities Notification
June 28, 2023
Overview Recently, NSFOCUS CERT found that VMware’s official security announcement disclosed multiple vulnerabilities in VMware vCenter Server, which could be used by attackers to cause remote code execution, cross-border write and read, etc. Currently, the official version has been updated and fixed. Affected users should take protective measures as soon as possible. Key Vulnerabilities vCenter […]
An Insight into RSA 2023: Using AI to Synthesize De-identified Data
June 26, 2023
At the 2023 RSA conference, CISO and researchers from Virginia’s Department of Behavioral Health and Developmental Services shared a topic entitled ” Rise of the Machines: Achieving Data Security and Analytics with AI”. They proposed the use of artificial intelligence to rapidly synthesize “de-identified” data, thus avoiding significant resource consumption and human error. In this […]
Fortinet FortiNAC Remote Code Execution Vulnerability (CVS 2023-33299) Notification
June 26, 2023
Overview Recently, NSFOCUS CERT monitored that Fortinet officially fixed a Fortinet FortinaC remote code execution vulnerability (CVE-2023-33299). Unauthenticated remote attackers can exploit this vulnerability by sending a customized request to the service running on TCP port 1050, and an attacker who successfully exploits this vulnerability can execute arbitrary code on the target system. The CVSS […]
An Insight into RSA 2023: Capabilities Utilization for Container Escape
June 23, 2023
At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices. This article will provide a […]
An Insight into RSAC 2023: Build Cloud-Native Security Base Based on Zero Trust
June 21, 2023
At the 2023 RSA conference, Tracy Walker, Senior Security Engineer from SUSE NeuVector, shared with us a transparent (business- and environment-neutral) approach to blocking 0-Day attacks in K8S environments – Zero Trust Principle and demonstrated it using an open source tool, NeuVector. Based on Tracy’s zero-trust viewpoint and the SUSE solution, NSFOCUS security researcher explores […]
VMware Aria Operations for Networks Remote Code Execution Vulnerability (CVS 2023-20887) Notification
June 20, 2023
Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in VMware Aria Operations for Networks. Due to a specific flaw in the createSupportBundle method, the string entered by the user is not properly validated when executing system calls. Unauthenticated remote attackers can exploit this vulnerability through command injection, ultimately enabling the execution of arbitrary […]
Digital Transformation – New Era for Macau 2023
June 19, 2023
V-Transform Expo, June 16, 2023, Macau Tower Convention and Entertainment center, Macau NSFOCUS, a leading provider of network security solutions and services, exhibited at V-Transform Expo 2023 in Macau as Silver Sponsor, organized by Vastcom Technology Limited. Our team joined a day of insightful sessions on cybersecurity, artificial intelligence, digital transformation, machine learning, cloud computing…etc. NSFOCUS is your ideal partner […]
