Overview Recently, NSFOCUS CERT found that VMware's official security announcement disclosed multiple vulnerabilities in VMware vCenter Server, which could be used by attackers to cause remote code execution, cross-border write and read, etc. Currently, the official version has been updated and fixed. Affected users should take protective measures as soon...
Year: 2023
O que é vazamento de dados? Como se proteger quando acontecer
Você já recebeu um e-mail ou uma mensagem de texto informando que seus dados pessoais foram expostos por algum site ou aplicativo que você usa? Se sim, você foi vítima de um vazamento de dados, situação cada vez mais comum na era digital. Mas o que isso significa e quais...
An Insight into RSA 2023: Using AI to Synthesize De-identified Data
At the 2023 RSA conference, CISO and researchers from Virginia's Department of Behavioral Health and Developmental Services shared a topic entitled " Rise of the Machines: Achieving Data Security and Analytics with AI". They proposed the use of artificial intelligence to rapidly synthesize "de-identified" data, thus avoiding significant resource consumption...
Fortinet FortiNAC Remote Code Execution Vulnerability (CVS 2023-33299) Notification
Overview Recently, NSFOCUS CERT monitored that Fortinet officially fixed a Fortinet FortinaC remote code execution vulnerability (CVE-2023-33299). Unauthenticated remote attackers can exploit this vulnerability by sending a customized request to the service running on TCP port 1050, and an attacker who successfully exploits this vulnerability can execute arbitrary code on...
An Insight into RSA 2023: Capabilities Utilization for Container Escape
At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices....
An Insight into RSAC 2023: Build Cloud-Native Security Base Based on Zero Trust
At the 2023 RSA conference, Tracy Walker, Senior Security Engineer from SUSE NeuVector, shared with us a transparent (business- and environment-neutral) approach to blocking 0-Day attacks in K8S environments – Zero Trust Principle and demonstrated it using an open source tool, NeuVector. Based on Tracy's zero-trust viewpoint and the SUSE...
