January - Release of the 2023 Global DDoS Landscape Report In the 2023 Global DDoS Landscape Report, NSFOCUS proposed important insights on global DDoS threats. DDoS attacks have become an indispensable weapon in cyber warfare, attackers are gradually favoring the use of Virtual Private Server (VPS) as attack sources, and...
Year: 2024
NSFOCUS ISOP Listed in The Security Analytics Platform Landscape Report by Forrester
SANTA CLARA, Calif., December 30, 2024 – We are thrilled to announce that NSFOCUS was selected as the notable vendor of Forrester The Security Analytics Platform Landscape, Q4 by its ISOP (Intelligent Security Operations Platform) with built-in NSFGPT AI assistant and AI-empowered security operation scenarios. “The security analytics platform is...
Adobe ColdFusion Any File Read Vulnerability (CVE-2024-53961)
Overview Recently, NSFOCUS CERT detected that Adobe issued a security announcement and fixed any file read vulnerability in Adobe ColdFusion (CVE-2024-53961). Due to improper restrictions on pathnames in Adobe ColdFusion, unauthenticated attackers can bypass the application's restrictions to read files or directories outside of the restricted directory. As a result,...
Apache Tomcat Conditional Competition Code Execution Vulnerability (CVE-2024-50379)
Overview Recently, NSFOCUS CERT detected that Apache issued a security announcement, fixing the Apache Tomcat conditional competition code execution vulnerability (CVE-2024-50379). Due to the inconsistency between Windows file system and Tomcat in case-distinguishing processing of paths, when the write function of default servlet is enabled (set readonly=false and allow PUT...
Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677)
Overview Recently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the Apache Struts arbitrary file upload vulnerability S2-067 (CVE-2024-53677). Due to a logical defect in the file upload function, an unauthenticated attacker can perform path traversal by controlling the file upload parameters, thereby uploading malicious files to achieve...
Microsoft’s December Security Update of High-Risk Vulnerabilities in Multiple Products
Overview On December 11th, NSFOCUS CERT monitored that Microsoft released the December security update patch, fixing 72 security issues involving widely-used products such as Windows, Windows LDAP, Microsoft Office, Windows Remote Desktop Services, and Microsoft SharePoint. These include high-risk vulnerability types such as privilege escalation and remote code execution. Among...
