Cyber Heist, Aug 1-2, 2023, The Globe Tower in BGC, Taguig City, Philippines. This event aims to raise awareness of common cybersecurity threats by immersing the attendees in simulations of cybersecurity breach scenarios. Our experts discussed with audiences about the best course of action in real-world scenarios, and showcased our security...
Author: NSFOCUS
Metabase Remote Code Execution Vulnerability (CVS 2023-37470)
Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in Metabase (CVE-2023-37470). Due to a flaw in the vulnerability fix for CVS 2023 38646, attackers can achieve remote code execution through H2 connection string injection. Affected users should take protective measures as soon as possible. Reference link: https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83 Scope...
“Save” and “Apply” Buttons on ADS Configuration Page
When working with the ADS, it is important to understand the role of the "Apply " and "Save" buttons located in the upper-right corner of the configuration pages. Apply: Clicking the “Apply†button will apply and enforce the configuration changes, making them effective in the RAM of the ADS. These...
NSFOCUS ISOP: XDR Technology Empowered with Strong SOAR Capabilities for Modern SOC
SANTA CLARA, Calif., Aug 3, 2023 – NSFOCUS, a global provider of intelligent hybrid security solutions, today announced the general availability of NSFOCUS Intelligent Security Operations Platform (ISOP), an innovative security analytics and intelligent operations platform that can streamline the security analyst experience, rejuvenate threat response efficiency and improve security...
QNAP Multiple Vulnerabilities Notification
Overview Recently, NSFOCUS CERT monitored that QNAP officially released the QVPN code execution vulnerability and QANP denial-of-service vulnerability. Affected users should take protective measures as soon as possible. VPN Code Execution Vulnerability (CVS 2022-27595): There is a code execution vulnerability in the Windows version of the QVPN client, which can...
Metabase Remote Code Execution Vulnerability (CVS 2023-38646) Notification
Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in Metabase (CVE-2023-38646). Unauthenticated attackers can successfully exploit this vulnerability to execute arbitrary commands with Metabase server privileges on the target server. Affected users should take protective measures as soon as possible. Reference link: https://www.metabase.com/blog/security-advisory Scope of Impact Affected version...
