Oracle January Critical Patch Update for All Product Families
January 24, 2022
Overview On January 19, 2022, NSFOCUS CERT monitoring found that Oracle officially released the CPU (Critical Patch Update) in January. A total of 497 vulnerabilities of varying degrees were fixed this time. This security update involves Oracle WebLogic Server. , Oracle MySQL, Oracle Java SE, Oracle FusionMiddleware, Oracle Retail Applications and many other common products. […]
Cutting-Edge Technologies Empowering Data Sharing and Computing Between Enterprises
January 19, 2022
Compliance has seen radical changes in the requirements and driving force of data security and a broader category of data objects under data security protection. Application scenarios covered by data security will become more diversified, and data security requirements will cover all phases of the data lifecycle. In order to better cope with the challenges […]
Apache Dubbo Remote Code Execution Vulnerability (CVE-2021-43297) Notification
January 13, 2022
Overview On January 12, NSFOCUS CERT found that Apache issued a security notice to fix a remote code execution vulnerability (CVE-2021-43297) in Dubbo. Due to a deserialization vulnerability in Dubbo’s hessian-lite, an unauthenticated attacker could exploit the vulnerability to remotely execute arbitrary code on the target system. Most Dubbo users use Hessian2 as the serialization/deserialization […]
Cutting-Edge Technologies Empowering Data Security Governance Within Enterprises
January 5, 2022
Compliance has seen radical changes in the requirements and driving force of data security and a broader category of data objects under data security protection. Application scenarios covered by data security will become more diversified, and data security requirements will cover all phases of the data lifecycle. In order to better cope with the challenges […]
Analysis of Log4j2 0-Day Vulnerability from the Perspective of Supply Chain
December 23, 2021
The outbreak of Log4j2 vulnerability has caused an uproar all over the world, with a wide range of influence and great harm second to none. The event is a typical supply chain event caused by open source software. The vulnerability of upstream software affects the products of downstream industries. The complex dependency expands the scope […]
3 Steps to Mitigate the Log4j2 Vulnerabilities Using NSFOCUS WAF
December 21, 2021
On December 9, NSFOCUS monitored the disclosure of the Apache Log4j2 remote code execution vulnerability (CVE-2021-44228) on the Internet. Apache Log4j2 is an open source Java logging framework, which is widely used in middleware, development frameworks and web applications to record log information. The vulnerability PoC has been made public on the Internet and can […]
ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021
December 20, 2021
Overview The update involves (CVE-2021-45046) and (CVE-2021-45105) vulnerability information, scope of influence, product rules, official version and workaround. On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the recursive parsing of some functions of apachelog4j2, unauthenticated attackers can execute arbitrary code on target servers by […]
Microsoft December Security Updates for Multiple High-Risk Product Vulnerabilities
December 16, 2021
Overview On December 15th, NSFOCUS CERT monitored that Microsoft released the December security update patch, which fixed 67 security issues, involving widely used products such as Windows, Microsoft Office, Microsoft Visual Studio, and Microsoft PowerShell, including privilege escalation, remote Types of high-risk vulnerabilities such as code execution. Among the vulnerabilities fixed by Microsoft’s monthly update […]
ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert
December 15, 2021
Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the recursive parsing of some functions of apachelog4j2, unauthenticated attackers can execute arbitrary code on target servers by sending a specially constructed data request packet. The vulnerability PoC has been disclosed on the Internet and […]
Cutting-Edge Technologies Empowering Security and Compliance of User Privacy Data
December 8, 2021
Compliance has seen radical changes in the requirements and driving force of data security and a broader category of data objects under data security protection. Application scenarios covered by data security will become more diversified, and data security requirements will cover all phases of the data lifecycle. In order to better cope with the challenges […]