Santa Clara, Calif. June 4, 2022 – NSFOCUS, a leader in holistic hybrid security solutions, today announced it launch new capabilities to NSFOCUS Cloud Security Services at RSA Conference 2022 to be held in San Francisco at Moscone Center from June 6 to 9, with the aim of offering extensive security...
Author: Jie Ji
Come and Meet NSFOCUS Next Week at RSA Conference 2022
RSA Conference 2022 will kick off in San Francisco on June 6, 2022. The theme of RSA Conference 2022 is Transform[i], which is a further extension of last year's theme Resilience. Resilience can be the emergency and recovery capabilities of small and medium organizations facing cyber threats, and the survival...
Millions of Devices May Be Affected, and Yeskit Botnet Family Spreads on a Massive Scale by Exploiting F5 BIG-IP Vulnerability
Background On May 4, 2022, F5 issued a security bulletin regarding a remote code execution vulnerability in iControlREST component of BIG-IP products. The CVE number of the vulnerability is CVE-2022-1388. The vulnerability can bypass authentication and remotely execute arbitrary code with a vulnerability score of CVSS up to 9.8....
Research and Analysis of Middlebox-based TCP Reflective Amplification Attacks
Abstract In August 2021, Kevin Bock and his team from the University of Maryland and the University of Colorado Boulder proposed a new TCP reflective amplification attack method initiated by the middlebox at the USENIX conference. (See more details at https://geneva.cs.umd.edu/papers/usenix-weaponizing-ddos.pdf) In mid-April this year, NSFOCUS spotted that one of...
NSFOCUS Managed Security Service Case: Response to a Hybrid SYN/ACK Flood Incident
Incident discovered In early 2021, a private cloud service provider in the United States was hit by a massive hybrid SYN Flood attack. As the service provider is a customer of NSFOCUS Cloud DDoS Protection Service and subscribed with Managed Security Service (MSS), the malicious traffic is noticed instantly by...
Multiple OpenSSL Security Vulnerabilities Alerts
Overview Recently, NSFOCUS CERT found that OpenSSL issued a security notice, which fixed multiple security vulnerabilities in OpenSSL products. OpenSSL is an open source software library package. Applications can use this package to communicate securely, avoid eavesdropping, and confirm the identity of the other end of the connection. It is...
