Overview According to NSFOCUS CERT's monitoring, Microsoft released August 2021 Security Updates on August 11 to fix 46 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, ASP.NET Core, Visual Studio, and Azure. This month's security updates fix seven critical vulnerabilities and...
Author: Jie Ji
Security Visibility Augmented by Cloud Native
In the cloud native era, containerized infrastructure makes possible much more lightweight applications that run faster. Dozens or even hundreds of containers can be rapidly deployed and run on a host. What's more, Kubernetes and other container orchestration platforms provide excellent security management mechanisms like load balancing, task scheduling, and...
Windows Privilege Escalation Vulnerability (CVE-2021-36934) Threat Alert
Overview Recently, NSFOCUS CERT discovered a critical security bulletin released by Microsoft to disclose a privilege escalation vulnerability (CVE-2021-36934) in Windows. A privilege escalation vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files (including the Security Account Manager (SAM) database). When a built-in administrator account...
NSFOCUS Appraised Maturity Level 5 of CMMI Development V2.0
We are very excited to announce that NSFOCUS has been appraised at Maturity Level 5 of the CMMI Institute’s Capability Maturity Model Integration (CMMI)® Version 2.0. CMMI is a proven set of global best practices that drives business performance through building and benchmarking key capabilities. It is an integrated framework of...
SASE, Born for Digital Age
SASE (Security Access Services Edge, pronounced sassy /ˈsæsi/) is a network security service architecture introduced by Gartner in 2019. Gartner defines it as “an emerging offering combining comprehensive WAN capabilities with comprehensive network security functions (such as SWG, CASB, FWaaS, and ZTNA) to support the dynamic security access needs of digital...
-e1619596788284.jpg)
Security Risks and Threats of Containerized Infrastructure
As a kind of lightweight virtualization technology, containers run in the operating system kernel of a host. Therefore, traditional security issues remain in hosts and networks. Besides, container escape risks, container image risks, virtual network risks, and configuration risks will become new security threats facing containerized infrastructure. Attacks on Container...
