Remote Code Execution Vulnerability between GeoServer and GeoTools (CVE-2024-36401/CVE-2024-36404) Notification
July 3, 2024
Overview Recently, NSFOCUS CERT detected that GeoServer and GeoTools issued security announcements and fixed the XPath expression injection vulnerability in GeoServer and GeoTools (CVE-2024-36404). As the GeoTools library API called by GeoServer will pass the attribute name of element type to commons-jxpath library in an insecure manner, this library can execute arbitrary code when parsing […]
OpenSSH Remote Code Execution Vulnerability (CVE-2024-6387) Notification
July 2, 2024
Overview Recently, NSFOCUS CERT detected that OpenSSH issued a security announcement and fixed the remote code execution vulnerability of OpenSSH (CVE-2024-6387). Due to a signal handler race condition issue in OpenSSH Server (sshd) under the default configuration, if the client does not authenticate within seconds of LoginGraceTime (120 seconds by default and 600 seconds in […]
NSFOCUS Named a Leader for Its ISOP in IDC MarketScape for China’s Extended Detection and Response (XDR) Platform Vendor Assessment
July 1, 2024
SANTA CLARA, Calif., July 01, 2024 — IDC, a leading global IT market research and consulting company, recently released IDC MarketScape: China’s Extended Detection and Response Platform 2024 Vendor Assessment (Doc# CHC51540824, June 2024, hereinafter referred to as the “Report”) to provide in-depth analysis and assessment of the XDR market trends, technological developments, and major […]
Introduction to NTA Auto-learning Function
June 28, 2024
The implementation of DDoS attack alerting relies on setting alert thresholds. Setting the threshold too high may result in false negatives, while setting it too low may lead to a high number of false positives. Therefore, it is crucial to establish appropriate thresholds. NTA provides automatically learn, record, and analyze network traffic from the IP […]
NSFOCUS Awarded Frost & Sullivan’s 2024 Best Practices Award for Managed Detection and Response Services
June 28, 2024
BEIJING, CHINA, June 28, 2024 – NSFOCUS, a leading global cybersecurity solution provider with over 20 years of industry experience, has been honored with the prestigious Frost & Sullivan 2024 Best Practices Award for its managed detection and response (MDR) services. This accolade recognizes NSFOCUS’s outstanding performance and innovation in the cybersecurity market. As cybersecurity […]
Efficiency is Key to Cybersecurity in the Post-Cloud Era
June 26, 2024
SANTA CLARA, Calif., June 26, 2024 — At the 16th Information Security Forum and 2024 RSAC Hot Topics Seminar held on June 7, 2024, Richard Zhao, Chief Operating Officer of International Business at NSFOCUS, presented the new picture of cybersecurity in the post-cloud era with his professional insights. Key Highlights Richard’s speech focused on three […]
Multiple High-risk Vulnerabilities (CVE-2024-37079/CVE-2024-37080/CVE-2024-37081) in VMware vCenter Server Notification
June 20, 2024
Overview Recently, NSFOCUS CERT detected that VMware released a security announcement to fix the heap overflow vulnerability (CVE-2024-37079/CVE-2024-37080) and privilege escalation vulnerability (CVE-2024-37081) in VMware vCenter Server. At present, the official version has been fixed. Please take measures for protection. CVE-2024-37079/CVE-2024-37080: Because the vCenter Server has a heap overflow vulnerability when executing the DCERPC protocol, […]
NSFOCUS Leads the Market with Advanced WAAP Technology
June 19, 2024
SANTA CLARA, Calif., June 19, 2024 – NSFOCUS, a global leader in cybersecurity solutions, proudly announces that in the recently released IDC report, China WAAP Vendor Technology Capability Assessment, 2024, NSFOCUS’s WAAP technology received outstanding evaluations with perfect scores in five key areas: Web Application Firewall (WAF), Bot Traffic Management, Threat Intelligence, Application-layer DDoS Protection, […]
Microsoft’s Security Update Notification in June of High-Risk Vulnerabilities in Multiple Products
June 18, 2024
Overview Recently, NSFOCUS CERT detected that Microsoft released a security update patch for June, which fixed 49 security issues involving widely used products such as Windows, Azure, Microsoft Office and Microsoft Visual Studio, including high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed in Microsoft’s monthly update this month, there […]
NTA Model Limitation for Upgrade to Version 4.5R90F05
June 14, 2024
The models that support upgrading to V4.5R90F05 are NX3-HD2100/HD2200/HD3000 /vNTA. Due to hardware device limitations (including but not limited to memory, data disk size, etc.) used in the NTA NX3-1000E/2000E model, upgrading the system to V4.5R90F05 is highly likely to result in the system not functioning properly. Therefore, upgrading the software version to V4.5R90F05 is […]
