GitLab Unauthorized Call Vulnerability (CVC-2023-5009) Notification
September 21, 2023
Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed an unauthorized call vulnerability in GitLab Enterprise Edition (EE). The vulnerability is a bypass of CVE-2023-3932. An attacker with low privileges can abuse the scan execution policy to run pipelines without the user’s consent. Successful exploitation of this vulnerability may allow […]
Feature Adaptations on Slave ADSM in a High Availability Environment
September 15, 2023
Sometimes, to ensure continuous business operations in the event of equipment failure, it is a common practice to configure High Availability (HA) using two ADSM devices. You can configure High Availability (HA) in ADSM by navigating to Administration > Local Settings > HA Configuration. Master: Slave: The master handles all services and periodically synchronizes heartbeat […]
Adobe Acrobat and Reader Arbitrary Code Execution Vulnerability (CVE-2023-26369) Notification
September 15, 2023
Overview Recently, NSFOCUS CERT monitored Adobe’s official security announcement and fixed an arbitrary code execution vulnerability (CVE-2023-26369). Due to a cross-border write flaw, an unauthenticated attacker could finally execute arbitrary code on the target system by exploiting this vulnerability. This vulnerability is being exploited in the wild. Affected users should take protective measures as soon […]
Microsoft September Security Updates for Multiple High-Risk Product Vulnerabilities
September 15, 2023
Overview On September 13, NSFOCUS CERT found that Microsoft had released a security update patch for September, fixing 61 security issues, involving Microsoft SharePoint Server, Visual Studio, Internet Connection Sharing (ICS), Microsoft Azure Kubernetes Service, Microsoft Exchange and other widely used products, including high-risk vulnerability types such as privilege enhancement, remote code execution, etc. Among […]
NSFOCUS Ranked No. 2 in China Network Detection and Response Market 2022
September 14, 2023
IDC has recently published its China Network Detection and Response (NDR) Market Report for 2022, which provides a comprehensive analysis of the market development, functions, and technologies pertaining to Network Detection and Response (NDR) products. The report specifically focuses on identifying and highlighting the leading NDR vendors in the industry. According to IDC’s estimates, NSFOCUS […]
Google Chrome Heap Buffer Overflow Vulnerability (CVS 2023-4863) Notification
September 13, 2023
Overview Recently, NSFOCUS CERT found that Google officially fixed a heap buffer overflow vulnerability (CVE-2023-4863). Due to a flaw in the WebP module, an attacker triggered the vulnerability by inducing users to visit a malicious website, which ultimately led to arbitrary code execution on the target system. At present, it has been detected that the […]
Turmoil in Libya: Major Industries Hit by Massive DDoS Attacks
September 12, 2023
I. Background In August, NSFOCUS Global Threat Hunting System spotted an abnormal trend of DDoS attacks against Libya. NSFOCUS Security Labs sorted out the traffic changes of DDoS attacks in August and found that this attack may be related to the turmoil in Libya in August by comparing it with key events in Libya in […]
Insights from Attack and Defense Drills: Strategies and Resilience
September 11, 2023
Recently, NSFOCUS SOC team summarized the findings from attack and defense drills in the first half of 2023. In these smokeless battles, the attackers advanced with aggressive strategies, while the defenders relied on comprehensive defense systems, taking measures from protecting, monitoring to tracing, and resisting every attempt to breach their defenses. Vulnerability and Asset Impact […]
Introduction to NSFOCUS WAF Apply Rule Database
September 11, 2023
In the versions before 6.0.7.3.61634, after users upgrade the NSFOCUS WAF Rule Database, they have to add the new rules one by one to the website’s policy based on the rule name or the rule number manually to apply the new policies. To improve user experience, the NSFOCUS WAF version 6.0.7.3.61634 has optimized this functionality. […]
Multiple Security Vulnerability Notifications on Apple Products
September 8, 2023
Overview Recently, NSFOCUS CERT has detected that Apple has officially repaired two 0day vulnerabilities in multiple Apple products. At present, it has detected that there are uses in wild. Affected users should take protective measures as soon as possible. The details of the vulnerability are as follows: Apple ImageIO Remote Code Execution Vulnerability (CVS 2023-41064): […]
