NSFOCUS Listed in Gartner® 2023 Market Guide for Security Threat Intelligence Products and Services Again
June 1, 2023
Santa Clara, Calif. June 1, 2023 – We are proud to announce that NSFOCUS has been included in the Gartner®2023 Market Guide for Security Threat Intelligence Products and Services[1] as a representative vendor for 3 years in a row. According to this report published in May, “Security and risk management leaders struggle to know what […]
Apache RocketMQ Remote Code Execution Vulnerability (CVS 2023-33246)
June 1, 2023
Overview Recently, NSFOCUS CERT found that the PoC of Apache RocketMQ remote code execution vulnerability (CVE-2023-33246) was publicly disclosed online. Due to the lack of appropriate permission verification in some components such as NameServer, Broker, and Controller of RocketMQ, they were unintentionally exposed to the external network. In specific circumstances, attackers can execute commands or […]
Illegal Download Protection
June 1, 2023
When a client downloads a file from a server, NSFOCUS WAF performs protection based on the file type, file size or MIME type. If the download file matches an illegal download restriction policy, NSFOCUS WAF allows or blocks the download based on the corresponding action specified in the policy, and logs the event. On the […]
An Insight into RSAC 2023: Cooperation is the Key to Strengthening Cybersecurity
May 30, 2023
“Stronger Together” is the theme of the RSA Conference this year. Under the trend that the cyber security industry not only deeply participates in international competition to ensure technological advancement, but also continues to strengthen independent innovation ability, this theme reflects the development vitality and unique confrontation characteristics of this industry and is in line […]
How does NIPS Block or Pass a Specific IP Address?
May 30, 2023
Q: How does NIPS block traffic from a specific IP address or allow such traffic to pass? A: From version 5.6R11, NIPS introduces the global blacklist and whitelist. NIPS deems traffic from IP addresses in the global blacklist to be malicious by default and directly blocks such traffic. As for traffic from the allowed IP […]
GitLab Arbitrary File Read Vulnerability (CVS 2023-2825)
May 29, 2023
Overview Recently, NSFOCUS CERT found that GitLab officially issued a security notice, fixing an arbitrary file reading vulnerability (CVE-2023-2825) in GitLab Community Edition (CE) and Enterprise Edition (EE). When there are attachments in public projects nested in at least five groups, unauthenticated remote attackers use the upload function to traverse the path, resulting in reading […]
Software Supply Chain Security Solution – Supply Chain Security Supervision (Part 2)
May 25, 2023
Continued from the previous post: Software Supply Chain Security Solution – Supply Chain Security Supervision (Part 1) II. Open-source Software Risk Monitoring Driven by the open source community and the continuous development of open source, open source software is widely used in practical engineering projects, and the number is growing rapidly. The number of open […]
Software Supply Chain Security Solution – Supply Chain Security Supervision (Part 1)
May 25, 2023
NSFOCUS Security Labs is keeping an eye out for the trends in supply chain security and is pleased to share observations and thoughts with our blog readers. You will see the links for more posts we published about software supply chain security at the end of the article. In the next several posts, we are going to […]
Smart Cybersecurity Summit Thailand
May 24, 2023
Smart Cybersecurity Summit Thailand, May 24, 2023, Queen Sirikit National Convention Centre, Bangkok NSFOCUS, a leading provider of network security solutions and services, exhibited at Smart Cybersecurity Summit Thailand 2023 in Bangkok as Silver Sponsor, organized by Cyber Security World on May 24, 2023. NSFOCUS team presented our solutions and services to booth visitors with […]
Pay Attention to New SLP Vulnerability That May Lead to Massive DDoS Amplification Attacks
May 23, 2023
A new reflective Distributed-Denial-of-Service (DDoS) amplification vulnerability was recently discovered in the Service Location Protocol (SLP), which allows attackers to achieve a high amplification factor of over 2,200 times. This vulnerability has been identified as CVE-2023-29552, potentially making it one of the largest amplification attacks ever recorded. SLP is a protocol that provides a dynamic […]
