PHP CGI Windows Platform Remote Code Execution Vulnerability (CVE-2024-4577) Advisory
June 12, 2024
Overview NSFOCUS CERT has monitored the disclosure of a PHP CGI Windows platform remote code execution vulnerability (CVE-2024-4577) on the internet recently. Due to PHP’s oversight of the Best-Fit character mapping feature of the Windows system during its design, running PHP in CGI mode on the Windows platform and using the following language settings (Simplified […]
NSFOCUS: Pioneering Technology and Industry Leadership
June 7, 2024
We are excited to share that NSFOCUS has been recognized in Forrester’s The Insider Risk Solutions Landscape, Q2 2024 report. This accolade underscores our unwavering commitment to being a leader and innovator in the cybersecurity industry. Insider Risk Management is a field filled with internationally renowned security vendors and tech giants. Unlike traditional segmented markets […]
Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086) Notice
June 6, 2024
Overview Recently, NSFOCUS CERT detected that the details and verification tools of a Linux kernel privilege escalation vulnerability (CVE-2024-1086) are disclosed on the internet. Because the netfilter: nf _ tables component of the Linux kernel has a post-release reuse vulnerability, the nft _ verdict _ init () function allows positive values to be used as […]
NTP Reflection Protection in ADS
June 5, 2024
An NTP amplification attack is a reflection-based volumetric distributed denial-of-service (DDoS) attack in which an attacker exploits a Network Time Protocol (NTP) server functionality to overwhelm a targeted network or server with an amplified amount of UDP traffic, rendering the target and its surrounding infrastructure inaccessible to regular traffic. An NTP amplification attack can be […]
NSFOCUS Sets a New Benchmark as the World’s First to Achieve Dual-Domain CMMI V3.0 Level 5 Certification
June 4, 2024
SANTA CLARA, Calif., June 4, 2024 – NSFOCUS, a global leader in cybersecurity solutions, proudly announces a groundbreaking achievement: becoming the world’s first company to receive CMMI V3.0 Level 5 certification in both Development (DEV) and Security (SEC) domains. Following the CMMI Institute’s recent update to version 3.0 on April 1, 2024, this landmark accomplishment […]
Contextual Intelligence is the Key
May 29, 2024
With the increasing complexity and frequency of cybersecurity threats, organizations face many network threats. The importance of threat intelligence has become increasingly prominent. During this year’s RSA Conference, Sierra Stanczyk, the Senior Manager of Global Threat intelligence at PwC, and Allison Wikoff, the Director of Global Threat Intelligence for the Americas at PwC, shared “Connecting […]
Confluence Remote Code Execution Vulnerability (CVE-2024-21683) Notification
May 22, 2024
Overview Recently, NSFOCUS CERT detected that Atlassian issued a security announcement and fixed the remote code execution vulnerability in Confluence Data Center and Server (CVE-2024-21683), with a CVSS score of 8.3. Authenticated attackers can realize remote code execution by constructing malicious requests, which will have a great impact on the confidentiality, integrity and availability of […]
API Security Events Classification
May 15, 2024
The risk levels of API security events for NSFOCUS WAF version 6080 are categorized as follows: :Low Risk Events :Medium Risk Events :High Risk Events API Security Event Types: Event Type Description Abuse Attacks covered include JavaScript-related, account takeover, and CSRF. Sensitive Data Exposure Attacks covered include sensitive information leakage, anti-crawling, information leakage prevention, and […]
How Financial Institutions Can Protect Themselves from Modern DDoS Attacks
May 14, 2024
With the digital transformation of the financial industry and the prevalence of online business, financial institutions inevitably face various cybersecurity threats, among which DDoS attacks are the most common and threatening. With the rise of Internet finance, banks, insurance companies, securities firms, and other financial institutions are gradually migrating their businesses to the cloud. This […]
NSFOCUS Secures Top Honors at RSA Conference 2024
May 8, 2024
San Francisco, May 7, 2024 – NSFOCUS, a global leader in cybersecurity, is thrilled to announce our double victory at the prestigious RSAC 2024. We have been honored with two awards from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine: NSFOCUS’s awards highlight our dedication to cybersecurity innovation and excellence. The Continuous Threat […]
