Windows LDAP Denial of Service Vulnerability (CVE-2024-49113) Alert
January 7, 2025
Overview Recently, NSFOCUS CERT detected that the details of Windows LDAP remote code execution vulnerability (CVE-2024-49113) were disclosed. Due to an out-of-bounds read vulnerability in wldap32.dll of Windows LDAP service, an unauthenticated attacker can induce a target server (as an LDAP client) to initiate a query request to a malicious LDAP server controlled by the […]
Coming Soon! NSFOCUS Will Enhance DDoS Protection Capabilities in New Version of ADS Products
January 3, 2025
We are excited to announce the upcoming release of the ADS V4.5R90F06 version, which brings significant enhancements to our DDoS protection capabilities. The update focuses on bringing more precise DDoS mitigations. This new version improves existing algorithms with an emphasis on advanced technology and usability. Key New Features: 1. DNS Protection Enhancements: DNS Protection Algorithm […]
Shining Moments for NSFOCUS DDoS Defense in 2024
December 31, 2024
January – Release of the 2023 Global DDoS Landscape Report In the 2023 Global DDoS Landscape Report, NSFOCUS proposed important insights on global DDoS threats. DDoS attacks have become an indispensable weapon in cyber warfare, attackers are gradually favoring the use of Virtual Private Server (VPS) as attack sources, and the DDoS attack mode has […]
NSFOCUS ISOP Listed in The Security Analytics Platform Landscape Report by Forrester
December 30, 2024
SANTA CLARA, Calif., December 30, 2024 – We are thrilled to announce that NSFOCUS was selected as the notable vendor of Forrester The Security Analytics Platform Landscape, Q4 by its ISOP (Intelligent Security Operations Platform) with built-in NSFGPT AI assistant and AI-empowered security operation scenarios. “The security analytics platform is the core of the security […]
Adobe ColdFusion Any File Read Vulnerability (CVE-2024-53961)
December 26, 2024
Overview Recently, NSFOCUS CERT detected that Adobe issued a security announcement and fixed any file read vulnerability in Adobe ColdFusion (CVE-2024-53961). Due to improper restrictions on pathnames in Adobe ColdFusion, unauthenticated attackers can bypass the application’s restrictions to read files or directories outside of the restricted directory. As a result, sensitive information may be disclosed […]
Apache Tomcat Conditional Competition Code Execution Vulnerability (CVE-2024-50379)
December 19, 2024
Overview Recently, NSFOCUS CERT detected that Apache issued a security announcement, fixing the Apache Tomcat conditional competition code execution vulnerability (CVE-2024-50379). Due to the inconsistency between Windows file system and Tomcat in case-distinguishing processing of paths, when the write function of default servlet is enabled (set readonly=false and allow PUT method), unauthenticated attackers can construct […]
Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677)
December 16, 2024
Overview Recently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the Apache Struts arbitrary file upload vulnerability S2-067 (CVE-2024-53677). Due to a logical defect in the file upload function, an unauthenticated attacker can perform path traversal by controlling the file upload parameters, thereby uploading malicious files to achieve remote code execution. The CVSS […]
NSFOCUS DDoS Protection Service Neutralized a Terabit-Scale DDoS Attack
December 10, 2024
In Q4 of 2024, NSFOCUS observed and successfully mitigated the largest DDoS attack ever recorded under the cloud-based DDoS Protection Service (DPS). This massive DDoS attack targeted a telecommunications service provider, one of NSFOCUS’s global clients. The telecommunications industry frequently faces such cyber threats. However, the scale of this attack was unprecedented, with peak traffic […]
NSFOCUS’s Coogo: An Automated Penetration Testing Tool
December 6, 2024
The video above demonstrates an automated penetration test in a simple container escape scenario. In this video, in addition to using NSFOCUS’s open-source cloud-native cyber range software Metarget (for quickly and automatically building vulnerable cloud-native target machine environments), NSFOCUS’s own developed cloud-native attack suite Coogo is also utilized. Today, we will provide a brief introduction […]
Metarget Update: Enhanced Open-Source Cyber Range with Over 330 Vulnerabilities and Seamless One-Click Recovery
December 4, 2024
When researching vulnerabilities, we often find that environment setup takes up a significant amount of time, and in comparison, the actual time spent testing PoCs and exploits may be relatively short. Meanwhile, there are excellent security projects in the open-source community, such as Vulhub and VulApps, which package vulnerability scenarios into images, allowing researchers to […]
