Differences between NTA Auto IP Diversion and Auto Group Diversion
December 8, 2023
You may have seen that there are two diversion modes in NTA alerts. They are Auto IP diversion and Auto group diversion. The Auto group diversion is triggered by the Region/IP Group Traffic Alert (at step 3 when configuring Regions or IP Groups). The Auto IP diversion is triggered by the Region/IP Group DDoS Attack […]
The Imperative for Zero Trust in a Cloud-Native Environment
December 7, 2023
What is Zero Trust Security? Zero-trust security is not a specific technology or product, but a security model based on the concept that “All entities are untrusted”. Forrester defines zero trust as “Zero Trust is an information security model that denies access to applications and data by default. Threat prevention is achieved by only granting […]
CDIC 2023
December 2, 2023
CDIC, Nov 29-30, 2023, BITEC Bangna, Thailand. The CDIC conference & exhibition was held with the theme of “Powering Techno-Drive in Digi-Hype Behaviour towards Digital Trust”. NSFOCUS participated this pivotal event as Gold Sponsor in APAC to introduce our latest effective continuous threat exposure management (CTEM) program and XDR-powered threat analysis and response. “Cyber Defense Initiative Conference […]
Prepare, Prevent, and Response: A Comprehensive Ransomware Protection Guide
December 1, 2023
Rampant Ransomware Attacks On November 8, 2023, U.S. Eastern Time, ICBC Financial Services (FS), the U.S. arm of China’s largest bank, fell victim to a ransomware attack, disrupting certain systems. Reports indicate that the attack, linked to a Citrix vulnerability known as “CitrixBleed,” was orchestrated by the LockBit group. ICBC FS is actively investigating the […]
Apache ActiveMQ Jolokia Remote Code Execution Vulnerability (CVE-2022-41678) Notification
November 30, 2023
Overview Recently, NSFOCUS CERT found a remote code execution vulnerability in Apache ActiveMQ Jolokia (CVE-2022-41678). In the configuration of ActiveMQ, jetty allows org.holokia.http.AgentServlet to process requests for/api/Jolokia. An authenticated attacker can send a specially crafted HTTP request to write a malicious file through the Jolokia service, thus implementing remote code execution. At present, the vulnerability […]
Introduction to NSFOCUS WAF Blocking Method
November 24, 2023
When you configure a protection policy for your protected website and set the protection action to block, NSFOCUS WAF supports three methods to execute blocking actions: Source IP Block, Session Block, and UA Block. Session Block and UA Block are newly added on system version 6073. Each block supports three forms: Never, Permanently block, and […]
NSFOCUS WAAP: A Future-Ready Solution for Web and API Security Challenges
November 23, 2023
In the digital age, Web application and API security (WAAP) has demonstrated the importance of the development of the web application and API economy, and it is becoming the new standard of the next generation of WAF. WAAP is essential in today’s digital environment. As organizations increasingly rely on web applications and APIs to support […]
Confidential Computing: Guardian of Privacy in the Big Data Era
November 21, 2023
The Future of Data Protection: The Emergence of Confidential Computing In today’s information age, data has become an invaluable resource ubiquitous across various sectors, from financial institutions to healthcare and scientific research. However, as data continues to grow, concerns about data privacy and security become increasingly prominent. Incidents of data breaches, hacking, and misuse of […]
An Explanation of Traffic Abnormal in the NTA DDoS Attack Alert
November 16, 2023
Traffic Abnormal does not differentiate between alert types. Any instance where the total traffic volume for a single destination IP exceeds the threshold is considered a traffic anomaly.
Apache Arrow PyArrow Arbitrary Code Execution Vulnerability (CVS 2023-47248) Notification
November 15, 2023
Overview Recently, NSFOCUS CERT found that Apache Arrow issued a security notice, which fixed an arbitrary code execution vulnerability in the PyArrow library (CVE-2023-47248). Due to PyArrow reading Arrow IPC, Feather, or Parquet data from untrusted sources, PyExtensionType creates an automatic loading feature that allows for deserialization of data from non PyArrow sources. When using […]
