Overview Recently, NSFOCUS CERT detected that Apache officially released a security bulletin and fixed a command injection vulnerability (CVE-2022-33891) in Apache Spark. Since the Apache Spark UI enables acl through the configuration option Spark.acl.enable, by using an authentication filter, it is possible to check if a user has access to view or modify the application. […]
Overview On July 13, NSFOCUS CERT detected that Microsoft released the July security update patch, which fixed 84 security issues, involving widely used products such as Windows, Microsoft Office, Windows Print Spooler Components, Windows Hyper-V, and Azure Site Recovery, and included high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities […]
The security knowledge graph, a knowledge graph specific to the security domain, is the key to realizing cognitive intelligence in cyber security, and it also lays an indispensable technological foundation for dealing with advanced, continuous and complex threats and risks in cyberspace. NSFOCUS will publish a series of articles about the application of the security […]
Santa Clara, Calif. July 6, 2022 – We are pleased to announce that NSFOCUS has been listed as a Representative Vendor in 2022 Gartner® released Market Guide for Security Orchestration, Automation and Response Solutions report for our product ISOP. ISOP has flexible out-of-the-box capabilities, automated orchestration capabilities and rich intelligence operations and management capabilities to provide […]
Overview On July 1, 2022, NSFOCUS CERT detected that GitLab officially released a security bulletin and fixed multiple security vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). Please take measures to protect it as soon as possible. GitLab Remote Code Execution Vulnerability (CVE-2022-2185): A remote code execution vulnerability exists in GitLab Community Edition […]
Overview With the development of key information infrastructure technologies such as cloud computing, 5G, IoT, and the Industrial Internet, cyberspace has linked industrial physical systems, social systems of humans, and network information systems, becoming the cornerstone of the development of the digital economy. Meanwhile, the attack surface in cyberspace is extended and expanded accordingly, and […]
After the prior two posts (SASE Popular Science Series – Understanding SD-WAN and SASE: The Relationship Between SD-WAN and SASE), you may already have a basic understanding of SD-WAN, which is used for network connections among users, assets and NSFOCUS Cloud in SASE. What security capabilities does NSFOCUS offer then? In the next few sessions, […]
Overview Recently, NSFOCUS CERT detected that Atlassian officially released a security bulletin for Confluence Server and Data Center OGNL injection vulnerability (CVE-2022-26134). Remote attackers can construct OGNL expressions for injection without authentication to execute arbitrary code on Confluence Server or Data Center, with a CVSS score of 10. At present, the details of the vulnerability […]
Santa Clara, Calif. June 13, 2022 – NSFOCUS, a leader in holistic hybrid security solutions, attended the RSA Conference 2022 held in San Francisco on June 6 – 9 in person. From a small cryptography conference at the beginning to a conference now attracting an average of over 40,000 attendees every year including many security companies […]
