Overview Recently, NSFOCUS CERT monitored that JumpServer officially issued a notice to fix multiple security vulnerabilities. The vulnerabilities are detailed below. JumpServer Reset Password Vulnerability (CVS 2023-42820): There is a password reset vulnerability in JumpServer, as third-party libraries expose random seed numbers to APIs, which may cause random verification codes...
Blog
Introduction to NSFOCUS WAF Website Group Health Check
The Website Group Health Check feature at Security Management -> Website Protection -> Root -> Website Group Health Check -> One-Click Check helps users to check whether the website group policies are working as configured and identify potential issues of site configuration compiling. For example, if users change any current...
Google LibWebP Arbitrary Code Execution Vulnerability (CVE-2023-5129) Notification
Overview Recently, NSFOCUS CERT found that Google officially fixed a heap buffer overflow vulnerability (CVE-2023-4863). Due to a flaw in the WebP module, an attacker triggered the vulnerability by inducing users to visit a malicious website, which ultimately led to arbitrary code execution on the target system. At present, it...
Warning: Newly Discovered APT Attacker AtlasCross Exploits Red Cross Blood Drive Phishing for Cyberattack
I. Abstract NSFOCUS Security Labs recently discovered a new attack process based on phishing documents in their daily threat-hunting operations. Delving deeper into this finding through extensive research, they confirmed two new Trojan horse programs and many rare attack techniques and tactics. NSFOCUS Security Labs believes that this new attack...
Apple Multiple Product Security Vulnerabilities Notification
Overview Recently, NSFOCUS CERT has detected that Apple has officially fixed three zero-day exploit in multiple products. These vulnerabilities exist in the wild. Affected users should take protective measures as soon as possible. The details of the vulnerability are as follows: Apple WebKit Arbitrary Code Execution Vulnerability (CVS 2023-41993): There...
Unlocking the Future of Cybersecurity: Meet Us at GovWare 2023
Today's ever-evolving digital landscape presents unparalleled opportunities alongside formidable cybersecurity challenges, making the security of organizations' networks and applications more crucial. As a global network and cyber security leader, we're excited to invite you to join us at GovWare 2023, a pivotal event held at the Sands Expo and Convention...
