Background NSFOCUS researchers detected a code poisoning attack against vulnerability researchers and red team members recently. Attackers use implanted malicious programs in multiple code repositories under the cover of two highly exploitable vulnerabilities of Linux and VMware exposed this year. Once a user downloads the code and compiles it locally,...
Blog
Good News! NSFOCUS Named as a Representative Vendor in Gartner® Market Guide for Security Orchestration, Automation and Response Solutions Again
Santa Clara, Calif. July 4, 2023 – We are thrilled to announce that NSFOCUS has been included as a Representative Vendor in Gartner Market Guide for Security Orchestration, Automation and Response Solutions again. It is the 2nd consecutive year for NSFOCUS to be listed in this report. This report provides...
Grafana Identity Authentication Bypass Vulnerability (CVS 2023-3128) Notification
Overview Recently, NSFOCUS CERT detected a vulnerability in Grafana's authentication bypass (CVE-2023-3128). Azure AD can support multiple users with the same email address. When configuring Azure AD to support multiple users, unauthenticated attackers can exploit this vulnerability by creating malicious email account requests. Due to Grafana's failure to uniquely authenticate...
Global Threat Intelligence Function of NSFOCUS ADS
Powered by NSFOCUS Threat Intelligence (NTI), NSFOCUS ADS can block IP addresses that pose serious threats and high risks. To ensure data reliability, ADS updates intelligence data daily and provides available update time frames for users to select. For the purpose of preventing IP blocking by mistake, you can configure...
VMware vCenter Server Multiple High Risk Vulnerabilities Notification
Overview Recently, NSFOCUS CERT found that VMware's official security announcement disclosed multiple vulnerabilities in VMware vCenter Server, which could be used by attackers to cause remote code execution, cross-border write and read, etc. Currently, the official version has been updated and fixed. Affected users should take protective measures as soon...
O que é vazamento de dados? Como se proteger quando acontecer
Você já recebeu um e-mail ou uma mensagem de texto informando que seus dados pessoais foram expostos por algum site ou aplicativo que você usa? Se sim, você foi vítima de um vazamento de dados, situação cada vez mais comum na era digital. Mas o que isso significa e quais...
