An HA switchover is initiated when: A manual switchover is performed. The slave NTA does not receive any keepalive packet from the master NTA within the specified period. The master NTA engine works improperly. The link of the VRRP group interface is down. The master NTA interface is down. The...
Blog
Microsoft’s April security update for multiple high-risk product vulnerabilities
Overview NSFOCUS CERT recently monitored that Microsoft had released a security update patch for April, which fixed 97 security issues, involving Microsoft Word, Layer2 Tunneling Protocol, Microsoft Publisher, Windows Kernel and other widely used products, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities...
Key Technologies for Software Supply Chain Security—Detection Technique (Part 4)—Interactive Application Security Testing (IAST) and Fuzzing (Fuzz Testing)
Interactive Application Security Testing (IAST) IAST is a new application security testing technique that has become popular in recent years and is recognized by Gartner as one of the top 10 technologies in the cybersecurity field. IAST works to constantly monitor and collect the traffic or codes inside when the...
Multiple Security Vulnerability Notification on Apple Products
Overview Recently, NSFOCUS CERT has detected that Apple has officially fixed the security vulnerabilities of several products. Please take protective measures as soon as possible. The details of the vulnerability are as follows: Apple IOSurfaceAccelerator privilege escalation vulnerability (CVS 2023-28206): There is an out of bounds write vulnerability in Apple...
Top 7 Cybersecurity Predictions in 2023
With the rapid development of cyberspace technology, network security is a topic that cannot be ignored while people maintain interoperability. Through the analysis of emergency response events recorded by NSFOCUS, we have summarized the development trends of network threats and would like to share the top seven predictions we discovered...
Key Technologies for Software Supply Chain Security – Detection Technique (Part 3) – Dynamic Application Security Testing (DAST)
In actual attack scenarios, when the source code is often unavailable, a white-box-based model is used to analyze software vulnerabilities. Hackers mostly conduct black-box scans against running systems or services, looking for possible vulnerabilities to attack. DAST simulates a hacker's attack using an outside-in detection technique on systems or services...
