Overview Recently, NSFOCUS CERT found that the analysis article of Apache Solr remote code execution vulnerability was publicly disclosed on the Internet. When Solr is launched in cloud mode and can go offline, an unauthenticated remote attacker can execute arbitrary code on the target system by sending multiple specially crafted...
Blog
Google Chrome V8 Type Confusion Vulnerability (CVE-2023-2033) Notice
Overview On April 17, NSFOCUS CERT found that Google officially fixed a Chrome V8 type confusion vulnerability (CVE-2023-2033). Due to flaws in the verification of the data type being used by the application, type confusion can occur during the process. Attackers can trigger this vulnerability by sending a crafted link...
8 Potential Security Hazards of ChatGPT
Summary OpenAI opened for testing ChatGPT on November 30, 2022, and since then, ChatGPT has become popular worldwide. ChatGPT, an AI-driven chat robot, has become the fastest-growing consumer application in the past two decades of internet development. But while it made a hit, ChatGPT also faces security risks in AI's...
Troubleshooting Common Errors During NTA HA Configuration
An HA switchover is initiated when: A manual switchover is performed. The slave NTA does not receive any keepalive packet from the master NTA within the specified period. The master NTA engine works improperly. The link of the VRRP group interface is down. The master NTA interface is down. The...
Microsoft’s April security update for multiple high-risk product vulnerabilities
Overview NSFOCUS CERT recently monitored that Microsoft had released a security update patch for April, which fixed 97 security issues, involving Microsoft Word, Layer2 Tunneling Protocol, Microsoft Publisher, Windows Kernel and other widely used products, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities...
Key Technologies for Software Supply Chain Security—Detection Technique (Part 4)—Interactive Application Security Testing (IAST) and Fuzzing (Fuzz Testing)
Interactive Application Security Testing (IAST) IAST is a new application security testing technique that has become popular in recent years and is recognized by Gartner as one of the top 10 technologies in the cybersecurity field. IAST works to constantly monitor and collect the traffic or codes inside when the...
