Blog

GitLab Code Execution Vulnerability (CVS 2023-2478)

May 9, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed a code execution vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) (CVE-2023-2478). Remote attackers with low privileges can add malicious Runners to any project of the instance through GraphQL endpoints, further exploiting the ability to execute arbitrary code or […]

TA569 Suspected of Phishing Attack against Russia and Germany

May 8, 2023 | NSFOCUS

I. Overview On April 18, 2023, NSFOCUS Security Labs discovered a spear phishing attack against Russia during daily threat hunting. After correlation analysis of the event, NSFOCUS Security Labs confirmed that the attacker also launched a similar phishing attack against Germany. The active time of the attacker, the attack target, the type of tool used, […]

NSFOCUS Unveils EASM and PTaaS Services at Cybersecurity Business Connect 2023 in Singapore

May 5, 2023 | NSFOCUS

NSFOCUS at Cybersecurity Business Connect 2023 in Singapore Singapore, May 5, 2023 – NSFOCUS, a leading provider of network security solutions and services, has announced the launch of its new External Attack Surface Management (EASM) and Penetration Testing-as-a-Service (PTaaS) offerings at Cybersecurity Business Connect 2023 in Singapore, organized by Ingram Micro Asia Pte Ltd on […]

Malaysia’s Leading Telecommunications Company Enhances Anti-DDoS Capability with NSFOCUS Solution

April 28, 2023 | NSFOCUS

Background The customer is a leading integrated telecommunications services provider in Malaysia, offering a comprehensive range of communication services and solutions in fixed line, mobility, content, Wi-Fi, and smart services. Any cyber threat to the continuity and availability of business may bring huge economic losses and a reputation crisis. As cyber threats escalate and DDoS […]

Behind the Rise of ChatGPT

April 27, 2023 | NSFOCUS

ChatGPT is like a bomb in the Artificial Intelligence (AI) world, causing vibrations that have gradually spread to various industries. Against the backdrop of the widespread application of AI, why can ChatGPT still stand out and become the new top stream of popular discussion? After analyzing the core of ChatGPT, it is not difficult to […]

Models are also assets: AI will be a new arena of attack and defense

April 26, 2023 | NSFOCUS

On the afternoon of April 24, 2023, RSA Conference announced the winner of the innovation sandbox contest this year, and HiddenLayer, an AI security vendor, was crowned the Most Innovative Startup 2023. Starting from HiddenLayer, the innovative sandbox champion, this article will further interpret and explore AI security. Figure 1. HiddenLayer Won the Most Innovative […]

Strapi Multiple Security Vulnerability Notice

April 26, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT found that Strapi has officially issued a security notice, which fixes several Strapi security vulnerabilities. Due to a flaw in the Strapi system, when there are any entries created or updated by super administrator users on publicly accessed entries, attackers can execute arbitrary code on the target system by combining the […]

NSFOCUS Launches NSFOCUS T-ONE CLOUD at RSAC 2023

April 26, 2023 | NSFOCUS

A Revolutionary Security Architecture Empowers ISPs, MSSPs and Hosting Providers To Deliver SOC-as-a-Service To Customers Santa Clara, Calif. April 26, 2023 – NSFOCUS, a leading provider of network security solutions and services, is proud to announce the launch of NSFOCUS T-ONE CLOUD, a cutting-edge security architecture designed specifically for Internet Service Providers (ISPs), Managed Security Service […]

NSFOCUS Blocked an 8-Day Persistent DDoS Attack with 386.5 Gbps Peak Traffic

April 25, 2023 | NSFOCUS

What happened In March 2023, NSFOCUS security team blocked the worst DDoS attack of the year. The attack was targeted at an Internet service provider customer located in Brazil, with a peak attack traffic of 386.5 Gbps and astonishing total attack traffic of 1184.4 Tbps. This large-scale DDoS attack lasted for 8 days, posing huge […]

Spring Boot Security Bypass Vulnerability (CVS-2023-20873) Notice

April 25, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT found that Spring officially issued a security notice, which fixed a Spring Boot authentication bypass vulnerability (CVE-2023-20873). When Spring Boot is deployed to Cloud Foundry and there is code/cloudFoundryapplication/* * that can handle matching requests, and used in conjunction with a catch all request mapping that matches/* *, unauthenticated remote attackers […]