Blog

NSFOCUS Empowers ISP/MSP with Zero Trust and Security Access Service Edge (SASE) Solution

June 7, 2022 | Jie Ji

Transform One of the most important industry events – RSA Conference 2022 just had its opening both offline and online this year on June 6th, 2022. RSAC 2022 has selected the word “Transform” as the theme this year. It says “The security needs of organizations are expanding, and companies of all sizes across the globe […]

Come and Meet NSFOCUS Next Week at RSA Conference 2022

June 3, 2022 | Jie Ji

RSA Conference 2022 will kick off in San Francisco on June 6, 2022. The theme of RSA Conference 2022 is Transform[i], which is a further extension of last year’s theme Resilience. Resilience can be the emergency and recovery capabilities of small and medium organizations facing cyber threats, and the survival and adaption capabilities of large […]

Millions of Devices May Be Affected, and Yeskit Botnet Family Spreads on a Massive Scale by Exploiting F5 BIG-IP Vulnerability

June 2, 2022 | Jie Ji

Background   On May 4, 2022, F5 issued a security bulletin regarding a remote code execution vulnerability in iControlREST component of BIG-IP products. The CVE number of the vulnerability is CVE-2022-1388. The vulnerability can bypass authentication and remotely execute arbitrary code with a vulnerability score of CVSS up to 9.8. Since the bulletin, attackers have […]

Research and Analysis of Middlebox-based TCP Reflective Amplification Attacks

May 31, 2022 | Jie Ji

Abstract In August 2021, Kevin Bock and his team from the University of Maryland and the University of Colorado Boulder proposed a new TCP reflective amplification attack method initiated by the middlebox at the USENIX conference. (See more details at https://geneva.cs.umd.edu/papers/usenix-weaponizing-ddos.pdf) In mid-April this year, NSFOCUS spotted that one of its Cloud DDoS Protection Service […]

NSFOCUS Managed Security Service Case: Response to a Hybrid SYN/ACK Flood Incident

May 23, 2022 | Jie Ji

Incident discovered In early 2021, a private cloud service provider in the United States was hit by a massive hybrid SYN Flood attack. As the service provider is a customer of NSFOCUS Cloud DDoS Protection Service and subscribed with Managed Security Service (MSS), the malicious traffic is noticed instantly by NSFOCUS Managed Security Service team, […]

Multiple OpenSSL Security Vulnerabilities Alerts

May 18, 2022 | Jie Ji

Overview Recently, NSFOCUS CERT found that OpenSSL issued a security notice, which fixed multiple security vulnerabilities in OpenSSL products. OpenSSL is an open source software library package. Applications can use this package to communicate securely, avoid eavesdropping, and confirm the identity of the other end of the connection. It is widely used on web servers […]

NSFOCUS Managed Security Service Case: Protection Policy Tuning for Further Improved Result in a 170Gbps DDoS Incident

May 13, 2022 | Jie Ji

Incident Response On mid-2021, a multinational telecom service provider was attacked by a sudden large-scale DDoS attack with the peak value of 170Gbps with maximum 5Gbps of malicious traffic leakage, with equivalent Mitigation Effect (mitigated malicious traffic/total ingress traffic) stays at least 97%. The service provider did not encounter service interruption during the whole incident. […]

F5 BIG-IP iControl REST Authentication Bypass Vulnerability (CVE-2022-1388) Alert

May 11, 2022 | Jie Ji

Overview Recently, NSFOCUS CERT detected that F5 issued a security bulletin to fix an authentication bypass vulnerability in BIG-IP. Unauthenticated attackers can use the control interface to exploit, through the BIG-IP management interface or its own IP address. Network access to the iControl REST interface to execute arbitrary system commands, create or delete files, and […]

CASB, A Tech “Celebrity” from the Cloud Era

May 4, 2022 | Jie Ji

Debut of CASB With cloud computing being a key to industry revolution, more and more enterprises and organizations are discovering the benefits of storing and processing data in the cloud and migrating business systems from local data centers to the cloud. As business systems are migrated to the cloud, the security responsibility of enterprises has […]

SASE: The Relationship Between SD-WAN and SASE

May 2, 2022 | Jie Ji

Last time we talked about the powerful features and rich usage scenarios of SD-WAN (SASE Popular Science Series: Understanding SD-WAN), what about the relationship between such a powerful SD-WAN and NSFOCUS SASE? This starts with the challenges faced by enterprises today…… Current Problems Faced by Enterprises Single node deployment security capacities, causing network congestion With […]