Blog

Jira Service Management Server and Data Center Authentication Bypass Vulnerability (CVE-2023-22501) Notice

February 7, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT found that Atlassian officially fixed a Jira Service Management Server and Data Center authentication bypass vulnerability (CVE-2023-22501). When write access to user directories and outgoing emails is enabled on a Jira Service Management instance, an unauthenticated remote attacker can gain access to Jira Service Management by impersonating users who have never […]

F5 BIG-IP iControl SOAP Remote Code Execution Vulnerability (CVE-2023-22374) Alert

February 6, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT found that the technical details of the F5 BIG-IP arbitrary code execution vulnerability (CVE-2023-22374) were publicly disclosed online. Due to the format string vulnerability in BIG-IP iControl SOAP, a remote attacker with administrator authority can access the iControl SOAP interface through the BIG-IP management port or its own IP address, so […]

QNAP QTS and QuTS hero SQL Injection Vulnerability (CVE-2022-27596) Notice

February 3, 2023 | NSFOCUS

Overview On January 31, 2023, NSFOCUS CERT detected that QNAP officially released a QNAP QTS and QuTS hero SQL injection vulnerability (CVE-2022-27596) notice. Due to the flaws in QNAP QTS and QuTS hero, unauthenticated remote attackers can use this vulnerability to inject malicious code on QNAP NAS devices, and ultimately achieve arbitrary code execution. The […]

NSFOCUS selected in Gartner’s Market Guide™ for Managed Detection and Response Services, China

February 3, 2023 | NSFOCUS

We are honored to be selected in Gartner® Market Guide™ for Managed Detection and Response Services, China 2022 as a representative vendor with our outstanding integrated security operation services. This is the second time NSFOCUS MDR service has been listed in a report issued by an international research institution after Forrester’s The Managed Security Services […]

NSFOCUS Zero-Trust Anti-DDoS Solution Enhances Protection Capability against C&C and Bot Attacks

February 2, 2023 | NSFOCUS

Santa Clara, Calif. February 02, 2023 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced today that it has been selected in Forrester’s recently published report, The Forrester Tech Tide™: Zero Trust Threat Prevention, Q4 2022 for its NSFOCUS Anti-DDoS System (ADS). The report presents an in-depth analysis of technology maturity and business […]

Multiple Security Vulnerabilities Alerts of VMware vRealize Log Insight

February 1, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT found that VMware has officially fixed multiple security vulnerabilities in VMware vRealize Log Insight. Under default configuration conditions, unauthenticated attackers exploit the following key vulnerabilities in combination, and finally achieve arbitrary code execution with ROOT privileges on the target system. These vulnerabilities have been successfully verified by international security teams, and […]

Technical Framework of Software Supply Chain Security

January 31, 2023 | NSFOCUS

NSFOCUS Security Labs is keeping an eye out for the trends in supply chain security and is pleased to share observations and thoughts with our blog readers. You will see the links for more posts we published about software supply chain security at the end of the article. In this post, we are going to […]

NSFOCUS Recognized Again by Forrester as a Sample Vendor for Its Next-Generation WAF

January 26, 2023 | NSFOCUS

Santa Clara, Calif. January 26, 2023 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced today that it has been selected by Forrester as a sample vendor for its next-generation Web Application Firewall (WAF) in the report The Forrester Tech Tide™: Zero Trust Threat Prevention, Q4 2022 published recently. The Forrester Tech TideTM […]

NSFOCUS Selected as a Representative Vendor in IDC Perspective: Unified Security Management as a Service (USMaaS), 2022

January 24, 2023 | NSFOCUS

Santa Clara, Calif. January 19, 2023 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced today that it has been selected by IDC as a representative vendor in the report IDC Perspective: Unified Security Management as a Service (USMaaS), 2022 released recently, and NSFOCUS T-ONE Cloud was selected as an excellent practice of […]

NSFOCUS Cloud DDoS Protection Service Summary of 2022

January 19, 2023 | NSFOCUS

NSFOCUS published the Summary of Cloud DDoS Protection 2022 recently. This summary comes from DDoS attacks protected by NSFOCUS Cloud DDoS Protection Service (Cloud DPS) in the year 2022. The following service highlights can be found in the report: DDoS attack timeline, volume and attack type distribution collected from NSFOCUS Cloud DPS; Top 3 attacks […]