Blog

Overview Recently, NSFOCUS CERT found that Atlassian released a security bulletin to announce the fix of the Confluence Server Webwork OGNL Injection Vulnerability (CVE-2021-26084). This vulnerability allows an authenticated attacker, and in some instances, an unauthenticated user, to execute arbitrary code on Confluence Server or Data Center by injecting a crafted OGNL expression. This vulnerability […]

In today’s business security operations, the tide of security information and event management (SIEM) is on the ebb. Many enterprises have established the security operations center (SOC) and collected massive security data. But how to make use of and analyze such data remains a problem to be resolved. Data, after being collected, is usually stored, […]

Analysis of the Kill Chain of the LockFile Ransomware Group KDU Tool Terminating Multiple Antivirus Processes The attacker renames the KDU tool (open-source Windows driver loader implementing DSG bypass via an exploit) autologin, copies the related program to the temporary directory, and loads and executes the designated driver file to execute code with kernel privileges […]

Event Overview Recently, NSFOCUS CERT discovered a slew of security incidents that exploited security vulnerabilities (ProxyShell) in Microsoft Exchange. Also, NSFOCUS found that the new LockFile ransomware group LockFile took advantage of these ProxyShell and PetitPotam vulnerabilities to target enterprise domain environments, finally encrypting quite a few hosts from enterprises for ransom. In April, a […]

Abstract: 5G is the fifth-generation technology standard for mobile communication networks. The service-based architecture (SBA) of the 5G core network is designed with a cloud-native approach. By borrowing the “microservice” concept implemented in the IT field and dividing a whole entity with multiple functions into individual parts, each providing an independent function, the SBA provides […]

Cloud native security is the development trend of cloud security in the coming years. On the one hand, inherent security of cloud native is worthy of in-depth study. On the other hand, with the reconstruction and upgrade of infrastructure, there is a clear trend towards the integration of cloud native technologies and information infrastructure. 5G, edge […]

Serverless is a new computing mode of the cloud native architecture, mainly taking the form of function as a service (FaaS). For the serverless mode, developers will write a function and define when and how to invoke it and then the function will run in the server provided by the cloud provider. All developers need […]

Cloud native applications, based on the microservice architecture, interact with each other by sending requests or response through APIs. Arguably, API communications play an essential role in interactions of cloud native applications. Therefore, API security is an indispensable part of cloud native application security. API-related security issues shown below have a direct impact on security […]

Overview Recently, researchers from JFrog and Forescout released a joint report to publicly disclose 14 security vulnerabilities (collectively referred to as INFRA:HALT) in the NicheStack TCP/IP stack, announcing that these vulnerabilities could lead to remote code execution, denial of service, information disclosure, TCP spoofing, or DNS cache poisoning. Researchers noted that attackers that successfully exploited […]

Traditional networks or virtual networks have employed network segregation technologies like VLAN or VPC which are, however, more often used for segregation of deterministic networks or tenant networks. In cloud native environments, containers or microservices have a shorter lifecycle and change more frequently compared with traditional networks or tenant networks. Complex business access relationships are […]