In 2023, countries worldwide continued to strengthen their cybersecurity capabilities and systems in response to their national needs, using regulatory means to enhance their cybersecurity management. Based on continuous tracking and research, NSFOCUS summarized the development of global cybersecurity regulations and policies in 2023, hoping to provide valuable insights and...
Category: Blog
Runc Container Escape Vulnerability Alert
Overview Recently, NSFOCUS CERT detected that the runc officially issued a security notice and fixed a container escaping vulnerability (CVE-2024-21626). Since the internal file descriptor of runc is leaked during initialization and the final working directory is not verified to be located in the mount namespace of the container, attackers...
2023 Cybersecurity Regulation Recap (Part 2): Data Security
In 2023, countries worldwide continued to strengthen their cybersecurity capabilities and systems in response to their national needs, using regulatory means to enhance their cybersecurity management. Based on continuous tracking and research, NSFOCUS summarized the development of global cybersecurity regulations and policies in 2023, hoping to provide valuable insights and...
SecLLM: Enhancing Cyber Security with Large Language Model – Technical White Paper Overview
Drawing on years of accumulated expertise in security and high-quality data in the field of "artificial intelligence + security," NSFOCUS has announced the release of its Technical White Paper: Enhancing Network Security with Security Large Language Model (SecLLM). This white paper shares the best practices and lessons learned during the...
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) Notice
Overview Recently, NSFOCUS CERT detected that Jenkins issued a security announcement and fixed an arbitrary file reading vulnerability in the Jenkins CLI (CVE-2024-23897). Since one function of its CLI command parser is enabled by default in Jenkins, the specific parser function expandAtFiles can replace the character following the file path...
2023 Cybersecurity Regulation Recap (Part 1): Network Security
In 2023, countries worldwide continued to strengthen their cybersecurity capabilities and systems in response to their national needs, using regulatory means to enhance their cybersecurity management. Based on continuous tracking and research, NSFOCUS summarized the development of global cybersecurity regulations and policies in 2023, providing a brief commentary and presenting...
