Overview Recently, NSFOCUS CERT found that the analysis article and ExP of Sudo privilege enhancement vulnerability (CVE-2023-22809) were publicly disclosed online. Since sudoedit in Sudo has a flaw in handling additional parameters passed in user provided environment variables such as SUDO_EDITOR, VISUAL, and EDITOR., when a user specified editor contains...
Category: Blog
MiniO Information Disclosure Vulnerability (CVE-2023-28432) Notification
Overview Recently, NSFOCUS CERT found that MinIO officially issued a security notice, which fixed a MinIO information disclosure vulnerability (CVE-2023-28432). When MiniO is configured in cluster mode, an unauthenticated attacker can ultimately obtain information about all environment variables by constructing a crafted request packet, which allows the attacker to utilize...
Why IPS and Firewalls Are Not Anti-DDoS Solutions?
Not all distributed denial of service (DDoS) defenses are created equal. Whether it’s a Web Application Firewall (WAF), Intrusion Prevention System (IPS), Content Delivery Network (CDN) or traditional firewall, every “defense†has its own purpose, potential and peril. Even a firewall that claims to have Anti-DDoS capabilities built-in has only...
22 DDoS Attacks to See Trends in 2023
2022 was a turbulent year full of regional conflicts. NSFOCUS Global Threat Hunting System detected a large number of DDoS worldwide in 2022, with some governments or banks suffering from the largest attacks in their history. Launching a DDoS attack is not expensive but can paralyze critical infrastructure and network...
NSFOCUS Joins CNCF Cloud Native Landscape
Santa Clara, Calif. March 21, 2023 – NSFOCUS, a global provider of intelligent hybrid security solutions, today announced that its Metarget project has been included in CNCF Cloud Native Landscape in the field Security & Compliance of the Provisioning Category. CNCF Introduction The Cloud Native Computing Foundation (CNCF) was founded...
Adobe ColdFusion Multiple Security Vulnerabilities Notification
Vulnerability Overview Recently, NSFOCUS CERT monitored that Adobe has officially released security notices and fixed multiple Adobe ColdFusion vulnerabilities. Please take protective measures as soon as possible. Key vulnerabilities are as follows: Adobe ColdFusion deserialization vulnerability (CVE-2023-26359): Due to a flaw in Adobe ColdFusion's deserialization security check, unauthenticated remote attackers...
