Abstract Information collection is a very important part of both attack and defense, and high-quality information collected is the basis and premise of follow-up work. However, fragmentary information and the complex composition of cloud native itself bring certain challenges to information collection in cloud native environment. This series of posts...
Category: Blog
Spring Cloud Function SPEL Expression Injection Vulnerability Alert
Overview Recently, NSFOCUS CERT detected that Spring Cloud officially fixed a SPEL expression injection vulnerability in Spring Cloud Function, because the parameter "spring.cloud.function.routing-expression" in the request header is processed as a Spel expression by the apply method of the RoutingFunction class in Spring Cloud Function, resulting in a Spel expression...
Thoughts on Encrypted Traffic Detection in the Era of Encrypt Everything
Background With the wide application of encryption technology and the continuous development of new network technology, the network structure becomes more and more complex and the encrypted traffic explodes. Furthermore, as the evolution and promotion of encryption protocols such as TLS1.3, the era of full encryption is silently coming. When...
How to Monitor Threat Traffic in Cloud Environment ?
Background The public cloud has become the hardest hit by cyberattacks. This article gives you an effective threat monitoring proposal by using VPC traffic mirror. Traffic Mirror In the traditional network environment, the data communications between devices are realized via cables or wireless networks. We can completely divert the traffic...
Microsoft’s March security update for multiple high-risk product vulnerabilities
Overview On March 9, NSFOCUS CERT detected that Microsoft released the March security update patch, which fixed 71 security issues, involving Windows, Exchange Server, Remote Desktop Client, Azure, etc., including privilege escalation, remote code execution and other high-risk vulnerability types. Among the vulnerabilities fixed by Microsoft's update this month, there...
1TB Multi-Vector DDoS Attack in LATAM Blocked after CVE-2022-26143 Vulnerability Exploited
In early March, NSFOCUS Cloud Scrubbing SOC team discovered that one of our customers in Latin America suffered a volumetric, multi-vector distributed denial-of-service (DDoS) attack. NSFOCUS Cloud DPS prevented this attack successfully. The captured entire attack and defense process is as follows: March 3, 10:00 a.m. GMT+8 NSFOCUS cloud-based Network...
