Events

NSFOCUS APPOINTS CHUI CHUN FAI AS PRINCIPAL ARCHITECT

February 25, 2019 | Mina Hao

Chui brings over 20 years of experience to the role, and will work closely with customers to ensure optimal deployment of their network security solutions SINGAPORE, February 19, 2019 – NSFOCUS, a leader in holistic hybrid security solutions, today announced the appointment of Chui Chun Fai as Principal Architect for Asia Pacific, where he is […]

NSFOCUS’s Presence at Botconf 2018

December 17, 2018 | Adeline Zhang

On December 7, 2018 security experts from NSFOCUS Fu Ying Labs delivered a speech at Botconf 2018, presenting WASM security threat analysis technologies with researchers from security firms, media personnel, and security practitioners from CERTs (Computer Emergency Response Teams) of various countries. Their striking insights were highly accepted and acknowledged by the international security industry. […]

Bravo! NSFOCUS’s Big Win in the Flare-On Challenge

December 10, 2018 | Adeline Zhang

The fifth annual Flare-on Challenge held by FireEye recently took place.129 out of 4925 players, of which 10 were Chinese players, reportedly finished the challenge this year. NSFOCUS’s KoAll team made a huge splash by topping the global medal tally with four medals.

NSFOCUS Present at the CS3STHLM Summit as the Only Asia-Pacific Security Vendor

November 12, 2018 | Adeline Zhang

On October 24, 2018, the CS3STHLM industrial cyber security & Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems (“the Stockholm summit”) kicked off in Sweden for the fifth consecutive year,  bringing together cybersecurity experts worldwide. NSFOCUS, as the only participating security vendor from Asia-Pacific, delivered a speech titled Attacking PLCs by […]

Xbash Malware Combines Many Malicious Functions in Worm

September 30, 2018 | Adeline Zhang

Unit 42, a research team of Palo Alto Networks found a new malware family this month and named it Xbash. This new malware combines ransomware, coinming, botnet, and worm features and targets Linux and Windows mainly. Xbash is developed in Python and was then converted into self-contained Linux ELF executables by abusing the legitimate tool […]

Cisco Released Semi-annual Security Updates for IOS and IOS XE

September 30, 2018 | Adeline Zhang

Cisco has released bundles of Cisco IOS and IOS XE software security advisories on September 26, 2018. The release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 13 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. One of the advisories describes a vulnerability that also exists in Cisco […]

Rockwell Automation Buffer Overflow Vulnerability

September 26, 2018 | Adeline Zhang

Recently Rockwell Automation fixed a critical vulnerability (CVE-2018-14829) found in its RSLinx Classic, a software platform that allows Logix 5000 Programmable Automation Controllers to connect to a wide variety of Rockwell Software applications. A remote attacker could make the device being accessed stop responding and crash by sending a malicious CIP packet to Port 44818. […]

Cisco IOS XE Software Static Credential Vulnerability

September 20, 2018 | Adeline Zhang

Yesterday, September 19th, Cisco announced an advisory for a critical vulnerability (CVE-2018-0150) that exists with their  IOS XE Software. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected […]

Vulnerabilities Discovered in NUUO Network Video Recorder

September 19, 2018 | Adeline Zhang

Tenable Research released two vulnerabilities in NVRMini2, NUUO’s Network Video Recorder software on September 17th. Risk information is as below: Reference link: https://www.tenable.com/security/research/tra-2018-25 Attack demo: https://www.youtube.com/watch?v=2EuFOZfRL4U Sketch of NVRMini2 structure: Vulnerability Description CVE-2018-1149: Unauthenticated Remote Stack Buffer Overflow The HTTP interface exposes the binary cgi_system through the http://<target>/cgi-bin/cgi_system endpoint. Much of the functionality of cgi_system […]

Response Guide of IBM WebSphere Code Execution Vulnerability

September 18, 2018 | Adeline Zhang

Recently IBM released a remote code execution vulnerability (CVE-2018-1567) in WebSphere application server. It could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. CVSS: 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected versions: IBM WebSphere 9.0.0.0 – 9.0.0.9 IBM WebSphere 8.5.0.0 – 8.5.5.14 IBM WebSphere 8.0.0.0 – 8.0.0.15 IBM […]