Overview On January 16, NSFOCUS CERT detected that Atlassian officially released a security announcement fixing the remote code execution vulnerability (CVE-2023-22522) in Confluence Data Center and Confluence Server. This vulnerability is caused by template injection. Unauthenticated attackers can inject malicious requests into Confluence pages to implement remote code execution on affected targets. The CVSS score […]

1. Introduction of the New Botnet RDDoS In early November 2023, NSFOCUS’s Global Threat Hunting System detected that an unknown elf file was spreading widely, which aroused our vigilance. After further analysis, we confirmed that this batch of elf samples belonged to a new botnet family. NSFOCUS Security Research Labs named the botnet Trojan as […]

Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed multiple security vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including two serious vulnerabilities. Affected users should take protective measures as soon as possible. CVE-2023-7028: In GitLab CE/EE, users can reset their passwords through the auxiliary email address. Due […]

Summarizing the past, embracing the future. Let’s take a look at the key events of NSFOCUS WAF in 2023. Market Recognition June 2023: NSFOCUS Tops China’s Hardware WAF Market for Four Consecutive Years in IDC market share research report on China’s hardware WAF market share; August 2023: Gartner named NSFOCUS a Representative Vendor of API […]

SANTA CLARA, Calif., January 9, 2024 – NSFOCUS, a global provider of intelligent hybrid security solutions, today announced that NSFOCUS has been named a Major Player in the IDC MarketScape: Worldwide Risk-Based Vulnerability Management Platforms 2023 Vendor Assessment (doc #US50302323, November 2023).   IDC MarketScape vendor analysis model is designed to provide an overview of […]

According to an industry report, over 75% of cybersecurity attacks target the web application layer. Additionally, statistics indicate that more than two-thirds of websites lack adequate security measures. With digital transformation, organizations are moving more business operations to the Internet. New-generation applications are accessed through various channels like the Web and APIs, leading to increased […]

Secure Boot aims to add an additional layer of protection to the boot process, laying the foundation for overall computer security. Secure Boot technology, much like a vigilant guardian, ensures that only digitally signed and trusted components are allowed to initiate the system boot process, fortifying the system against unauthorized and potentially malicious software. As […]

SANTA CLARA, Calif., Dec 27, 2023 – NSFOCUS, a global provider of intelligent hybrid security solutions, today announced that NSFOCUS is included in the Security Service Edge Solutions Landscape for Q4 2023 recently published by Forrester, an internationally authoritative research and consulting firm. Forrester believes that security service edge (SSE) solutions can provide Zero Trust […]

Overview Recently, NSFOCUS CERT detected that OpenSSH released a security update and fixed a command injection vulnerability caused by malicious shell characters (CVE-2023-51385), with a CVSS score of 9.8; Since there is no security filtering of username and hostname input represented by %h,%u in OpenSSH’s ProxyCommand command, command injection may occur if the username or […]

Overview Recently, NSFOCUS CERT detected that Apache officially released a security announcement and fixed two high-risk vulnerabilities in Apache Ofbiz. CVE-2023-50968: Due to problems in Apache Software Foundation, unauthorized attackers can read files and carry out SSRF attacks when operating uri calls; CVE-2023-51467: Due to a privilege verification logic error in Apache Ofbiz, an attacker […]