We are very excited to announce that NSFOCUS has been appraised at Maturity Level 5 of the CMMI Institute’s Capability Maturity Model Integration (CMMI)® Version 2.0. CMMI is a proven set of global best practices that drives business performance through building and benchmarking key capabilities. It is an integrated framework of...
Ano: 2021
SASE, Born for Digital Age
SASE (Security Access Services Edge, pronounced sassy /ˈsæsi/) is a network security service architecture introduced by Gartner in 2019. Gartner defines it as “an emerging offering combining comprehensive WAN capabilities with comprehensive network security functions (such as SWG, CASB, FWaaS, and ZTNA) to support the dynamic security access needs of digital...
-e1619596788284.jpg)
Security Risks and Threats of Containerized Infrastructure
As a kind of lightweight virtualization technology, containers run in the operating system kernel of a host. Therefore, traditional security issues remain in hosts and networks. Besides, container escape risks, container image risks, virtual network risks, and configuration risks will become new security threats facing containerized infrastructure. Attacks on Container...
The New Trend of Ransomware: Triple Extortion
Threat actors who specialize in ransomware are always using Double Extortion Tactics in which they not only encrypt the victim’s data but also threaten to leak sensitive data publicly unless the ransom is paid. Double Extortion Tactics first started appearing in late 2019, becoming an increasingly common trend through 2020....
Linux Kernel Privilege Escalation Vulnerability (CVE-2021-33909) Threat Alert
Overview Recently, NSFOCUS CERT discovered that the Qualys research team disclosed a local privilege escalation vulnerability (CVE-2021-33909, aka Sequoia) in the filesystem layer in the Linux kernel. It is a size_t-to-int type conversion vulnerability in the seq_file interface in the Linux kernel. fs/seq_file.c's improper restriction of the seq buffer allocation...
WebLogic Multiple High-Risk Vulnerabilities Threat Alert
Overview On July 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 342 vulnerabilities of varying risk levels. Among these vulnerabilities, three severe ones are easy to exploit to affect WebLogic. Users are advised to take measures without delay to protect against the...
