The partner event with Glocomp Systems (M) Sdn Bhd kicked off on Nov. 29th in Malaysia. It was a wonderful chance for us to introduce our latest Next-Gen Firewall (NGFW) solution which meets the changing needs of the cloud-enabled enterprise network.
Ano: 2022
A Look at Qatar’s Infrastructure Construction Through Cyberspace Surveying and Mapping Technology
As the 2022 FIFA World Cup kicked off on Sunday, Nov 20, 2022, no country can be more notable than Qatar these days. In this article, we will get you familiar with the host nation Qatar, and show you its infrastructure construction level through analysis of cyberspace services. Qatar and...
NSFOCUS WAF IP Reputation Introduction
NSFOCUS WAF obtains IP Reputation Data Feed from NSFOCUS Threat Intelligence (NTI). NSFOCUS WAF IP Reputation can get the list of IP addresses that have earned a negative reputation through involvement in suspicious activity, including phishing attacks, spam, botnets, DDoS attacks, APT attacks, and more. NSFOCUS WAF will filter high-risk...
The Increasingly Complex and Varied Vectors to Attack Software Supply Chain
Unlike vulnerability exploitation in products, attack vectors and implementation channels targeting the supply chain in the real environment are more diverse. Due to the advantages of low development cost, the widespread use of open-source components in projects has become the mainstream development method. The conflict between a rule-relaxed open community...
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability (CVE-2022-43781) Alert
Overview Recently, NSFOCUS CERT found that Atlassian officially fixed a command injection vulnerability in Bitbucket Server and Data Center. Due to flaws in Bitbucket Server and Data Center, attackers with user name control rights can implement command injection through environment variables, and eventually cause commands to be executed arbitrarily on...
Apache Airflow Remote Code Execution Vulnerability (CVE-2022-40127)
Overview On November 21, NSFOCUS CERT discovered on Internet a PoC of a remote code execution vulnerability (CVE-2022-40127) in Apache Airflow. Due to the flaw in Example Dags in Apache Airflow, an attacker with UI access rights can use this vulnerability to trigger Dags, and then by manually providing the...
