An Insight into RSAC 2023: Lateral Movement in Kubernetes
junho 8, 2023
At the RSA Conference 2023, Yossi Weizman, Senior Security Researcher at Microsoft Defender for Cloud, shared with us the lateral movement of the Kubernetes (aka K8s) cluster and its impact on the cloud environment. Based on Yossi’s speech and NSFOCUS researchers’ understanding, this paper describes the use of lateral movement from the perspective of attack, […]
An Insight into RSAC 2023: 6 Keywords of RSAC 2023
junho 7, 2023
Keyword 1: Stronger Together Alone we can do so little; together we can do so much.” – Helen Keller The theme of this year’s conference is “Stronger Together”. What does “Stronger” mean? What is the specific scope to be “Together”? “Stronger” refers to the ability of the business itself to resist security risks. Although defensive […]
NSFOCUS Lua-based Anti-DDoS Solution
junho 6, 2023
Limitations of Pre-configured DDoS Protection Policies Lots of organizations have realized that DDoS defense is critical to the availability of network infrastructure. But most Anti-DDoS solutions in the market still rely on pre-configured protection policies with multiple threshold options to offer multi-layered protection at different levels. However, this approach has some limitations: Considering these limitations, […]
Will the device restart after importing the license for ADS, ADS M, and NTA?
junho 6, 2023
Upon successful import of the new license: After ADS, NTA, and ADS M are installed, you must import a license before using it. License types vary a bit for hardware devices and virtual devices. Hardware device: License types include Trial, Temporary Sales, and Perpetual. Virtual device (vADS, vNTA, vADSM): License types include Trial, Temporary Sales, […]
NSFOCUS Listed in Gartner® 2023 Market Guide for Security Threat Intelligence Products and Services Again
junho 1, 2023
Santa Clara, Calif. June 1, 2023 – We are proud to announce that NSFOCUS has been included in the Gartner®2023 Market Guide for Security Threat Intelligence Products and Services[1] as a representative vendor for 3 years in a row. According to this report published in May, “Security and risk management leaders struggle to know what […]
Apache RocketMQ Remote Code Execution Vulnerability (CVS 2023-33246)
junho 1, 2023
Overview Recently, NSFOCUS CERT found that the PoC of Apache RocketMQ remote code execution vulnerability (CVE-2023-33246) was publicly disclosed online. Due to the lack of appropriate permission verification in some components such as NameServer, Broker, and Controller of RocketMQ, they were unintentionally exposed to the external network. In specific circumstances, attackers can execute commands or […]
Illegal Download Protection
junho 1, 2023
When a client downloads a file from a server, NSFOCUS WAF performs protection based on the file type, file size or MIME type. If the download file matches an illegal download restriction policy, NSFOCUS WAF allows or blocks the download based on the corresponding action specified in the policy, and logs the event. On the […]
An Insight into RSAC 2023: Cooperation is the Key to Strengthening Cybersecurity
maio 30, 2023
“Stronger Together” is the theme of the RSA Conference this year. Under the trend that the cyber security industry not only deeply participates in international competition to ensure technological advancement, but also continues to strengthen independent innovation ability, this theme reflects the development vitality and unique confrontation characteristics of this industry and is in line […]
How does NIPS Block or Pass a Specific IP Address?
maio 30, 2023
Q: How does NIPS block traffic from a specific IP address or allow such traffic to pass? A: From version 5.6R11, NIPS introduces the global blacklist and whitelist. NIPS deems traffic from IP addresses in the global blacklist to be malicious by default and directly blocks such traffic. As for traffic from the allowed IP […]
GitLab Arbitrary File Read Vulnerability (CVS 2023-2825)
maio 29, 2023
Overview Recently, NSFOCUS CERT found that GitLab officially issued a security notice, fixing an arbitrary file reading vulnerability (CVE-2023-2825) in GitLab Community Edition (CE) and Enterprise Edition (EE). When there are attachments in public projects nested in at least five groups, unauthenticated remote attackers use the upload function to traverse the path, resulting in reading […]
