Ransomware: o que é, prevenção e como diminuir sua exposição?
novembro 20, 2023
O termo ransomware é um tema frequente nas discussões sobre segurança cibernética. Trata-se de um tipo de malware que pode causar sérios danos a indivíduos e organizações, restringindo o acesso a dados vitais e sistemas inteiros. Neste artigo, vamos entender o que é ransomware, mitigações e formas de assegurar sua exposição. Continue a leitura! O […]
An Explanation of Traffic Abnormal in the NTA DDoS Attack Alert
novembro 16, 2023
Traffic Abnormal does not differentiate between alert types. Any instance where the total traffic volume for a single destination IP exceeds the threshold is considered a traffic anomaly.
Apache Arrow PyArrow Arbitrary Code Execution Vulnerability (CVS 2023-47248) Notification
novembro 15, 2023
Overview Recently, NSFOCUS CERT found that Apache Arrow issued a security notice, which fixed an arbitrary code execution vulnerability in the PyArrow library (CVE-2023-47248). Due to PyArrow reading Arrow IPC, Feather, or Parquet data from untrusted sources, PyExtensionType creates an automatic loading feature that allows for deserialization of data from non PyArrow sources. When using […]
Why Isn’t My ChatGPT Working?
novembro 13, 2023
“My ChatGPT isn‘t working properly.“ “I can’t log in, and it’s not responding at all.” Just as OpenAI released a series of new features recently, ChatGPT experienced prolonged service disruptions last Wednesday. Subsequently, OpenAI issued a statement revealing that they were facing periodic outages across ChatGPT and the API due to a reflective Distributed Denial […]
Quais as diferenças entre ataques DDoS na camada de aplicação e na camada de rede?
novembro 13, 2023
O mercado de serviços de proteção contra ataques de negação de serviço distribuídos, ou Anti-DDoS – possui um grande foco na mitigação de ataques direcionados à camada de rede da infraestrutura das empresas. Neste tipo de ataque, os vetores infectados são utilizados comumente para gerar requisições sem objetivo de comunicação concreta, com o intuito de […]
The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits
novembro 10, 2023
Overview In 2022, NSFOCUS Research Labs revealed a large-scale APT attack campaign called DarkCasino and identified an active and dangerous aggressive threat actor. By continuously tracking and in-depth study of the attacker’s activities, NSFOCUS Research Labs has ruled out its link with known APT groups, confirmed its high-level persistent threat nature, and following the operational […]
NTA SMTP Functionality Usage
novembro 10, 2023
Customers can enable SMTP functionality to ensure timely receipt of alert notifications and device logs. Below are the steps to configure SMTP functionality. Configuring an SMTP Server 1. Choose Administration > Third-Party Interface > Email Service and click SMTP Server 2. Configure parameters Parameters for configuring an SMTP server: Parameter Description SMTP Server Address Specifies […]
Software Supply Chain Security Solution – Supply Chain Security Control
novembro 9, 2023
Establishing a Software Supply Chain Asset Register An organization’s products and services are diverse and complex. By establishing a software supply chain asset register, you can have a clear understanding of the supply chain relationships within your organization. The organization needs to create a comprehensive inventory of suppliers, software, tools, services, and upstream and downstream […]
NSFOCUS WAF Running Modes
novembro 7, 2023
NSFOCUS WAF supports multiple running modes. You can modify the running mode based on the network topology. Deployment Topology Deployment Topology can be set to In-Path, Out-of-Path, Reverse Proxy, Mirroring or Plugin-enabled. Mode Configuration Mode Configuration can be set to one of the following values (modes vary with deployment topologies): Emergency Mode After entering the […]
Bolstering API Security and Bot Attack Protection with NSFOCUS Next-Generation WAF
novembro 6, 2023
NSFOCUS’s Next-Generation WAF addresses various threats faced by users, such as web vulnerability exploitation, resource abuse, and resource access control. It provides a comprehensive solution that includes traditional WAF functionality, bot traffic management, API security, and DDoS protection, all integrated into one coherent system. The upgraded system architecture ensures the security of web applications, business […]
