Cyber Heist – Cyber Madness 2023
agosto 5, 2023
Cyber Heist, Aug 1-2, 2023, The Globe Tower in BGC, Taguig City, Philippines. This event aims to raise awareness of common cybersecurity threats by immersing the attendees in simulations of cybersecurity breach scenarios. Our experts discussed with audiences about the best course of action in real-world scenarios, and showcased our security solution with live demos.
Metabase Remote Code Execution Vulnerability (CVS 2023-37470)
agosto 3, 2023
Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in Metabase (CVE-2023-37470). Due to a flaw in the vulnerability fix for CVS 2023 38646, attackers can achieve remote code execution through H2 connection string injection. Affected users should take protective measures as soon as possible. Reference link: https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83 Scope of Impact Affected version Open […]
“Save” and “Apply” Buttons on ADS Configuration Page
agosto 3, 2023
When working with the ADS, it is important to understand the role of the “Apply ” and “Save” buttons located in the upper-right corner of the configuration pages. Apply: Clicking the “Apply” button will apply and enforce the configuration changes, making them effective in the RAM of the ADS. These changes will take effect immediately […]
NSFOCUS ISOP: XDR Technology Empowered with Strong SOAR Capabilities for Modern SOC
agosto 3, 2023
SANTA CLARA, Calif., Aug 3, 2023 – NSFOCUS, a global provider of intelligent hybrid security solutions, today announced the general availability of NSFOCUS Intelligent Security Operations Platform (ISOP), an innovative security analytics and intelligent operations platform that can streamline the security analyst experience, rejuvenate threat response efficiency and improve security operations productivity. NSFOCUS ISOP was […]
QNAP Multiple Vulnerabilities Notification
agosto 2, 2023
Overview Recently, NSFOCUS CERT monitored that QNAP officially released the QVPN code execution vulnerability and QANP denial-of-service vulnerability. Affected users should take protective measures as soon as possible. VPN Code Execution Vulnerability (CVS 2022-27595): There is a code execution vulnerability in the Windows version of the QVPN client, which can be exploited by authenticated local […]
Metabase Remote Code Execution Vulnerability (CVS 2023-38646) Notification
agosto 1, 2023
Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in Metabase (CVE-2023-38646). Unauthenticated attackers can successfully exploit this vulnerability to execute arbitrary commands with Metabase server privileges on the target server. Affected users should take protective measures as soon as possible. Reference link: https://www.metabase.com/blog/security-advisory Scope of Impact Affected version Open source version: Enterprise version: […]
NSFOCUS Tops China’s Hardware WAF Market for Four Consecutive Years
julho 28, 2023
IDC released the market share research report on China’s hardware WAF market share recently. NSFOCUS ranks first with a market share of 11.9%, leading the WAF market in China for four consecutive years from 2019 to 2022. NSFOCUS’s next-generation WAF has been selected by more than 5,000 organizations and has become the preferred WAF product […]
NSFOCUS WAF Log4j2_RCE Protection
julho 27, 2023
Logging events is a critical aspect of software development. While there are lots of frameworks available in Java ecosystem, Log4j has been the most popular for decades, due to the flexibility and simplicity it provides. Apache Log4j is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j 2 is a […]
Innovative Access Control Approach Published in IEEE Transactions on Systems, Man, and Cybernetics: Systems
julho 26, 2023
NSFOCUS Security Labs recently collaborated with the research team from the School of Computer Science at China University of Geosciences (Wuhan) on a research paper titled “Computable Access Control: Embedding Access Control Rules into Euclidean Space“. This paper has been officially accepted and published online by the prestigious international journal “IEEE Transactions on Systems, Man, […]
Spring Security Identity Authentication Bypass Vulnerability (CVS 2023-34034)
julho 25, 2023
Overview Recently, NSFOCUS CERT monitored Spring’s official security announcement and disclosed an identity bypass vulnerability in Spring Security. Using ‘**’ as the pattern in the Spring Security configuration of WebFlux can cause a pattern mismatch between Spring Security and Spring WebFlux, and may result in identity authentication bypass. CVSS score is 9.1. Affected users should […]
