Detecção de Anomalias: o que é e qual a importância?
março 3, 2025
O crescimento das ameaças cibernéticas, como ataques DDoS, malwares e tentativas de invasão, destaca a necessidade de soluções robustas para proteger dados e sistemas críticos. É nesse contexto que a detecção de anomalias ganha destaque. A detecção de anomalias é uma ferramenta essencial na cibersegurança, capaz de identificar comportamentos suspeitos em redes, sistemas e aplicativos, […]
PostgreSQL SQL Injection Vulnerability (CVE-2025-1094)
fevereiro 25, 2025
Overview Recently, NSFOCUS CERT detected that PostgreSQL has issued a security announcement and fixed the PostgreSQL SQL injection vulnerability (CVE-2025-1094), with a CVSS score of 8.1. Since the psql tool of PostgreSQL is used to detect invalid UTF-8 characters (such as hax\xC0′; \! id #), resulting in accidental segmentation of SQL statements, and unauthenticated attackers […]
Build Your AI-Powered Penetration Testing Scheme with DeepSeek + Agent: An NSFOCUS Practice
fevereiro 20, 2025
Dilemma of Traditional Automated Penetration Testing Penetration testing has always been the core means of offensive and defensive confrontation for cybersecurity. However, traditional automatic penetration tools face three major bottlenecks: lack of in-depth understanding of business logic, insufficient ability to detect logical vulnerabilities, and weak ability to link vulnerabilities. Although the passive scanning engine can […]
Hidden Dangers of Security Threats in the Tide of DeepSeek
fevereiro 19, 2025
Recently, DeepSeek attracted global attention and triggered worldwide discussion with its advanced AI models. According to media, numerous Chinese companies have integrated DeepSeek, including Tencent, Alibaba, Baidu, Huawei, Geely Auto, PICC, Huawei, Honor, OPPO and Lenovo, covering multiple industries such as telecommunications, cloud computing, semiconductors, finance, automotive, and mobile technology. Meanwhile, With the fast increasing […]
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)
fevereiro 14, 2025
Overview Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the identity bypass vulnerability in PAN-OS (CVE-2025-0108). Due to the problem of path processing by Nginx/Apache in PAN-OS, unauthenticated attackers can bypass authentication to access the management web interface of PAN-OS device and call some PHP scripts, thus obtaining sensitive […]
Microsoft Security Update Notification in February of High-Risk Vulnerabilities in Multiple Products
fevereiro 14, 2025
Overview On February 12, NSFOCUS CERT detected that Microsoft released a security update patch for February, which fixed 63 security issues involving widely used products such as Windows, Microsoft Office, Azure, Apps, and Microsoft Visual Studio, including high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed in Microsoft’s monthly update […]
NSFGPT VS DeepSeek: A Test on DeepSeek’s Security Alarm Capability
fevereiro 13, 2025
NSFOCUS Security Lab conducted actual tests recently to evaluate DeepSeek-R1’s performance in security alarm analysis, in which DeepSeek-R1 showed higher alarm coverage than NSFOCUS’ self-developed SecLLM NSFGPT, but it also faces high false alarm rate and large performance overhead. Nonetheless, its enormous potential is noteworthy. This post will focus on the application evaluation of DeepSeek-R1 […]
O que é uma aplicações Web? Tipos e vantagem
fevereiro 13, 2025
O mundo da tecnologia avançou muito nos últimos anos e, com isso, as pessoas têm acesso a muitos recursos e aplicações que melhoram a vida de todos. Um desses recursos são as aplicações web, que estão ficando cada vez mais comuns. Essas aplicações web são criadas usando linguagens de programação como HTML, JavaScript e outras […]
Insights from the DeepSeek Malicious Software Package Incident: Why Software Supply Chain Security Matters in Global AI Technology Competition
fevereiro 11, 2025
Background With the widespread application of AI technology, software supply chains are facing more complex and diverse security threats. Since January 2025, DeepSeek, as an emerging force in China’s AI industry, has suffered from series of cyberattacks. According to the analysis by NSFOCUS Security Lab, most attacks are from IP addresses in the United States. […]
Core Features in NSFOCUS RSAS R04F04 2-2
fevereiro 6, 2025
Continuous Improvement of Asset Detection Capability Asset detection refers to the process of tracking and mastering network assets. The detection covers hardware equipment such as network products and general computing equipment; system software such as operating systems and virtualization platforms; middleware such as databases, language environments and development frameworks; application software such as ERP and […]
