Overview Recently, NSFOCUS CERT found that Google officially fixed a heap buffer overflow vulnerability (CVE-2023-4863). Due to a flaw in the WebP module, an attacker triggered the vulnerability by inducing users to visit a malicious website, which ultimately led to arbitrary code execution on the target system. At present, it...
Autor: NSFOCUS
Warning: Newly Discovered APT Attacker AtlasCross Exploits Red Cross Blood Drive Phishing for Cyberattack
I. Abstract NSFOCUS Security Labs recently discovered a new attack process based on phishing documents in their daily threat-hunting operations. Delving deeper into this finding through extensive research, they confirmed two new Trojan horse programs and many rare attack techniques and tactics. NSFOCUS Security Labs believes that this new attack...
Apple Multiple Product Security Vulnerabilities Notification
Overview Recently, NSFOCUS CERT has detected that Apple has officially fixed three zero-day exploit in multiple products. These vulnerabilities exist in the wild. Affected users should take protective measures as soon as possible. The details of the vulnerability are as follows: Apple WebKit Arbitrary Code Execution Vulnerability (CVS 2023-41993): There...
Unlocking the Future of Cybersecurity: Meet Us at GovWare 2023
Today's ever-evolving digital landscape presents unparalleled opportunities alongside formidable cybersecurity challenges, making the security of organizations' networks and applications more crucial. As a global network and cyber security leader, we're excited to invite you to join us at GovWare 2023, a pivotal event held at the Sands Expo and Convention...
GitLab Unauthorized Call Vulnerability (CVC-2023-5009) Notification
Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed an unauthorized call vulnerability in GitLab Enterprise Edition (EE). The vulnerability is a bypass of CVE-2023-3932. An attacker with low privileges can abuse the scan execution policy to run pipelines without the user's consent. Successful exploitation...
Privacidade de dados: como proteger a sua empresa?
A era digital trouxe uma explosão no volume de dados gerados, coletados e armazenados diariamente. Esse cenário levanta questões críticas sobre a privacidade de dados, que se tornou um tópico central nas discussões empresariais e legislativas. Neste artigo, exploraremos o mundo da privacidade de dados, sua importância, a relação com...
