Jie Ji

NSFOCUS Managed Security Service Case: Protection Policy Tuning for Further Improved Result in a 170Gbps DDoS Incident

maio 13, 2022

Incident Response On mid-2021, a multinational telecom service provider was attacked by a sudden large-scale DDoS attack with the peak value of 170Gbps with maximum 5Gbps of malicious traffic leakage, with equivalent Mitigation Effect (mitigated malicious traffic/total ingress traffic) stays at least 97%. The service provider did not encounter service interruption during the whole incident. […]

CASB, A Tech “Celebrity” from the Cloud Era

maio 4, 2022

Debut of CASB With cloud computing being a key to industry revolution, more and more enterprises and organizations are discovering the benefits of storing and processing data in the cloud and migrating business systems from local data centers to the cloud. As business systems are migrated to the cloud, the security responsibility of enterprises has […]

SASE: The Relationship Between SD-WAN and SASE

maio 2, 2022

Last time we talked about the powerful features and rich usage scenarios of SD-WAN (SASE Popular Science Series: Understanding SD-WAN), what about the relationship between such a powerful SD-WAN and NSFOCUS SASE? This starts with the challenges faced by enterprises today…… Current Problems Faced by Enterprises Single node deployment security capacities, causing network congestion With […]

7 Gbps TCP-Middlebox-Reflection Incident Mitigated by NSFOCUS

abril 29, 2022

In mid-April, NSFOCUS discovered that one of its Cloud DDoS Protection Service customer in APAC region has encountered a TCP-middlebox-reflection attack which became popular throughout the world during past months after its first discourse in Aug, 2021. The attack reached its peak at 7Gbps and lasted for several hours, after immediate reaction by NSFOCUS Managed […]

Critical Patch Update Notice for All Oracle Products in April 2022

abril 21, 2022

Overview On April 20, 2022, NSFOCUS’s CERT monitoring found that Oracle officially released the April Critical Patch Update announcement CPU (Critical Patch Update). A total of 520 vulnerabilities of varying degrees were fixed. This security update involves Oracle WebLogic Server. , Oracle MySQL, Oracle Java SE, Oracle FusionMiddleware, Oracle Retail Applications and many other common […]

Apache Struts Remote Code Execution Vulnerability S2-062 (CVE-2021-31805) Alert

abril 14, 2022

Overview On April 13, 2022, NSFOCUS CERT detected that Struts officially issued a security notice and fixed a remote code execution vulnerability S2-062 (CVE-2021-31805). This vulnerability is not fully repaired for S2-061. When developers use the %{…} syntax to force OGNL parsing, there are still some special TAG attributes that can be parsed twice; attackers […]

APT Group Lazarus Distributing Korean Phishing Lures to Feel Out Cryptocurrency Users

abril 12, 2022

Overview Recently, NSFOCUS Security Labs captured a series of phishing documents containing specific Korean bait information. Most of these documents contain keywords such as “BTC”, “ETH”, “NFT”, and “account information”, which trick victims into opening them and then use remote template injection to implant malicious programs, thereby stealing host information. Analysis shows that these phishing […]

Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965) Manual

abril 2, 2022

Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in Spring related frameworks. Unauthorized remote attackers can construct HTTP requests to write malicious programs on the target system to execute arbitrary code. This vulnerability is Spring framework remote code execution vulnerability. (CVE-2010-1622), but it has a wider impact. Officials have released versions 5.2.20.RELEASE and […]

Information Collection Technology of Cloud Native Environment (I)

março 31, 2022

Abstract Information collection is a very important part of both attack and defense, and high-quality information collected is the basis and premise of follow-up work. However, fragmentary information and the complex composition of cloud native itself bring certain challenges to information collection in cloud native environment. This series of posts will share ideas and methods […]

Spring Cloud Function SPEL Expression Injection Vulnerability Alert

março 28, 2022

Overview Recently, NSFOCUS CERT detected that Spring Cloud officially fixed a SPEL expression injection vulnerability in Spring Cloud Function, because the parameter “spring.cloud.function.routing-expression” in the request header is processed as a Spel expression by the apply method of the RoutingFunction class in Spring Cloud Function, resulting in a Spel expression injection vulnerability, which can be […]

Search

Inscreva-se no Blog da NSFOCUS