2023 Cybersecurity Regulation Recap (Part 4): Tech Development & Governance
fevereiro 13, 2024
In 2023, countries worldwide continued to strengthen their cybersecurity capabilities and systems in response to their national needs, using regulatory means to enhance their cybersecurity management. Based on continuous tracking and research, NSFOCUS summarized the development of global cybersecurity regulations and policies in 2023, hoping to provide valuable insights and guidance for stakeholders, policymakers, and […]
NSFOCUS WAF Security Reports
fevereiro 8, 2024
NSFOCUS WAF security reports are divided into classification-specific alert reports and period-specific alert reports. You can acquire reports based on query conditions, such as websites, event types, statistic collection periods, and statistic collection time. 1. Generation procedure: Logs & Reports > Security Reports > Classification-Specific Alert Report or Period-Specific Alert Report > Choose the query […]
CTEM: Navigating the Future of Attack Surface
fevereiro 8, 2024
This article introduces the concept of Continuous Threat Exposure Management (CTEM), delving into the philosophy behind CTEM, its five stages, and exploring key technologies that support its implementation. I. Introduction In mid-October 2023, Gartner released the top 10 strategic technology trends for 2024 that enterprises need to explore, as depicted in Figure 1. Gartner categorized these trends into three […]
2023 Cybersecurity Regulation Recap (Part 3): Privacy Protection
fevereiro 6, 2024
In 2023, countries worldwide continued to strengthen their cybersecurity capabilities and systems in response to their national needs, using regulatory means to enhance their cybersecurity management. Based on continuous tracking and research, NSFOCUS summarized the development of global cybersecurity regulations and policies in 2023, hoping to provide valuable insights and guidance for stakeholders, policymakers, and […]
Runc Container Escape Vulnerability Alert
fevereiro 2, 2024
Overview Recently, NSFOCUS CERT detected that the runc officially issued a security notice and fixed a container escaping vulnerability (CVE-2024-21626). Since the internal file descriptor of runc is leaked during initialization and the final working directory is not verified to be located in the mount namespace of the container, attackers can conduct container escaping in […]
Preliminary Troubleshooting for Cloud Authentication Failure in ADS, NTA and ADSM
fevereiro 1, 2024
If the virtual product uses cloud authentication, it needs to communicate with the cloud authentication center periodically every day to complete the authentication and ensure availability. You can confirm the authorization mode by checking the Authorization Mode of the license. For example, in the image below, NTA uses cloud authorization. If the product fails to […]
2023 Cybersecurity Regulation Recap (Part 2): Data Security
fevereiro 1, 2024
In 2023, countries worldwide continued to strengthen their cybersecurity capabilities and systems in response to their national needs, using regulatory means to enhance their cybersecurity management. Based on continuous tracking and research, NSFOCUS summarized the development of global cybersecurity regulations and policies in 2023, hoping to provide valuable insights and guidance for stakeholders, policymakers, and […]
SecLLM: Enhancing Cyber Security with Large Language Model – Technical White Paper Overview
janeiro 31, 2024
Drawing on years of accumulated expertise in security and high-quality data in the field of “artificial intelligence + security,” NSFOCUS has announced the release of its Technical White Paper: Enhancing Network Security with Security Large Language Model (SecLLM). This white paper shares the best practices and lessons learned during the development of NSFOCUS SecLLM, exploring […]
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) Notice
janeiro 30, 2024
Overview Recently, NSFOCUS CERT detected that Jenkins issued a security announcement and fixed an arbitrary file reading vulnerability in the Jenkins CLI (CVE-2024-23897). Since one function of its CLI command parser is enabled by default in Jenkins, the specific parser function expandAtFiles can replace the character following the file path in the @ parameter with […]
2023 Cybersecurity Regulation Recap (Part 1): Network Security
janeiro 30, 2024
In 2023, countries worldwide continued to strengthen their cybersecurity capabilities and systems in response to their national needs, using regulatory means to enhance their cybersecurity management. Based on continuous tracking and research, NSFOCUS summarized the development of global cybersecurity regulations and policies in 2023, providing a brief commentary and presenting NSFOCUS’s perspective on some important […]
