Innovative Access Control Approach Published in IEEE Transactions on Systems, Man, and Cybernetics: Systems
julho 26, 2023
NSFOCUS Security Labs recently collaborated with the research team from the School of Computer Science at China University of Geosciences (Wuhan) on a research paper titled “Computable Access Control: Embedding Access Control Rules into Euclidean Space“. This paper has been officially accepted and published online by the prestigious international journal “IEEE Transactions on Systems, Man, […]
Spring Security Identity Authentication Bypass Vulnerability (CVS 2023-34034)
julho 25, 2023
Overview Recently, NSFOCUS CERT monitored Spring’s official security announcement and disclosed an identity bypass vulnerability in Spring Security. Using ‘**’ as the pattern in the Spring Security configuration of WebFlux can cause a pattern mismatch between Spring Security and Spring WebFlux, and may result in identity authentication bypass. CVSS score is 9.1. Affected users should […]
Atlassian Multiple High Risk Vulnerabilities Notification
julho 24, 2023
Overview Recently, NSFOCUS CERT monitored that the official security announcement of Atlassian has fixed multiple high-risk vulnerabilities in the Atlassian products. Affected users should take protective measures as soon as possible. Atlas Conflict Data Center and Server Remote Code Execution Vulnerability (CVS-2023-22508/CVC-2023-22505): There is a remote code execution vulnerability in the Atlas Conflict Data Center […]
Description of ADS Attack Logs: SYN Flood Logs (Part 1)
julho 20, 2023
Introduction to SYN Flood A three-way handshake is required to establish a TCP connection. First, the client sends a TCP SYN packet to the server. The server responds to the client request with an SYN-ACK packet. Then the server waits and expects an ACK packet from the client. At this time, the connection is in […]
NSFOCUS Continuously Dominating the Anti-DDoS Hardware Market in China with Unparalleled Market Share
julho 20, 2023
According to the IDC China Anti- DDoS Hardware Market Share, 2022: Opportunities and Challenges Coexist published on June 29, 2023, NSFOCUS, with its Anti-DDoS solution powered by a robust protection algorithm and excellent services, has again claimed the leading position in China’s Anti-DDoS hardware market. NSFOCUS keeps ahead of this market for many years running […]
Oracle Products Key Patches Update Notice for July 2023
julho 19, 2023
Overview On July 19, NSFOCUS CERT found that Oracle officially released the Critical Patch Update in July with 508 vulnerabilities included. This security update involved Oracle WebLogic Server, Oracle MySQL, Oracle Financial Services Applications, Oracle Enterprise Manager, Oracle Retail Applications and other commonly used products. Oracle strongly recommends its customers apply critical patches to update […]
Windows Error Reporting Service Privilege Enhancement Vulnerability (CVE-2023-36874)
julho 17, 2023
Overview NSFOCUS security team recently monitored that Microsoft released a security patch, fixing the Windows Error Reporting service privilege escalation vulnerability (CVE-2023-36874). An attacker who successfully exploited this vulnerability could gain administrator privileges. Microsoft’s official security update announcement in July stated that attackers must have local access to the target computer, and users must be […]
Adobe ColdFusion Multiple Security Vulnerabilities Notification
julho 13, 2023
Overview Recently, NSFOCUS CERT monitored that Adobe has officially released security notices and fixed multiple Adobe ColdFusion vulnerabilities. Affected users should take measures as soon as possible. The key vulnerabilities are as follows: Adobe ColdFusion Access Control Bypass Vulnerability (CVS 2023-29298): Adobe ColdFusion has an access control bypass vulnerability that allows attackers to access management […]
Enhancing Campus Network Resilience: How NSFOCUS Anti-DDoS Solution Safeguards the Education Sector from DDoS Attacks
julho 13, 2023
Customer Overview The customer is a leading research-intensive university in Asia, with a distinguished history and a reputation for excellence in teaching and research. The university has a large campus network that serves students, faculty, staff, external partners, and visitors. With the increasing threats of DDoS attacks, the customer recognized the need to implement a […]
Common SSL Vulnerability Protection
julho 13, 2023
This article describes how to configure security policies on NSFOCUS WAF for protection against some common SSL vulnerabilities. TLS Client-initiated Renegotiation Support on the Server – CVE-2011-1473 This vulnerability exists during SSL renegotiation, and services that use the SSL renegotiation function will be impacted. Although it is currently possible to use HTTPS without enabling the […]
