Palo Alto Networks PAN-OS Command Injection Vulnerability (CVE-2024-3400)
abril 18, 2024
Overview Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the command injection vulnerability (CVE-2024-3400) in PAN-OS. Since GlobalProtect gateway or portal configured in PAN-OS does not strictly filter user input, unauthenticated attackers can construct special packets to execute arbitrary code on the firewall with root privileges. The CVSS score […]
NSFOCUS Recognized as a Representative Vendor in the Gartner® Market Guide for Network Detection and Response
abril 15, 2024
SANTA CLARA, Calif., April 15, 2024 – NSFOCUS, a global leader in cybersecurity solutions, has been named a representative vendor in the 2024 Gartner Market Guide for Network Detection and Response. As a key strategic product, NSFOCUS’s network threat detection and response solutions have rapidly evolved and delivered exceptional performance, earning notable recognition within the […]
NIPS Troubleshooting Steps for No Log
abril 12, 2024
NIPS aims to accurately monitor abnormal network traffic, automatically blocking various types of aggressive traffic in real-time, particularly application layer threats. It aims to take proactive measures instead of merely providing alerts at the time of or after detecting malicious traffic. When malicious traffic is detected and blocked, a threat log is recorded and displayed […]
XZ-Utils Supply Chain Backdoor Vulnerability Updated Advisory (CVE-2024-3094)
abril 7, 2024
Vulnerability Overview Recently, NSFOCUS CERT detected that the security community disclosed a supply chain backdoor vulnerability in XZ-Utils (CVE-2024-3094), with a CVSS score of 10. Since the underlying layer of SSH relies on liblzma, when certain conditions are met, an attacker can use this vulnerability to bypass SSH authentication and gain unauthorized access on the […]
Policy Adjustment Based on Attack Events in ADS
abril 5, 2024
This article provides a brief explanation of policy fine-tuning in ADS. Please note that fine-tuning the protection policy is a time-consuming process. This article focuses on how to check attack details in ADS based on attack events and optimize policies accordingly. Due to different versions of ADS, the screenshots shown in the article may differ […]
JumpServer Remote Code Execution Vulnerability (CVE-2024-29201/CVE-2024-29202) Notice
abril 3, 2024
Overview Recently, NSFOCUS CERT detected that JumpServer issued a security announcement and fixed two remote code execution vulnerabilities. At present, the PoC of the vulnerability has been made public. Affected users should take protective measures as soon as possible. CVE-2024-29201: Since the Ansible module in JumpServer does not perform complete input verification, attackers with low-privilege […]
Modern DDoS Attacks and the Rise of DDoS Coalitions
abril 2, 2024
DDoS attacks have become an indispensable weapon to paralyze network systems in cyber warfare. Emerging DDoS attacks, such as HTTP/2 Rapid Reset and SLP reflection amplification attacks, are constantly emerging. Both attackers and defenders are struggling to upgrade their technology in order to discover new offensive and defensive strategies. DDoS attacks are no longer limited […]
XZ Utils Backdoor Vulnerability (CVE-2024-3094) Advisory
abril 1, 2024
Overview NSFOCUS CERT recently detected that a backdoor vulnerability in XZ Utils (CVE-2024-3094) was disclosed from the security community, with a CVSS score of 10. Because the SSH underlying layer relies on liblzma, an attacker could exploit this vulnerability to bypass SSH authentication and gain unauthorized access to affected systems, allowing arbitrary code execution. After […]
Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086) Alert
março 29, 2024
NSFOCUS CERT has detected that details and a proof-of-concept (PoC) tool for a Linux kernel privilege escalation vulnerability CVE-2024-1086, have been publicly disclosed recently. Due to a use-after-free vulnerability in the netfilter: nf_tables component of the Linux kernel, the nft_verdict_init() function allows the use of positive values as a drop error in the hook verdict. […]
NSFOCUS WAF API Security Overview
março 29, 2024
NSFOCUS WAF v.6080 provides protection for third-party API assets. The API security protection features assist clients in refining their inventory of API assets through a combination of proactive and reactive strategies. By integrating automatically generated API baselines and imported OAS files, NSFOCUS WAF conducts API compliance checks. NSFOCUS WAF supports parsing multi-protocol traffic for filtering […]
