How does NIPS Block or Pass a Specific IP Address?
maio 30, 2023
Q: How does NIPS block traffic from a specific IP address or allow such traffic to pass? A: From version 5.6R11, NIPS introduces the global blacklist and whitelist. NIPS deems traffic from IP addresses in the global blacklist to be malicious by default and directly blocks such traffic. As for traffic from the allowed IP […]
GitLab Arbitrary File Read Vulnerability (CVS 2023-2825)
maio 29, 2023
Overview Recently, NSFOCUS CERT found that GitLab officially issued a security notice, fixing an arbitrary file reading vulnerability (CVE-2023-2825) in GitLab Community Edition (CE) and Enterprise Edition (EE). When there are attachments in public projects nested in at least five groups, unauthenticated remote attackers use the upload function to traverse the path, resulting in reading […]
Software Supply Chain Security Solution – Supply Chain Security Supervision (Part 2)
maio 25, 2023
Continued from the previous post: Software Supply Chain Security Solution – Supply Chain Security Supervision (Part 1) II. Open-source Software Risk Monitoring Driven by the open source community and the continuous development of open source, open source software is widely used in practical engineering projects, and the number is growing rapidly. The number of open […]
Software Supply Chain Security Solution – Supply Chain Security Supervision (Part 1)
maio 25, 2023
NSFOCUS Security Labs is keeping an eye out for the trends in supply chain security and is pleased to share observations and thoughts with our blog readers. You will see the links for more posts we published about software supply chain security at the end of the article. In the next several posts, we are going to […]
Smart Cybersecurity Summit Thailand
maio 24, 2023
Smart Cybersecurity Summit Thailand, May 24, 2023, Queen Sirikit National Convention Centre, Bangkok NSFOCUS, a leading provider of network security solutions and services, exhibited at Smart Cybersecurity Summit Thailand 2023 in Bangkok as Silver Sponsor, organized by Cyber Security World on May 24, 2023. NSFOCUS team presented our solutions and services to booth visitors with […]
Pay Attention to New SLP Vulnerability That May Lead to Massive DDoS Amplification Attacks
maio 23, 2023
A new reflective Distributed-Denial-of-Service (DDoS) amplification vulnerability was recently discovered in the Service Location Protocol (SLP), which allows attackers to achieve a high amplification factor of over 2,200 times. This vulnerability has been identified as CVE-2023-29552, potentially making it one of the largest amplification attacks ever recorded. SLP is a protocol that provides a dynamic […]
How to Power Off ADS M Portal Properly
maio 22, 2023
To ensure proper shutdown of the ADS M Portal, it is recommended to synchronize memory data with the hard disk before initiating a shutdown. The command for this is sync. Failure to do so may result in data loss. After synchronization, you may proceed with the shutdown command for power off, instead of power off […]
Linux Kernel Privilege Escalation Vulnerability (CVS 2023-32233) Notice
maio 18, 2023
Overview Recently, NSFOCUS CERT found that the PoC of Linux Kernel privilege escalation vulnerability (CVE-2023-32233) was publicly disclosed online. There is a use-after-free vulnerability in Linux kernel’s subsystem Netfilter nf_tables, which can be exploited by authenticated local attackers to perform arbitrary read and write operations in kernel memory, ultimately elevating permissions to ROOT. The CVSS […]
Retrospective of Insights at RSAC 2023: The Secret Life of Enterprise Botnets
maio 18, 2023
Secret Life of Enterprise Botnets The Secret Life of Enterprise Botnets is a speech in a session of RSA Conference 2023 by Dr. Craig Labovitz, Head of Technology for the Deepfield business unit at Nokia. In collaboration with global Internet providers, researchers tracked more than 500,000 compromised enterprise servers, security cameras and IoT (HVAC, PoS, […]
Configuring TCP Flood Protection on NSFOCUS WAF
maio 16, 2023
According to the working principle of TCP/IP, only a certain amount of TCP/IP connections are allowed. Attackers exploit this to launch TCP flood attacks, which are divided into two types: An attacker sends too many SYN packets to a target server for processing, exhausting the server’s resources and making the server unresponsive to legitimate traffic. […]
