Linux Kernel Privilege Escalation Vulnerability (CVS 2023-32233) Notice
maio 18, 2023
Overview Recently, NSFOCUS CERT found that the PoC of Linux Kernel privilege escalation vulnerability (CVE-2023-32233) was publicly disclosed online. There is a use-after-free vulnerability in Linux kernel’s subsystem Netfilter nf_tables, which can be exploited by authenticated local attackers to perform arbitrary read and write operations in kernel memory, ultimately elevating permissions to ROOT. The CVSS […]
Retrospective of Insights at RSAC 2023: The Secret Life of Enterprise Botnets
maio 18, 2023
Secret Life of Enterprise Botnets The Secret Life of Enterprise Botnets is a speech in a session of RSA Conference 2023 by Dr. Craig Labovitz, Head of Technology for the Deepfield business unit at Nokia. In collaboration with global Internet providers, researchers tracked more than 500,000 compromised enterprise servers, security cameras and IoT (HVAC, PoS, […]
Configuring TCP Flood Protection on NSFOCUS WAF
maio 16, 2023
According to the working principle of TCP/IP, only a certain amount of TCP/IP connections are allowed. Attackers exploit this to launch TCP flood attacks, which are divided into two types: An attacker sends too many SYN packets to a target server for processing, exhausting the server’s resources and making the server unresponsive to legitimate traffic. […]
Key Technologies for Software Supply Chain Security – Data Security Technology
maio 15, 2023
According to Gartner’s supply chain security risk report in 2021[1], breaches of confidential or sensitive information constitute another major factor contributing to software supply chain risks. Hackers steal hard-coded credentials in source code, building logs, and infrastructure, such as API keys, encryption keys, tokens, and passwords, or locate vulnerabilities in a leaked software bill of […]
Microsoft’s May security update for multiple high-risk product vulnerabilities
maio 11, 2023
Overview On May 10, NSFOCUS CERT monitored that Microsoft had released a security update patch for May, which fixed 38 security issues, involving Win32k, Windows OLE, Microsoft SharePoint Server, Windows Pragmatic General Multicast (PGM) and other widely used products, including high-risk vulnerability types such as privilege enhancement and remote code execution. Among the vulnerabilities fixed […]
A Recap of NSFOCUS Seminar on “Are You Ready for the Evolving DDoS Threat Landscape? “
maio 11, 2023
In the middle of April, NSFOCUS held a seminar on “Are You Ready for the Evolving DDoS Landscape?”. In the seminar, David Gao, Principal Security Solution Architect of NSFOCUS summarized the findings of the Global DDoS Attack Landscape in 2022 and gave his insights on the trends to help customers protect against the evolving DDoS attacks. Some topics […]
NSFOCUS 2022 Cybersecurity Insights: A Summary
maio 10, 2023
NSFOCUS is a leading provider of enterprise-level network security solutions and services. NSFOCUS has released the annual cybersecurity insights report in April, which analyzed the overall trends, threats, and challenges in the cyber landscape. The full NSFOCUS Cybersecurity Insights for 2022 report is available here. Here are some of the key findings from the report: […]
GitLab Code Execution Vulnerability (CVS 2023-2478)
maio 9, 2023
Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed a code execution vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) (CVE-2023-2478). Remote attackers with low privileges can add malicious Runners to any project of the instance through GraphQL endpoints, further exploiting the ability to execute arbitrary code or […]
Packet Forwarding Mode
maio 9, 2023
The packet Forwarding Mode is mainly used for debugging network faults. If this function is enabled, it indicates that the ADS device will directly forward network packets without any checks. The Packet Forwarding Enable feature can be reminded through the ADS webpage if this function is enabled. If you want to disable the packet forwarding […]
TA569 Suspected of Phishing Attack against Russia and Germany
maio 8, 2023
I. Overview On April 18, 2023, NSFOCUS Security Labs discovered a spear phishing attack against Russia during daily threat hunting. After correlation analysis of the event, NSFOCUS Security Labs confirmed that the attacker also launched a similar phishing attack against Germany. The active time of the attacker, the attack target, the type of tool used, […]
