Mirai Botnet’s New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught
outubro 3, 2023
I. Abstract In September 2023, NSFOCUS global threat hunting system monitored several new botnet variant families developed based on Mirai, among which hailBot, kiraiBot and catDDoS are the most active, are accelerating their spread, and are widely deployed, which has constituted a considerable threat. Through this article, we will disclose the technical details of these […]
Google Chrome Heap Buffer Overflow Vulnerability (CVE-2023-5217) Notification
outubro 1, 2023
Overview Recently, NSFOCUS CERT found that Google officially fixed a zero-day exploit (CVE-2023-5217), which was caused by the heap buffer overflow in the VP8 encoding of the open source libvpx video codec library. An attacker could use this vulnerability to execute arbitrary code on the target system. At present, this vulnerability has been exploited in […]
JumpServer Multiple Security Vulnerabilities Notification
setembro 28, 2023
Overview Recently, NSFOCUS CERT monitored that JumpServer officially issued a notice to fix multiple security vulnerabilities. The vulnerabilities are detailed below. JumpServer Reset Password Vulnerability (CVS 2023-42820): There is a password reset vulnerability in JumpServer, as third-party libraries expose random seed numbers to APIs, which may cause random verification codes to be replayed. Unauthenticated remote […]
Introduction to NSFOCUS WAF Website Group Health Check
setembro 28, 2023
The Website Group Health Check feature at Security Management -> Website Protection -> Root -> Website Group Health Check -> One-Click Check helps users to check whether the website group policies are working as configured and identify potential issues of site configuration compiling. For example, if users change any current website policy during the period […]
Google LibWebP Arbitrary Code Execution Vulnerability (CVE-2023-5129) Notification
setembro 27, 2023
Overview Recently, NSFOCUS CERT found that Google officially fixed a heap buffer overflow vulnerability (CVE-2023-4863). Due to a flaw in the WebP module, an attacker triggered the vulnerability by inducing users to visit a malicious website, which ultimately led to arbitrary code execution on the target system. At present, it has been detected that the […]
Warning: Newly Discovered APT Attacker AtlasCross Exploits Red Cross Blood Drive Phishing for Cyberattack
setembro 25, 2023
I. Abstract NSFOCUS Security Labs recently discovered a new attack process based on phishing documents in their daily threat-hunting operations. Delving deeper into this finding through extensive research, they confirmed two new Trojan horse programs and many rare attack techniques and tactics. NSFOCUS Security Labs believes that this new attack process comes from a new […]
Apple Multiple Product Security Vulnerabilities Notification
setembro 22, 2023
Overview Recently, NSFOCUS CERT has detected that Apple has officially fixed three zero-day exploit in multiple products. These vulnerabilities exist in the wild. Affected users should take protective measures as soon as possible. The details of the vulnerability are as follows: Apple WebKit Arbitrary Code Execution Vulnerability (CVS 2023-41993): There is an arbitrary code execution […]
Unlocking the Future of Cybersecurity: Meet Us at GovWare 2023
setembro 22, 2023
Today’s ever-evolving digital landscape presents unparalleled opportunities alongside formidable cybersecurity challenges, making the security of organizations’ networks and applications more crucial. As a global network and cyber security leader, we’re excited to invite you to join us at GovWare 2023, a pivotal event held at the Sands Expo and Convention Centre in Singapore from October […]
GitLab Unauthorized Call Vulnerability (CVC-2023-5009) Notification
setembro 21, 2023
Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed an unauthorized call vulnerability in GitLab Enterprise Edition (EE). The vulnerability is a bypass of CVE-2023-3932. An attacker with low privileges can abuse the scan execution policy to run pipelines without the user’s consent. Successful exploitation of this vulnerability may allow […]
Feature Adaptations on Slave ADSM in a High Availability Environment
setembro 15, 2023
Sometimes, to ensure continuous business operations in the event of equipment failure, it is a common practice to configure High Availability (HA) using two ADSM devices. You can configure High Availability (HA) in ADSM by navigating to Administration > Local Settings > HA Configuration. Master: Slave: The master handles all services and periodically synchronizes heartbeat […]
