NSFOCUS

Google Chrome Skia Integer Overflow Vulnerability (CVS 2023-2136) Notice

abril 24, 2023

Overview Recently, NSFOCUS CERT found that Google officially fixed an integer overflow vulnerability in Chrome Skia (CVE-2023-2136). Due to a flaw in Skia, when the value exceeds the maximum limit of integer type due to arithmetic operations, an integer overflow will occur. The attacker triggers this vulnerability by inducing users to open a specially crafted […]

Who Will Be the Winner? – Top 10 Finalists at RSAC 2023 Innovation Sandbox at a Glance

abril 23, 2023

RSAC Innovation Sandbox contest 2023 will be held on April 24th at Moscone South, San Francisco. As the “Oscar of Cybersecurity,” the RSAC Innovation Sandbox contest is highly anticipated every year. Let’s take a look at the top 10 finalists this year.   Figure 1 The 2023 Top 10 Finalists The top 10 innovative sandbox […]

Looking Forward to Seeing You at RSAC 2023

abril 23, 2023

Moscone Center, South Hall, Booth # 4301 – San Francisco, CA, United States We are exhibiting at RSA Conference 2023. This is a great opportunity for you to network with cybersecurity’s forward-thinking global community and explore innovative, new technology. Connect with NSFOCUS executives and security experts to discuss how to manage unexpected risks with the best fit security […]

Oracle WebLogic Server Remote Code Execution Vulnerability (CVS 2023-21931) Notice

abril 21, 2023

Overview Recently, NSFOCUS CERT found that Oracle officially issued a security notice to fix a remote code execution vulnerability in Oracle WebLogic Server (CVE-2023-21931). Due to a flaw in the getObject Instance () method of the WLNamingManager class in WebLogic, in the default configuration, unauthenticated remote attackers can pass in specific objects through T3/IIOP, ultimately […]

Apache Solr Remote Code Execution Vulnerability (CNVD-2023-27598) Notice

abril 20, 2023

Overview Recently, NSFOCUS CERT found that the analysis article of Apache Solr remote code execution vulnerability was publicly disclosed on the Internet. When Solr is launched in cloud mode and can go offline, an unauthenticated remote attacker can execute arbitrary code on the target system by sending multiple specially crafted packets. Please take measures to […]

Google Chrome V8 Type Confusion Vulnerability (CVE-2023-2033) Notice

abril 19, 2023

Overview On April 17, NSFOCUS CERT found that Google officially fixed a Chrome V8 type confusion vulnerability (CVE-2023-2033). Due to flaws in the verification of the data type being used by the application, type confusion can occur during the process. Attackers can trigger this vulnerability by sending a crafted link that successfully induces users to […]

8 Potential Security Hazards of ChatGPT

abril 18, 2023

Summary OpenAI opened for testing ChatGPT on November 30, 2022, and since then, ChatGPT has become popular worldwide. ChatGPT, an AI-driven chat robot, has become the fastest-growing consumer application in the past two decades of internet development. But while it made a hit, ChatGPT also faces security risks in AI’s own data and models. Given […]

Troubleshooting Common Errors During NTA HA Configuration

abril 18, 2023

An HA switchover is initiated when: Common errors during HA configuration: 1. “The versions of the local and peer devices are different.” is displayed during configuration. Solution: Upgrade the devices and ensure that the versions of the two devices are the same. 2. “Failed to enable the HA SSH service on the peer end.” is […]

Microsoft’s April security update for multiple high-risk product vulnerabilities

abril 17, 2023

Overview NSFOCUS CERT recently monitored that Microsoft had released a security update patch for April, which fixed 97 security issues, involving Microsoft Word, Layer2 Tunneling Protocol, Microsoft Publisher, Windows Kernel and other widely used products, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed in Microsoft’s monthly updates […]

Key Technologies for Software Supply Chain Security—Detection Technique (Part 4)—Interactive Application Security Testing (IAST) and Fuzzing (Fuzz Testing)

abril 17, 2023

Interactive Application Security Testing (IAST) IAST is a new application security testing technique that has become popular in recent years and is recognized by Gartner as one of the top 10 technologies in the cybersecurity field. IAST works to constantly monitor and collect the traffic or codes inside when the application is running, and transfer […]

Search

Inscreva-se no Blog da NSFOCUS