The Network Security Business System of Low-altitude Economy
fevereiro 1, 2025
Previous post on security risks of low-altitude Economy: https://nsfocusglobal.com/security-risks-of-low-altitude-economy How to construct a comprehensive network security business system in the field of low-altitude economy? The purpose of network data security is to prevent leakage, resist attack and protect system and privacy. The operation of the low-altitude connection system contains massive information and data, so it […]
The Undercurrent Behind the Rise of DeepSeek: DDoS Attacks in the Global AI Technology Game
janeiro 31, 2025
Background The rise of DeepSeek is undoubtedly a milestone in the development of AI technology in China. As a representative AI enterprise, DeepSeek has not only made breakthrough progress in technological innovation and commercial application, but also demonstrated the outstanding strength and great potential of Chinese technology enterprises in the global AI competition. However, as […]
Security Risks of Low-altitude Economy
janeiro 28, 2025
The low-altitude economy is becoming an important force to promote economic growth by virtue of its innovative ability and huge development potential. From UAV logistics distribution to urban air traffic, from emergency rescue to aerial photography and mapping, the application scenarios of low-altitude economy have been continuously expanded, and the market scale has been expanding […]
Oracle WebLogic Server Remote Code Execution and Denial of Service Vulnerability (CVE-2025-21535/CVE-2025-21549)
janeiro 23, 2025
Overview Recently, NSFOCUS CERT detected that Oracle has released a security announcement, in which the remote code execution and denial of service vulnerabilities of Oracle WebLogic Server have been fixed. Affected users should take protective measures as soon as possible. CVE-2025-21535: When the T3/IIOP protocol is enabled, an unauthenticated attacker sends a special request to […]
MongoDB Mongoose Search Injection Vulnerability (CVE-2025-23061)
janeiro 21, 2025
Overview Recently, NSFOCUS CERT detected a security announcement issued by GitHub that fixed a search injection vulnerability (CVE-2025-23061) in Mongoose, which is an incomplete fix for CVE-2024-53900. Because Mongoose incorrectly handles the $where filter with match conditions in the populate() method, an unauthenticated attacker can manipulate a search injection when both queries are used, resulting […]
NSFOCUS Included in External Threat Intelligence Service Providers Landscape Q1 2025
janeiro 20, 2025
Santa Clara, Calif. January 20, 2025 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced that it has been included in the Forrester report, The External Threat Intelligence Service Providers Landscape, Q1 2025 among Notable Providers recently. This is the second time for NSFOCUS to be included in this report, as we have […]
Rsync Buffer Overflow and Information Disclosure Vulnerability (CVE-2024-12084/CVE-2024-12085) Notification
janeiro 17, 2025
Overview Recently, NSFOCUS detected that Rsync issued a security announcement and fixed the buffer overflow and information leakage vulnerabilities in Rsync (CVE-2024-12084/CVE-2024-12085). The combination of the two vulnerabilities can realize remote code execution. Please take measures to protect them as soon as possible. CVE-2024-12084: There is a heap buffer overflow vulnerability in the Rsync daemon. […]
Microsoft’s January Security Update of High-Risk Vulnerabilities in Multiple Products
janeiro 16, 2025
Overview On January 14, NSFOCUS CERT detected that Microsoft released a security update patch for January, which fixed 159 security problems in widely used products such as Windows, Microsoft Office, Microsoft Visual Studio, Azure, Microsoft Dynamics, and Microsoft Edge. This includes high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed […]
Fortinet OS & FortiProxy Authentication Bypass Vulnerability (CVE-2024-55591) Notification
janeiro 16, 2025
Overview Recently, NSFOCUS CERT detected that Fortinet has issued a security notification and fixed the identity authentication bypass vulnerability in FortiOS and FortiProxy (CVE-2024-55591). Unauthenticated attackers can bypass system identity authentication by sending special packets to the Node.js websocket module, thus obtaining super administrator permissions of the target system. The CVSS score is 9.8. At […]
Alert of Buffer Overflow Vulnerabilities in Multiple Ivanti Products (CVE-2025-0282)
janeiro 10, 2025
Overview Recently, NSFOCUS detected that Ivanti issued a security announcement and fixed buffer overflow vulnerabilities (CVE-2025-0282) in several products of Ivanti. Due to the stack-based buffer overflow in Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways, an unauthenticated attacker can trigger a buffer overflow by sending specially crafted packets allowing arbitrary […]
