Overview Recently, NSFOCUS CERT detected that GitLab issued a security announcement and fixed the identity bypass vulnerability (CVE-2024-6385) in GitLab Community Edition (CE) and Enterprise Edition (EE). Due to the incomplete fixing of CVE-2024-5655, if the target branch has been deleted, when the target Gitlab repository merges the Merge Request controllable by attackers, The Pipeline […]

Overview On July 10, NSFOCUS CERT detected that Microsoft released a security update patch for July, which fixed 139 security issues involving Windows, Microsoft SQL Server, Microsoft Office, Azure and other widely used products, including high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed in Microsoft’s monthly update this month, […]

SANTA CLARA, Calif., July 12, 2024 — NSFOCUS is honored to announce that its Large Model Empowered Security Operations case has been featured in the 2024 Case Studies of Demonstration Application for Foundation Models at the World Artificial Intelligence Conference (WAIC). This prestigious recognition highlights NSFOCUS’s pioneering efforts in AI-driven cybersecurity solutions. The Case Studies, […]

Em meio ao cenário dinâmico de segurança cibernética, as organizações enfrentam um desafios cada vez maiores. A necessidade de proteger ativos de dados críticos e atender aos requisitos de conformidade é mais crucial do que nunca. Nesse contexto, o RSAS (Sistema de Avaliação de Segurança Remota) da NSFOCUS se destaca como uma importante ferramenta para […]

Overview Recently, NSFOCUS CERT detected that GeoServer and GeoTools issued security announcements and fixed the XPath expression injection vulnerability in GeoServer and GeoTools (CVE-2024-36404). As the GeoTools library API called by GeoServer will pass the attribute name of element type to commons-jxpath library in an insecure manner, this library can execute arbitrary code when parsing […]

Overview Recently, NSFOCUS CERT detected that OpenSSH issued a security announcement and fixed the remote code execution vulnerability of OpenSSH (CVE-2024-6387). Due to a signal handler race condition issue in OpenSSH Server (sshd) under the default configuration, if the client does not authenticate within seconds of LoginGraceTime (120 seconds by default and 600 seconds in […]

SANTA CLARA, Calif., July 01, 2024 — IDC, a leading global IT market research and consulting company, recently released IDC MarketScape: China’s Extended Detection and Response Platform 2024 Vendor Assessment (Doc# CHC51540824, June 2024, hereinafter referred to as the “Report”) to provide in-depth analysis and assessment of the XDR market trends, technological developments, and major […]

BEIJING, CHINA, June 28, 2024 – NSFOCUS, a leading global cybersecurity solution provider with over 20 years of industry experience, has been honored with the prestigious Frost & Sullivan 2024 Best Practices Award for its managed detection and response (MDR) services. This accolade recognizes NSFOCUS’s outstanding performance and innovation in the cybersecurity market. As cybersecurity […]

A segurança de rede é fundamental para a proteção dos negócios. Por isso, estar por dentro de todas as informações essenciais é fundamental para mantê-la sempre protegida. Neste guia, você encontrará o que precisa para manter a segurança da rede da sua empresa e conhecerá soluções efetivas, como a da NSFOCUS, para garantir que todos […]

SANTA CLARA, Calif., June 26, 2024 — At the 16th Information Security Forum and 2024 RSAC Hot Topics Seminar held on June 7, 2024, Richard Zhao, Chief Operating Officer of International Business at NSFOCUS, presented the new picture of cybersecurity in the post-cloud era with his professional insights. Key Highlights Richard’s speech focused on three […]