Security Researcher from NSFOCUS Security Labs to Speak at Black Hat 2022 Europe

dezembro 7, 2022 | Adeline Zhang

Gao Jian at NSFOCUS Security Labs was invited to speak at the Black Hat 2022 Europe held at ExCel London, United Kindom from December 5 to 8, 2022. Gao Jian specializes in industrial control system security, focusing on PLC and SCADA vulnerability exploitation and ICS security enhancement. He has helped many vendors, including Siemens, Codesys, […]

Google Chrome V8 Type Confusion Vulnerability (CVE-2022-4262) Alert

dezembro 6, 2022 | Jie Ji

Overview On December 5, NSFOCUS CERT found that Google officially released a type confusion vulnerability (CVE-2022-4262) in Google Chrome V8. A type confusion error occurs because a program uses one type of method to allocate or initialize a resource, such as a pointer, object, or variable, but then accesses that resource with another method that […]

Snapd Local Privilege Escalation Vulnerability (CVE-2022-3328)

dezembro 3, 2022 | Jie Ji

Overview On December 2, NSFOCUS CERT detected that Qualys released a local privilege escalation vulnerability (CVE-2022-3328) in Snapd. There is a conditional race vulnerability in the must_mkdir_and_open_with_perms() function in snap-confine, an attacker with normal user privileges can use Multipath Privilege Escalation Vulnerability (CVE-2022-41974) and Multipath Symbolic Link Vulnerability, bind the /tmp directory to any directory […]

Security Concept for Software Supply Chain (Part 1) — Transparency of Software Supply Chain Compositions

dezembro 2, 2022 | Adeline Zhang

Software supply chain security covers the whole software life cycle. In terms of software product complexity alone, apart from the software itself, it is necessary to ensure the security of the dependencies and transitive dependencies of software, as well as the security of the software ecosystem composed of these dependency chains. Especially regarding the issue […]

A Look at Qatar’s Infrastructure Construction Through Cyberspace Surveying and Mapping Technology

novembro 28, 2022 | Adeline Zhang

As the 2022 FIFA World Cup kicked off on Sunday, Nov 20, 2022, no country can be more notable than Qatar these days. In this article, we will get you familiar with the host nation Qatar, and show you its infrastructure construction level through analysis of cyberspace services. Qatar and the FIFA 2022 World Cup […]

The Increasingly Complex and Varied Vectors to Attack Software Supply Chain

novembro 23, 2022 | Adeline Zhang

Unlike vulnerability exploitation in products, attack vectors and implementation channels targeting the supply chain in the real environment are more diverse. Due to the advantages of low development cost, the widespread use of open-source components in projects has become the mainstream development method. The conflict between a rule-relaxed open community and limited maintenance resources provides […]

Atlassian Bitbucket Server and Data Center Command Injection Vulnerability (CVE-2022-43781) Alert

novembro 23, 2022 | Jie Ji

Overview Recently, NSFOCUS CERT found that Atlassian officially fixed a command injection vulnerability in Bitbucket Server and Data Center. Due to flaws in Bitbucket Server and Data Center, attackers with user name control rights can implement command injection through environment variables, and eventually cause commands to be executed arbitrarily on the system. The CVSS score […]

Apache Airflow Remote Code Execution Vulnerability (CVE-2022-40127)

novembro 22, 2022 | Jie Ji

Overview On November 21, NSFOCUS CERT discovered on Internet a PoC of a remote code execution vulnerability (CVE-2022-40127) in Apache Airflow. Due to the flaw in Example Dags in Apache Airflow, an attacker with UI access rights can use this vulnerability to trigger Dags, and then by manually providing the run_id parameter, attacker can execute […]

API Protection: The New Focus in the Web Application Firewall Market

novembro 21, 2022 | Adeline Zhang

Application programming interfaces (APIs) have become a role that can’t be ignored in digital transformation, whether in application modernization or agile business strategies. At the application development stage, APIs are standard service interfaces. When it comes to interfacing with third-party services, APIs are a common choice. In the microservice architecture, APIs are an integral part […]

NSFOCUS Named a Representative Vendor by Gartner® in the Report of Tool: Vendor Identification for Data Loss Prevention 2022

novembro 18, 2022 | Adeline Zhang

NSFOCUS has been recognized as one of the Representative Vendors in the Report of Tool: Vendor Identification for Data Loss Prevention 2022 1. The COVID-19 pandemic has accelerated the process of digital transformation. With the vigorous development of digital economy and information industry, the rapid implementation and application of 5G, zero trust, AI, and blockchain […]