Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, which fixed an unauthorized access vulnerability in Gitlab EE. In some cases, remote attackers with low privileges can change the name or path of a public top-level group beyond their authority. The CVSS score is 8.0. Affected users should take measures as soon […]

Estar protegido contra malwares é fundamental devido às constantes ameaças que rondam o mundo digital. Mas você sabe o que é um malware? Quais os tipos que existem? E, principalmente, como proteger o seu negócio contra possíveis ataques? Continue a leitura e fortaleça a segurança dos dados para garantir uma boa experiência na era digital. […]

In the process of developing code, developers will worry about whether there are security problems in the image of code, dependencies and projects packaged. In the RSAC 2023 this year, David Melamed and Luke O’Malley recommended five open source security tools in their speech “5 Open Source Security Tools All Developers Should Know About”. When […]

Background NSFOCUS researchers detected a code poisoning attack against vulnerability researchers and red team members recently. Attackers use implanted malicious programs in multiple code repositories under the cover of two highly exploitable vulnerabilities of Linux and VMware exposed this year. Once a user downloads the code and compiles it locally, malicious code contained in the […]

Santa Clara, Calif. July 4, 2023 – We are thrilled to announce that NSFOCUS has been included as a Representative Vendor in Gartner Market Guide for Security Orchestration, Automation and Response Solutions again. It is the 2nd consecutive year for NSFOCUS to be listed in this report. This report provides a detailed analysis of the […]

Overview Recently, NSFOCUS CERT detected a vulnerability in Grafana’s authentication bypass (CVE-2023-3128). Azure AD can support multiple users with the same email address. When configuring Azure AD to support multiple users, unauthenticated attackers can exploit this vulnerability by creating malicious email account requests. Due to Grafana’s failure to uniquely authenticate Azure AD email accounts based […]

Overview Recently, NSFOCUS CERT found that VMware’s official security announcement disclosed multiple vulnerabilities in VMware vCenter Server, which could be used by attackers to cause remote code execution, cross-border write and read, etc. Currently, the official version has been updated and fixed. Affected users should take protective measures as soon as possible. Key Vulnerabilities vCenter […]

Você já recebeu um e-mail ou uma mensagem de texto informando que seus dados pessoais foram expostos por algum site ou aplicativo que você usa?  Se sim, você foi vítima de um vazamento de dados, situação cada vez mais comum na era digital. Mas o que isso significa e quais são as consequências para a […]

At the 2023 RSA conference, CISO and researchers from Virginia’s Department of Behavioral Health and Developmental Services shared a topic entitled ” Rise of the Machines: Achieving Data Security and Analytics with AI”. They proposed the use of artificial intelligence to rapidly synthesize “de-identified” data, thus avoiding significant resource consumption and human error. In this […]

Overview Recently, NSFOCUS CERT monitored that Fortinet officially fixed a Fortinet FortinaC remote code execution vulnerability (CVE-2023-33299). Unauthenticated remote attackers can exploit this vulnerability by sending a customized request to the service running on TCP port 1050, and an attacker who successfully exploits this vulnerability can execute arbitrary code on the target system. The CVSS […]