Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed a code execution vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) (CVE-2023-2478). Remote attackers with low privileges can add malicious Runners to any project of the instance through GraphQL endpoints, further exploiting the ability to execute arbitrary code or […]

I. Overview On April 18, 2023, NSFOCUS Security Labs discovered a spear phishing attack against Russia during daily threat hunting. After correlation analysis of the event, NSFOCUS Security Labs confirmed that the attacker also launched a similar phishing attack against Germany. The active time of the attacker, the attack target, the type of tool used, […]

CSBC, May 05, 2023, Sands Expo & Convention Centre, Singapore CyberSecurity Business Connect 2023 (CSBC), is an event organized by Ingram Micro to showcase and deliver a full spectrum of global technology and supply chain services to businesses around the world.  NSFOCUS participated in CSBC as Gold Sponsor, and announced the launch of our new […]

NSFOCUS at Cybersecurity Business Connect 2023 in Singapore Singapore, May 5, 2023 – NSFOCUS, a leading provider of network security solutions and services, has announced the launch of its new External Attack Surface Management (EASM) and Penetration Testing-as-a-Service (PTaaS) offerings at Cybersecurity Business Connect 2023 in Singapore, organized by Ingram Micro Asia Pte Ltd on […]

A segurança cibernética é uma preocupação crescente para empresas de todos os tamanhos. Com a expansão dos aplicativos web, a necessidade de protegê-los de ataques cibernéticos também cresceu. Nesse contexto, está o Cloud WAF (Web Application Firewall), ferramenta de segurança que oferece proteção em tempo real contra ameaças cibernéticas, como SQL injection e cross-site scripting […]

RSA Conference 2023 April 24-27, 2023 Moscone Center, San Francisco, CA

Background The customer is a leading integrated telecommunications services provider in Malaysia, offering a comprehensive range of communication services and solutions in fixed line, mobility, content, Wi-Fi, and smart services. Any cyber threat to the continuity and availability of business may bring huge economic losses and a reputation crisis. As cyber threats escalate and DDoS […]

ChatGPT is like a bomb in the Artificial Intelligence (AI) world, causing vibrations that have gradually spread to various industries. Against the backdrop of the widespread application of AI, why can ChatGPT still stand out and become the new top stream of popular discussion? After analyzing the core of ChatGPT, it is not difficult to […]

On the afternoon of April 24, 2023, RSA Conference announced the winner of the innovation sandbox contest this year, and HiddenLayer, an AI security vendor, was crowned the Most Innovative Startup 2023. Starting from HiddenLayer, the innovative sandbox champion, this article will further interpret and explore AI security. Figure 1. HiddenLayer Won the Most Innovative […]

Overview Recently, NSFOCUS CERT found that Strapi has officially issued a security notice, which fixes several Strapi security vulnerabilities. Due to a flaw in the Strapi system, when there are any entries created or updated by super administrator users on publicly accessed entries, attackers can execute arbitrary code on the target system by combining the […]