A Revolutionary Security Architecture Empowers ISPs, MSSPs and Hosting Providers To Deliver SOC-as-a-Service To Customers Santa Clara, Calif. April 26, 2023 – NSFOCUS, a leading provider of network security solutions and services, is proud to announce the launch of NSFOCUS T-ONE CLOUD, a cutting-edge security architecture designed specifically for Internet Service Providers (ISPs), Managed Security Service […]

What happened In March 2023, NSFOCUS security team blocked the worst DDoS attack of the year. The attack was targeted at an Internet service provider customer located in Brazil, with a peak attack traffic of 386.5 Gbps and astonishing total attack traffic of 1184.4 Tbps. This large-scale DDoS attack lasted for 8 days, posing huge […]

Overview Recently, NSFOCUS CERT found that Spring officially issued a security notice, which fixed a Spring Boot authentication bypass vulnerability (CVE-2023-20873). When Spring Boot is deployed to Cloud Foundry and there is code/cloudFoundryapplication/* * that can handle matching requests, and used in conjunction with a catch all request mapping that matches/* *, unauthenticated remote attackers […]

Overview Recently, NSFOCUS CERT found that an Apache Druid remote code execution vulnerability was publicly disclosed online. Under default configuration, Apache Druid supports loading data from Kafka. Unauthenticated remote attackers can implement JNDI injection attacks by modifying Kafka connection configuration properties, ultimately leading to the execution of arbitrary code on the server. Affected users should […]

Overview Recently, NSFOCUS CERT found that Google officially fixed an integer overflow vulnerability in Chrome Skia (CVE-2023-2136). Due to a flaw in Skia, when the value exceeds the maximum limit of integer type due to arithmetic operations, an integer overflow will occur. The attacker triggers this vulnerability by inducing users to open a specially crafted […]

RSAC Innovation Sandbox contest 2023 will be held on April 24th at Moscone South, San Francisco. As the “Oscar of Cybersecurity,” the RSAC Innovation Sandbox contest is highly anticipated every year. Let’s take a look at the top 10 finalists this year.   Figure 1 The 2023 Top 10 Finalists The top 10 innovative sandbox […]

Moscone Center, South Hall, Booth # 4301 – San Francisco, CA, United States We are exhibiting at RSA Conference 2023. This is a great opportunity for you to network with cybersecurity’s forward-thinking global community and explore innovative, new technology. Connect with NSFOCUS executives and security experts to discuss how to manage unexpected risks with the best fit security […]

Overview Recently, NSFOCUS CERT found that Oracle officially issued a security notice to fix a remote code execution vulnerability in Oracle WebLogic Server (CVE-2023-21931). Due to a flaw in the getObject Instance () method of the WLNamingManager class in WebLogic, in the default configuration, unauthenticated remote attackers can pass in specific objects through T3/IIOP, ultimately […]

Overview Recently, NSFOCUS CERT found that the analysis article of Apache Solr remote code execution vulnerability was publicly disclosed on the Internet. When Solr is launched in cloud mode and can go offline, an unauthenticated remote attacker can execute arbitrary code on the target system by sending multiple specially crafted packets. Please take measures to […]

Overview On April 17, NSFOCUS CERT found that Google officially fixed a Chrome V8 type confusion vulnerability (CVE-2023-2033). Due to flaws in the verification of the data type being used by the application, type confusion can occur during the process. Attackers can trigger this vulnerability by sending a crafted link that successfully induces users to […]