Apache Dubbo Remote Code Execution Vulnerability (CVE-2022-39198) Notification

outubro 22, 2022 | Jie Ji

Overview On October 19, NSFOCUS CERT found that Apache issued a security notice to fix a remote code execution vulnerability (CVE-2022-39198) in Dubbo. Due to a deserialization vulnerability in Dubbo’s hessian-lite, an attacker can exploit this vulnerability to remotely execute arbitrary code on the target system. Relevant users are requested to take measures to protect […]

Software Supply Chain Security: Overview

outubro 21, 2022 | Adeline Zhang

Software supply chain security is one of the key considerations in modern supply chain security. NSFOCUS Security Labs has conducted long-term research on security of the software supply chain. We’d like to publish a series of posts to share our observations, explore security issues existing in the software supply chain, conclude the core concepts, technical […]

NSFOCUS Launches Cloud WAAP Service for APAC Region at GovWare 2022

outubro 18, 2022 | Adeline Zhang

Santa Clara, Calif. October 18, 2022  – NSFOCUS, a global provider of intelligent hybrid security solutions, today launched its Cloud Web application and API Protection (WAAP) service for the Asia Pacific Region at the GovWare Conference & Exhibition held at Sands Expo and Convention Centre in Singapore on 18-20 October 2022.  NSFOCUS at GovWare 2022 […]

Harry Potter’s Invisibility Cloak and Moody’s Eye: Software Defined Perimeter (SDP)

outubro 12, 2022 | Adeline Zhang

In the last series of popular science, we talked about Zero Trust Network Access (ZTNA) and learned the three critical technologies of zero trust—SDP, IAM and MSG. In this article, we will continue to introduce a security capability of NSFOCUS SASE – the SDP, one of the three major technologies. What is SDP? The SDP […]

NSFOCUS Included in the 2022 Gartner® Magic Quadrant for Cloud Web Application and API Protection in the Honorable Mentions Section

outubro 9, 2022 | Adeline Zhang

Santa Clara, Calif. October 9, 2022  – We are honored to announce that NSFOCUS was included in the Honorable Mentions section in the Gartner® Magic Quadrant for Cloud Web Application and API Protection report. According to Gartner, by 2026, 40% of organizations will select a WAAP provider on the basis of its advanced API protections […]

Security Knowledge Graph | Drawing Knowledge Graph of Software Supply Chain and Strengthening Risk Analysis

outubro 5, 2022 | Adeline Zhang

The security knowledge graph, a knowledge graph specific to the security domain, is the key to realizing cognitive intelligence in cyber security, and it also lays an indispensable technological foundation for dealing with advanced, continuous and complex threats and risks in cyberspace. NSFOCUS published a series of articles about the application of the security knowledge […]

Three Transformations of NSFOCUS ADS Solution

outubro 3, 2022 | Adeline Zhang

With the continuous transformation of telecommunication infrastructure in recent years, the popularization of 5G technology has promoted the sustainable and rapid growth of network bandwidth resources, and driven the rapid development of technologies such as big data, cloud computing, and the Internet of Things (IoT). However, due to security flaws, a large number of IoT […]

APT Group Gamaredon Intensifies Cyber Offensive in Ukraine (Part 2)

setembro 29, 2022 | Adeline Zhang

Part 1: APT Group Gamaredon Intensifies Cyber Offensive in Ukraine (Part 1) Type 2: Send malicious HTML attachments by masquerading notification emails The second type of attack activity Gamaredon mainly carried out is spear phishing emails. This is a new attack process that emerged in the second quarter of this year. Gamaredon attackers placed layers […]

APT Group Gamaredon Intensifies Cyber Offensive in Ukraine (Part 1)

setembro 28, 2022 | Adeline Zhang

Overview Beginning in the second quarter of this year, NSFOCUS Security Labs discovered that the APT group Gamaredon began frequently using a number of different types of attacks to conduct cyberattacks against military and police targets in Ukraine’s Kherson, Donetsk and other regions. In this attack cycle, Gamaredon mainly used attack tools such as malicious […]

Linux Kernel Privilege Escalation Vulnerability (CVE-2022-2588) Notification

setembro 27, 2022 | Jie Ji

Overview Recently, NSFOCUS CERT detected that a researcher disclosed an EXP that exists in the Linux kernel privilege escalation vulnerability (CVE-2022-2588) on the Internet. Due to improper operation of the route4_filter linked list, there is a use-after-free vulnerability in the route4_change function of the net/schedule/cls_route.c filter. By exploiting this vulnerability, a local attacker with general […]

Procurar