In 2023, countries worldwide continued to strengthen their cybersecurity capabilities and systems in response to their national needs, using regulatory means to enhance their cybersecurity management. Based on continuous tracking and research, NSFOCUS summarized the development of global cybersecurity regulations and policies in 2023, providing a brief commentary and presenting NSFOCUS’s perspective on some important […]

In a recent achievement, the paper BABD: A Bitcoin Address Behavior Dataset for Pattern Analysis, a collaboration between the NSFOCUS research team and Professor Ren Wei’s team at the Computer School of China University of Geosciences, has been featured in the prestigious journal IEEE Transactions on Information Forensics and Security (TIFS). IEEE Transactions on Information […]

Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed an arbitrary file write vulnerability (CVE-2024-0402) in GitLab Community Edition (CE) and Enterprise Edition (EE). Due to path traversal issues, authenticated attackers can copy files to any location on the GitLab server when creating workspaces. The CVSS score is 9.9, affected […]

SANTA CLARA, Calif., January 25, 2024 – NSFOCUS, a leading innovator in cybersecurity solutions, is proud to announce the release of a cutting-edge Technical White Paper titled “Enhancing Network Security with Security Large Language Model (SecLLM).” This paper unveils NSFOCUS’s latest technology, developed through years of expertise in artificial intelligence and security, designed to revolutionize the landscape […]

Secure Boot lays the foundation for the security of the entire computer system. However, in practice, there are potential security risks in secure boot. I. Overview In the previous post “Secure Boot 101: Getting Started with Secure Boot”, we introduced several core concepts of Secure Boot. In reality, users’ computers are often encrypted, and using […]

Overview Recently, NSFOCUS CERT found that Oracle officially released a Critical Patch Update announcement (CPU) in January. A total of 413 vulnerabilities of different levels were fixed this time. This security update involves Oracle WebLogic Server, Oracle MySQL, Oracle Java SE, Oracle Fusion Middleware, Oracle HTTP Server and other commonly used products. Oracle strongly recommends […]

Overview On January 16, NSFOCUS CERT detected that Atlassian officially released a security announcement fixing the remote code execution vulnerability (CVE-2023-22522) in Confluence Data Center and Confluence Server. This vulnerability is caused by template injection. Unauthenticated attackers can inject malicious requests into Confluence pages to implement remote code execution on affected targets. The CVSS score […]

1. Introduction of the New Botnet RDDoS In early November 2023, NSFOCUS’s Global Threat Hunting System detected that an unknown elf file was spreading widely, which aroused our vigilance. After further analysis, we confirmed that this batch of elf samples belonged to a new botnet family. NSFOCUS Security Research Labs named the botnet Trojan as […]

Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed multiple security vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including two serious vulnerabilities. Affected users should take protective measures as soon as possible. CVE-2023-7028: In GitLab CE/EE, users can reset their passwords through the auxiliary email address. Due […]

Summarizing the past, embracing the future. Let’s take a look at the key events of NSFOCUS WAF in 2023. Market Recognition June 2023: NSFOCUS Tops China’s Hardware WAF Market for Four Consecutive Years in IDC market share research report on China’s hardware WAF market share; August 2023: Gartner named NSFOCUS a Representative Vendor of API […]