According to Gartner’s supply chain security risk report in 2021[1], breaches of confidential or sensitive information constitute another major factor contributing to software supply chain risks. Hackers steal hard-coded credentials in source code, building logs, and infrastructure, such as API keys, encryption keys, tokens, and passwords, or locate vulnerabilities in a leaked software bill of […]

Overview On May 10, NSFOCUS CERT monitored that Microsoft had released a security update patch for May, which fixed 38 security issues, involving Win32k, Windows OLE, Microsoft SharePoint Server, Windows Pragmatic General Multicast (PGM) and other widely used products, including high-risk vulnerability types such as privilege enhancement and remote code execution. Among the vulnerabilities fixed […]

In the middle of April, NSFOCUS held a seminar on “Are You Ready for the Evolving DDoS Landscape?”. In the seminar, David Gao, Principal Security Solution Architect of NSFOCUS summarized the findings of the Global DDoS Attack Landscape in 2022 and gave his insights on the trends to help customers protect against the evolving DDoS attacks. Some topics […]

NSFOCUS is a leading provider of enterprise-level network security solutions and services. NSFOCUS has released the annual cybersecurity insights report in April, which analyzed the overall trends, threats, and challenges in the cyber landscape. The full NSFOCUS Cybersecurity Insights for 2022 report is available here. Here are some of the key findings from the report: […]

Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed a code execution vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) (CVE-2023-2478). Remote attackers with low privileges can add malicious Runners to any project of the instance through GraphQL endpoints, further exploiting the ability to execute arbitrary code or […]

I. Overview On April 18, 2023, NSFOCUS Security Labs discovered a spear phishing attack against Russia during daily threat hunting. After correlation analysis of the event, NSFOCUS Security Labs confirmed that the attacker also launched a similar phishing attack against Germany. The active time of the attacker, the attack target, the type of tool used, […]

CSBC, May 05, 2023, Sands Expo & Convention Centre, Singapore CyberSecurity Business Connect 2023 (CSBC), is an event organized by Ingram Micro to showcase and deliver a full spectrum of global technology and supply chain services to businesses around the world.  NSFOCUS participated in CSBC as Gold Sponsor, and announced the launch of our new […]

NSFOCUS at Cybersecurity Business Connect 2023 in Singapore Singapore, May 5, 2023 – NSFOCUS, a leading provider of network security solutions and services, has announced the launch of its new External Attack Surface Management (EASM) and Penetration Testing-as-a-Service (PTaaS) offerings at Cybersecurity Business Connect 2023 in Singapore, organized by Ingram Micro Asia Pte Ltd on […]

RSA Conference 2023 April 24-27, 2023 Moscone Center, San Francisco, CA

Background The customer is a leading integrated telecommunications services provider in Malaysia, offering a comprehensive range of communication services and solutions in fixed line, mobility, content, Wi-Fi, and smart services. Any cyber threat to the continuity and availability of business may bring huge economic losses and a reputation crisis. As cyber threats escalate and DDoS […]