Overview Affected by many factors, Pakistan has long suffered from serious local terrorism threats. The country has also taken counter-terrorism as an important national security strategy. In the second half of 2022, the Pakistani security forces carried out many intelligence-based operations (IBO) in Baluchistan, Khyber and North Waziristan, and killed many terrorists. Pakistan’s recent high-profile […]

The three concepts, transparency of software supply chain, assessable capabilities of software supply chain security, and trusted software supply chain, are closely related to the ability of end users to conduct security checks and assessments for the software supply chain, including: 1. Basic assessment of software composition security Upstream and downstream companies can provide end […]

Overview Recently, NSFOCUS CERT found that security teams overseas publicly disclosed the technical details of the exploit chain for Exchange Server vulnerabilities. An authenticated remote attacker exploits an Exchange Server privilege escalation vulnerability (CVE-2022-41080) to gain permission to execute PowerShell in the context of the system on an endpoint Outlook Web Application (OWA). An attacker […]

A crop of multi-level upstream and downstream security problems makes software supply chain (SSC) security more complex.  It is difficult to assess and control the security of the whole chain only depending on companies, but it is necessary to strengthen the security supervision of the supply chain products, provide companies SBOM hosting and trusted certification […]

Overview On December 26, 2022, NSFOCUS CERT detected multiple security vulnerabilities in Linux Kernel released online, relevant users are requested to take protective measures as soon as possible. Linux Kernel Remote Code Execution Vulnerability (CVE-2022-47939): A remote code execution vulnerability exists in Linux Kernel SMB2_TREE_DISCONNECT command processing. Due to the lack of verification of the […]

From December 5, 2022 to December 18, 2022, NSFOCUS Security Labs found activity clues of 66 APT groups, 3 malware families (MoonBounce Trojans, Razy Trojans and the CoinMinder), and 509 threat actors targeting critical infrastructure. APT Groups Among the 66 discovered APT groups, the APT28 affected the most significant number of hosts from December 5 […]

Santa Clara, Calif. Dec 23, 2022 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced today that it has attained ISO 22301:2019 Business Continuity Management System (BCMS) certification. ISO 22301 is an international standard for business continuity. It specifies the requirements for a management system to protect against, reduce the likelihood of occurrence, […]

From November 21, 2022 to December 4, 2022, NSFOCUS Security Labs found activity clues of 60 APT groups, 2 malware families (Mozi ransomware and Banload Trojan horse), and 510 threat actors targeting critical infrastructure. APT Groups Among the 60 discovered APT groups, the APT group Outlaw affected the most significant number of hosts from November […]

Overview On December 14, NSFOCUS CERT detected that Citrix officially released a remote code execution vulnerability (CVE-2022-27518) in Citrix ADC and Gateway. Due to deficiencies in the system’s control over the lifecycle of resources, an unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on a target system when Citrix ADC and Citrix […]

To deal with threats from supply chains and ensure the security of their own IT infrastructure, companies shall set a list of software compositions to sort out the supply chain products, identify and manage key software suppliers, control security risks through security assessments at all stages of the life cycle of supply chains, and reduce […]