O mundo digital está constantemente sob ameaça de um dos mais perigosos golpes cibernéticos: o phishing.  Trata-se de uma técnica maliciosa utilizada por cibercriminosos para enganar usuários e obter informações pessoais e sensíveis. Vamos explorar o que é, como funciona e como se proteger desses ataques. Continue a leitura! O que é Phishing?  Phishing é […]

In the digital age, Web application and API security (WAAP) has demonstrated the importance of the development of the web application and API economy, and it is becoming the new standard of the next generation of WAF. WAAP is essential in today’s digital environment. As organizations increasingly rely on web applications and APIs to support […]

The Future of Data Protection: The Emergence of Confidential Computing In today’s information age, data has become an invaluable resource ubiquitous across various sectors, from financial institutions to healthcare and scientific research. However, as data continues to grow, concerns about data privacy and security become increasingly prominent. Incidents of data breaches, hacking, and misuse of […]

O termo ransomware é um tema frequente nas discussões sobre segurança cibernética.  Trata-se de um tipo de malware que pode causar sérios danos a indivíduos e organizações, restringindo o acesso a dados vitais e sistemas inteiros.  Neste artigo, vamos entender o que é ransomware, mitigações e formas de assegurar sua exposição. Continue a leitura! O […]

Overview Recently, NSFOCUS CERT found that Apache Arrow issued a security notice, which fixed an arbitrary code execution vulnerability in the PyArrow library (CVE-2023-47248). Due to PyArrow reading Arrow IPC, Feather, or Parquet data from untrusted sources, PyExtensionType creates an automatic loading feature that allows for deserialization of data from non PyArrow sources. When using […]

“My ChatGPT isn‘t working properly.“ “I can’t log in, and it’s not responding at all.” Just as OpenAI released a series of new features recently, ChatGPT experienced prolonged service disruptions last Wednesday. Subsequently, OpenAI issued a statement revealing that they were facing periodic outages across ChatGPT and the API due to a reflective Distributed Denial […]

O mercado de serviços de proteção contra ataques de negação de serviço distribuídos, ou Anti-DDoS – possui um grande foco na mitigação de ataques direcionados à camada de rede da infraestrutura das empresas. Neste tipo de ataque, os vetores infectados são utilizados comumente para gerar requisições sem objetivo de comunicação concreta, com o intuito de […]

Overview In 2022, NSFOCUS Research Labs revealed a large-scale APT attack campaign called DarkCasino and identified an active and dangerous aggressive threat actor. By continuously tracking and in-depth study of the attacker’s activities, NSFOCUS Research Labs has ruled out its link with known APT groups, confirmed its high-level persistent threat nature, and following the operational […]

Establishing a Software Supply Chain Asset Register An organization’s products and services are diverse and complex. By establishing a software supply chain asset register, you can have a clear understanding of the supply chain relationships within your organization. The organization needs to create a comprehensive inventory of suppliers, software, tools, services, and upstream and downstream […]

NSFOCUS’s Next-Generation WAF addresses various threats faced by users, such as web vulnerability exploitation, resource abuse, and resource access control. It provides a comprehensive solution that includes traditional WAF functionality, bot traffic management, API security, and DDoS protection, all integrated into one coherent system. The upgraded system architecture ensures the security of web applications, business […]