Blog

Rsync Buffer Overflow and Information Disclosure Vulnerability (CVE-2024-12084/CVE-2024-12085) Notification

janeiro 17, 2025 | NSFOCUS

Overview Recently, NSFOCUS detected that Rsync issued a security announcement and fixed the buffer overflow and information leakage vulnerabilities in Rsync (CVE-2024-12084/CVE-2024-12085). The combination of the two vulnerabilities can realize remote code execution. Please take measures to protect them as soon as possible. CVE-2024-12084: There is a heap buffer overflow vulnerability in the Rsync daemon. […]

Uma imagem que ilustra o ransomware.

O que é Ransomware? Definição, prevenção e remoção

janeiro 16, 2025 | Eduardo Guerra

O termo ransomware é um tema frequente nas discussões sobre segurança cibernética.  Trata-se de um tipo de malware que pode causar sérios danos a indivíduos e organizações, restringindo o acesso a dados vitais e sistemas inteiros.  Neste artigo, vamos entender o que é ransomware, mitigações e formas de assegurar sua exposição. Continue a leitura! O […]

Imagem que ilustra funcionários usando inteligência artificial na empresa.

Inteligência Artificial nas Empresas: Quais Cuidados Adotar?

janeiro 16, 2025 | Eduardo Guerra

A Inteligência Artificial (IA) tem se tornado uma ferramenta essencial no dia a dia das empresas, revolucionando processos, melhorando a eficiência e oferecendo soluções inovadoras. No entanto, a implementação dessa tecnologia não vem sem desafios. Embora a IA traga benefícios consideráveis, é crucial que as empresas adotem precauções para garantir que seu uso seja seguro, […]

Microsoft’s January Security Update of High-Risk Vulnerabilities in Multiple Products

janeiro 16, 2025 | NSFOCUS

Overview On January 14, NSFOCUS CERT detected that Microsoft released a security update patch for January, which fixed 159 security problems in widely used products such as Windows, Microsoft Office, Microsoft Visual Studio, Azure, Microsoft Dynamics, and Microsoft Edge. This includes high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed […]

Fortinet OS & FortiProxy Authentication Bypass Vulnerability (CVE-2024-55591) Notification

janeiro 16, 2025 | NSFOCUS

Overview Recently, NSFOCUS CERT detected that Fortinet has issued a security notification and fixed the identity authentication bypass vulnerability in FortiOS and FortiProxy (CVE-2024-55591). Unauthenticated attackers can bypass system identity authentication by sending special packets to the Node.js websocket module, thus obtaining super administrator permissions of the target system. The CVSS score is 9.8. At […]

Alert of Buffer Overflow Vulnerabilities in Multiple Ivanti Products (CVE-2025-0282)

janeiro 10, 2025 | NSFOCUS

Overview Recently, NSFOCUS detected that Ivanti issued a security announcement and fixed buffer overflow vulnerabilities (CVE-2025-0282) in several products of Ivanti. Due to the stack-based buffer overflow in Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways, an unauthenticated attacker can trigger a buffer overflow by sending specially crafted packets allowing arbitrary […]

Key Events of 2024 for NSFOCUS WAF

janeiro 8, 2025 | NSFOCUS

Summarizing the past, embracing the future. Let’s take a recap at the key events of NSFOCUS WAF in 2024. Market Recognition Market share: From 2019 to 2023, NSFOCUS WAF has been ranked 1st in China’s WAF hardware market share. March 2024: Recognized by Forrester, a leading market research company, for our outstanding Bot Management capabilities. […]

Windows LDAP Denial of Service Vulnerability (CVE-2024-49113) Alert

janeiro 7, 2025 | NSFOCUS

Overview Recently, NSFOCUS CERT detected that the details of Windows LDAP remote code execution vulnerability (CVE-2024-49113) were disclosed. Due to an out-of-bounds read vulnerability in wldap32.dll of Windows LDAP service, an unauthenticated attacker can induce a target server (as an LDAP client) to initiate a query request to a malicious LDAP server controlled by the […]

Coming Soon! NSFOCUS Will Enhance DDoS Protection Capabilities in New Version of ADS Products

janeiro 3, 2025 | NSFOCUS

We are excited to announce the upcoming release of the ADS V4.5R90F06 version, which brings significant enhancements to our DDoS protection capabilities. The update focuses on bringing more precise DDoS mitigations. This new version improves existing algorithms with an emphasis on advanced technology and usability. Key New Features: 1. DNS Protection Enhancements: DNS Protection Algorithm […]

imagem para o artigo sobre o serviço de proteção contra riscos digitais.

Shining Moments for NSFOCUS DDoS Defense in 2024

dezembro 31, 2024 | NSFOCUS

January – Release of the 2023 Global DDoS Landscape Report In the 2023 Global DDoS Landscape Report, NSFOCUS proposed important insights on global DDoS threats. DDoS attacks have become an indispensable weapon in cyber warfare, attackers are gradually favoring the use of Virtual Private Server (VPS) as attack sources, and the DDoS attack mode has […]