A era digital trouxe uma explosão no volume de dados gerados, coletados e armazenados diariamente. Esse cenário levanta questões críticas sobre a privacidade de dados, que se tornou um tópico central nas discussões empresariais e legislativas. Neste artigo, exploraremos o mundo da privacidade de dados, sua importância, a relação com a LGPD (Lei Geral de […]
Overview Recently, NSFOCUS CERT detected that Oracle has released a security announcement, in which the remote code execution and denial of service vulnerabilities of Oracle WebLogic Server have been fixed. Affected users should take protective measures as soon as possible. CVE-2025-21535: When the T3/IIOP protocol is enabled, an unauthenticated attacker sends a special request to […]
Overview Recently, NSFOCUS CERT detected a security announcement issued by GitHub that fixed a search injection vulnerability (CVE-2025-23061) in Mongoose, which is an incomplete fix for CVE-2024-53900. Because Mongoose incorrectly handles the $where filter with match conditions in the populate() method, an unauthenticated attacker can manipulate a search injection when both queries are used, resulting […]
Overview Recently, NSFOCUS detected that Rsync issued a security announcement and fixed the buffer overflow and information leakage vulnerabilities in Rsync (CVE-2024-12084/CVE-2024-12085). The combination of the two vulnerabilities can realize remote code execution. Please take measures to protect them as soon as possible. CVE-2024-12084: There is a heap buffer overflow vulnerability in the Rsync daemon. […]
O termo ransomware é um tema frequente nas discussões sobre segurança cibernética. Trata-se de um tipo de malware que pode causar sérios danos a indivíduos e organizações, restringindo o acesso a dados vitais e sistemas inteiros. Neste artigo, vamos entender o que é ransomware, mitigações e formas de assegurar sua exposição. Continue a leitura! O […]
A Inteligência Artificial (IA) tem se tornado uma ferramenta essencial no dia a dia das empresas, revolucionando processos, melhorando a eficiência e oferecendo soluções inovadoras. No entanto, a implementação dessa tecnologia não vem sem desafios. Embora a IA traga benefícios consideráveis, é crucial que as empresas adotem precauções para garantir que seu uso seja seguro, […]
Overview On January 14, NSFOCUS CERT detected that Microsoft released a security update patch for January, which fixed 159 security problems in widely used products such as Windows, Microsoft Office, Microsoft Visual Studio, Azure, Microsoft Dynamics, and Microsoft Edge. This includes high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed […]
Overview Recently, NSFOCUS CERT detected that Fortinet has issued a security notification and fixed the identity authentication bypass vulnerability in FortiOS and FortiProxy (CVE-2024-55591). Unauthenticated attackers can bypass system identity authentication by sending special packets to the Node.js websocket module, thus obtaining super administrator permissions of the target system. The CVSS score is 9.8. At […]
Overview Recently, NSFOCUS detected that Ivanti issued a security announcement and fixed buffer overflow vulnerabilities (CVE-2025-0282) in several products of Ivanti. Due to the stack-based buffer overflow in Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways, an unauthenticated attacker can trigger a buffer overflow by sending specially crafted packets allowing arbitrary […]
Summarizing the past, embracing the future. Let’s take a recap at the key events of NSFOCUS WAF in 2024. Market Recognition Market share: From 2019 to 2023, NSFOCUS WAF has been ranked 1st in China’s WAF hardware market share. March 2024: Recognized by Forrester, a leading market research company, for our outstanding Bot Management capabilities. […]
