Blog

JumpServer Multiple Security Vulnerabilities Notification

setembro 28, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT monitored that JumpServer officially issued a notice to fix multiple security vulnerabilities. The vulnerabilities are detailed below. JumpServer Reset Password Vulnerability (CVS 2023-42820): There is a password reset vulnerability in JumpServer, as third-party libraries expose random seed numbers to APIs, which may cause random verification codes to be replayed. Unauthenticated remote […]

Google LibWebP Arbitrary Code Execution Vulnerability (CVE-2023-5129) Notification

setembro 27, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT found that Google officially fixed a heap buffer overflow vulnerability (CVE-2023-4863). Due to a flaw in the WebP module, an attacker triggered the vulnerability by inducing users to visit a malicious website, which ultimately led to arbitrary code execution on the target system. At present, it has been detected that the […]

Warning: Newly Discovered APT Attacker AtlasCross Exploits Red Cross Blood Drive Phishing for Cyberattack

setembro 25, 2023 | NSFOCUS

I. Abstract NSFOCUS Security Labs recently discovered a new attack process based on phishing documents in their daily threat-hunting operations. Delving deeper into this finding through extensive research, they confirmed two new Trojan horse programs and many rare attack techniques and tactics. NSFOCUS Security Labs believes that this new attack process comes from a new […]

Apple Multiple Product Security Vulnerabilities Notification

setembro 22, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT has detected that Apple has officially fixed three zero-day exploit in multiple products. These vulnerabilities exist in the wild. Affected users should take protective measures as soon as possible. The details of the vulnerability are as follows: Apple WebKit Arbitrary Code Execution Vulnerability (CVS 2023-41993): There is an arbitrary code execution […]

GitLab Unauthorized Call Vulnerability (CVC-2023-5009) Notification

setembro 21, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed an unauthorized call vulnerability in GitLab Enterprise Edition (EE). The vulnerability is a bypass of CVE-2023-3932. An attacker with low privileges can abuse the scan execution policy to run pipelines without the user’s consent. Successful exploitation of this vulnerability may allow […]

Uma imagem que ilustra um cadeado em cima de um teclado de notebook.

Privacidade de dados: como proteger a sua empresa?

setembro 18, 2023 | Eduardo Guerra

A era digital trouxe uma explosão no volume de dados gerados, coletados e armazenados diariamente. Esse cenário levanta questões críticas sobre a privacidade de dados, que se tornou um tópico central nas discussões empresariais e legislativas.  Neste artigo, exploraremos o mundo da privacidade de dados, sua importância, a relação com a LGPD (Lei Geral de […]

Adobe Acrobat and Reader Arbitrary Code Execution Vulnerability (CVE-2023-26369) Notification

setembro 15, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT monitored Adobe’s official security announcement and fixed an arbitrary code execution vulnerability (CVE-2023-26369). Due to a cross-border write flaw, an unauthenticated attacker could finally execute arbitrary code on the target system by exploiting this vulnerability. This vulnerability is being exploited in the wild. Affected users should take protective measures as soon […]

Microsoft September Security Updates for Multiple High-Risk Product Vulnerabilities

setembro 15, 2023 | NSFOCUS

Overview On September 13, NSFOCUS CERT found that Microsoft had released a security update patch for September, fixing 61 security issues, involving Microsoft SharePoint Server, Visual Studio, Internet Connection Sharing (ICS), Microsoft Azure Kubernetes Service, Microsoft Exchange and other widely used products, including high-risk vulnerability types such as privilege enhancement, remote code execution, etc. Among […]

NSFOCUS Ranked No. 2 in China Network Detection and Response Market 2022

setembro 14, 2023 | NSFOCUS

IDC has recently published its China Network Detection and Response (NDR) Market Report for 2022, which provides a comprehensive analysis of the market development, functions, and technologies pertaining to Network Detection and Response (NDR) products. The report specifically focuses on identifying and highlighting the leading NDR vendors in the industry. According to IDC’s estimates, NSFOCUS […]

Google Chrome Heap Buffer Overflow Vulnerability (CVS 2023-4863) Notification

setembro 13, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT found that Google officially fixed a heap buffer overflow vulnerability (CVE-2023-4863). Due to a flaw in the WebP module, an attacker triggered the vulnerability by inducing users to visit a malicious website, which ultimately led to arbitrary code execution on the target system. At present, it has been detected that the […]