Blog

Microsoft’s April security update for multiple high-risk product vulnerabilities

abril 17, 2023 | NSFOCUS

Overview NSFOCUS CERT recently monitored that Microsoft had released a security update patch for April, which fixed 97 security issues, involving Microsoft Word, Layer2 Tunneling Protocol, Microsoft Publisher, Windows Kernel and other widely used products, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed in Microsoft’s monthly updates […]

Key Technologies for Software Supply Chain Security—Detection Technique (Part 4)—Interactive Application Security Testing (IAST) and Fuzzing (Fuzz Testing)

abril 17, 2023 | NSFOCUS

Interactive Application Security Testing (IAST) IAST is a new application security testing technique that has become popular in recent years and is recognized by Gartner as one of the top 10 technologies in the cybersecurity field. IAST works to constantly monitor and collect the traffic or codes inside when the application is running, and transfer […]

Multiple Security Vulnerability Notification on Apple Products

abril 14, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT has detected that Apple has officially fixed the security vulnerabilities of several products. Please take protective measures as soon as possible. The details of the vulnerability are as follows: Apple IOSurfaceAccelerator privilege escalation vulnerability (CVS 2023-28206): There is an out of bounds write vulnerability in Apple IOSurfaceAccelerator, which allows unauthenticated attackers […]

Top 7 Cybersecurity Predictions in 2023

abril 13, 2023 | NSFOCUS

With the rapid development of cyberspace technology, network security is a topic that cannot be ignored while people maintain interoperability. Through the analysis of emergency response events recorded by NSFOCUS, we have summarized the development trends of network threats and would like to share the top seven predictions we discovered to look ahead to the […]

Key Technologies for Software Supply Chain Security – Detection Technique (Part 3) – Dynamic Application Security Testing (DAST)

abril 10, 2023 | NSFOCUS

In actual attack scenarios, when the source code is often unavailable, a white-box-based model is used to analyze software vulnerabilities. Hackers mostly conduct black-box scans against running systems or services, looking for possible vulnerabilities to attack. DAST simulates a hacker’s attack using an outside-in detection technique on systems or services at runtime to detect possible […]

NSFOCUS Featured in Frost Radar™ Cloud-native Application Protection Platforms, 2022

abril 5, 2023 | NSFOCUS

Santa Clara, Calif. April 5, 2023 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced that it has been featured in Frost Radar™: Cloud-Native Application Protection Platforms (CNAPP). In this report, Frost & Sullivan identifies NSFOCUS and other 14 other companies as the powerhouses that are dominating and shaping the CNAPP market. NSFOCUS […]

Key Technologies for Software Supply Chain Security – Detection Techniques (Part 2) – Static Application Security Testing (SAST)

abril 4, 2023 | NSFOCUS

NSFOCUS Security Labs is keeping an eye out for the trends in supply chain security and is pleased to share observations and thoughts with our blog readers. You will see the links for more posts we published about software supply chain security at the end of the article. From the perspective of the software life cycle, the […]

NSFOCUS Included in Forrester External Threat Intelligence Service Providers Landscape Q1 2023

março 31, 2023 | NSFOCUS

Santa Clara, Calif. March 31, 2023 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced that it has been included in Forrester The External Threat Intelligence Service Providers Landscape, Q1 2023 report as a Notable Provider recently. In the main trend, the report[1] says, “The evolving nature of threats is expanding use cases […]

Sudo Permission Elevation Vulnerability (CVE-2023-22809) Notification

março 31, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT found that the analysis article and ExP of Sudo privilege enhancement vulnerability (CVE-2023-22809) were publicly disclosed online. Since sudoedit in Sudo has a flaw in handling additional parameters passed in user provided environment variables such as SUDO_EDITOR, VISUAL, and EDITOR., when a user specified editor contains a “–” parameter that bypasses […]

MiniO Information Disclosure Vulnerability (CVE-2023-28432) Notification

março 27, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT found that MinIO officially issued a security notice, which fixed a MinIO information disclosure vulnerability (CVE-2023-28432). When MiniO is configured in cluster mode, an unauthenticated attacker can ultimately obtain information about all environment variables by constructing a crafted request packet, which allows the attacker to utilize the MINIO_ SECRET_ KEY&MINIO_ ROOT_ […]