Blog

Turmoil in Libya: Major Industries Hit by Massive DDoS Attacks

setembro 12, 2023 | NSFOCUS

I. Background In August, NSFOCUS Global Threat Hunting System spotted an abnormal trend of DDoS attacks against Libya. NSFOCUS Security Labs sorted out the traffic changes of DDoS attacks in August and found that this attack may be related to the turmoil in Libya in August by comparing it with key events in Libya in […]

Insights from Attack and Defense Drills: Strategies and Resilience

setembro 11, 2023 | NSFOCUS

Recently, NSFOCUS SOC team summarized the findings from attack and defense drills in the first half of 2023. In these smokeless battles, the attackers advanced with aggressive strategies, while the defenders relied on comprehensive defense systems, taking measures from protecting, monitoring to tracing, and resisting every attempt to breach their defenses. Vulnerability and Asset Impact […]

Multiple Security Vulnerability Notifications on Apple Products

setembro 8, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT has detected that Apple has officially repaired two 0day vulnerabilities in multiple Apple products. At present, it has detected that there are uses in wild. Affected users should take protective measures as soon as possible. The details of the vulnerability are as follows: Apple ImageIO Remote Code Execution Vulnerability (CVS 2023-41064): […]

Multiple security vulnerability notifications on Google Chrome

setembro 7, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT has monitored that Google Chrome has officially released security announcements and fixed several security vulnerabilities. The key vulnerabilities are as follows: Google Chrome Cross Border Read Vulnerability (CVE-2023-4761): Due to an out of bounds memory read vulnerability in Google Chrome FebCM, attackers who can disrupt the renderer process can perform out […]

VMware Aria Operations for Networks Authentication Bypass Vulnerability (CVE-2023-34039)

setembro 5, 2023 | NSFOCUS

Overview Recently, NSFOCUS CERT detected an Authentication Bypass vulnerability in VMware Aria Operations for Networks. Due to the lack of unique cryptographic key generation, Aria Operations for Networks is susceptible to an authentication bypass vulnerability. Attackers with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations […]

smart city

NSFOCUS Included in Gartner 2023 Hype Cycle for Smart City and Sustainability in China Report Again

setembro 5, 2023 | NSFOCUS

We proudly announce that NSFOCUS was again included in Gartner® Hype CycleTM for Smart City and Sustainability in China (2023) report1 in CPS Security. “Cyber-physical systems (CPS) are engineered systems that orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans). When secure, they enable safe, real-time, reliable, resilient and […]

APT34 Unleashes New Wave of Phishing Attack with Variant of SideTwist Trojan

agosto 30, 2023 | NSFOCUS

Recently, NSFOCUS Security Labs captured a new APT34 phishing attack. During the campaign, APT34 attackers disguised as a marketing services company called GGMS launched attacks against enterprise targets and released a variant of SideTwist Trojan to achieve long-term control of the victim host. Introduction to APT34 APT34, also known as OilRig or Helix Kitten, is […]

Mastering Defense and Understanding Offense: Approach of Detecting Abnormal Attack Behaviors

agosto 29, 2023 | NSFOCUS

In offensive and defensive exercises, attackers will use various attack methods to maximize their objectives, including not only common attack methods but also complex attacks. Phishing email is popular among attackers as the most commonly used and low-cost attack method. Attackers typically use a variety of techniques and deception to send emails with malicious attachments […]

From Ripples to Waves: The Swift Evolution of the “Boat” Botnet

agosto 18, 2023 | NSFOCUS

The botnet family “Boat” was first discovered by NSFOCUS Security Labs in June 2022. Its name comes from the fact that malicious samples in its early versions propagate with the file name “boat”. At the same time, since some malicious samples in later versions of this family retain symbolic information and there are a large […]

How to Achieve Sensitive Data Unlearning for Machine Learning Models?

agosto 11, 2023 | NSFOCUS

As machine learning is increasingly used in data analysis in cybersecurity, there is a risk of privacy disclosure to some extent if models inadvertently capture sensitive information from training data. Since training data will exist in the model parameters for a long time, it is possible to directly output training samples if some data with […]