Blog

Compared with traditional security threats, supply chain threats have a spreading influence. Vulnerabilities of upstream products will affect all downstream roles, causing security risks to spread along the supply chain and consequently expanding the attack area. In recent years, several influential supply chain attacks have taken place, involving open-source components, public code repositories, and cloud […]

In the last post of this series, we had an overview of software supply chain security and summarized some observations during the research. You can read the previous post here. In this post, we’re going to talk about the threats faced by the software supply chain.   Globalized economic development has brought more opportunities and […]

Overview The Magniber is a notorious ransomware. Unlike the common ransomware families such as Hive and LockBit that target companies, it is primarily used to blackmail individuals with a relatively low ransom around USD 2,500. The Magniber ransomware can neither be transmitted automatically nor used to upload user files, but encrypt files only. Here listed […]

Software supply chain security is one of the key considerations in modern supply chain security. NSFOCUS Security Labs has conducted long-term research on security of the software supply chain. We’d like to publish a series of posts to share our observations, explore security issues existing in the software supply chain, conclude the core concepts, technical […]

Santa Clara, Calif. October 18, 2022  – NSFOCUS, a global provider of intelligent hybrid security solutions, today launched its Cloud Web application and API Protection (WAAP) service for the Asia Pacific Region at the GovWare Conference & Exhibition held at Sands Expo and Convention Centre in Singapore on 18-20 October 2022.  NSFOCUS at GovWare 2022 […]

In the last series of popular science, we talked about Zero Trust Network Access (ZTNA) and learned the three critical technologies of zero trust—SDP, IAM and MSG. In this article, we will continue to introduce a security capability of NSFOCUS SASE – the SDP, one of the three major technologies. What is SDP? The SDP […]

The security knowledge graph, a knowledge graph specific to the security domain, is the key to realizing cognitive intelligence in cyber security, and it also lays an indispensable technological foundation for dealing with advanced, continuous and complex threats and risks in cyberspace. NSFOCUS published a series of articles about the application of the security knowledge […]

With the continuous transformation of telecommunication infrastructure in recent years, the popularization of 5G technology has promoted the sustainable and rapid growth of network bandwidth resources, and driven the rapid development of technologies such as big data, cloud computing, and the Internet of Things (IoT). However, due to security flaws, a large number of IoT […]

Part 1: APT Group Gamaredon Intensifies Cyber Offensive in Ukraine (Part 1) Type 2: Send malicious HTML attachments by masquerading notification emails The second type of attack activity Gamaredon mainly carried out is spear phishing emails. This is a new attack process that emerged in the second quarter of this year. Gamaredon attackers placed layers […]

Overview Beginning in the second quarter of this year, NSFOCUS Security Labs discovered that the APT group Gamaredon began frequently using a number of different types of attacks to conduct cyberattacks against military and police targets in Ukraine’s Kherson, Donetsk and other regions. In this attack cycle, Gamaredon mainly used attack tools such as malicious […]