Blog

JumpServer File Read and Upload Vulnerability (CVE-2024-40628/CVE-2024-40629) Notification

julho 19, 2024 | NSFOCUS

Overview Recently, NSFOCUS CERT detected that JumpServer issued a security announcement and fixed the file reading and uploading vulnerabilities in JumpServer (CVE-2024-40628/CVE-2024-40629). Due to improper permission configuration of the Ansible module in JumpServer, an attacker with a low-privilege account can use the ansible playbook to read arbitrary files in the celery container, resulting in disclosure […]

Critical Patch Update Notice in July for All Series of Oracle Products

julho 19, 2024 | NSFOCUS

Overview On July 17, 2024, NSFOCUS CERT detected that Oracle officially released a critical patch update announcement CPU (Critical Patch Update) for July. A total of 397 vulnerabilities of varying degrees were fixed this time. This security update involves Oracle WebLogic Server, Oracle MySQL, Oracle Java SE, Oracle Fusion Middleware, Oracle Financial Services Applications, Oracle […]

Uma imagem que ilustra um hacker mexendo em um notebook.

O que é Malware? Tipos e como se proteger contra ataques

julho 17, 2024 | Eduardo Guerra

Estar protegido contra malwares é fundamental devido às constantes ameaças que rondam o mundo digital. Mas você sabe o que é um malware? Quais os tipos que existem? E, principalmente, como proteger o seu negócio contra possíveis ataques? Continue a leitura e fortaleça a segurança dos dados para garantir uma boa experiência na era digital. […]

NSFOCUS Recognized in Forrester’s Enterprise Firewall Landscape Report, Q2 2024

julho 17, 2024 | NSFOCUS

SANTA CLARA, Calif., July 17, 2024 – NSFOCUS, a leading cybersecurity company, is proud to announce its inclusion in the prestigious The Enterprise Firewall Landscape, Q2 2024 report by Forrester, a globally recognized research and advisory firm. NSFOCUS has been distinguished as a Notable Vendor for its innovative Next-Generation Firewall (NGFW) solution. Since the introduction […]

GitLab Authentication Bypass Vulnerability (CVE-2024-6385) Notification

julho 12, 2024 | NSFOCUS

Overview Recently, NSFOCUS CERT detected that GitLab issued a security announcement and fixed the identity bypass vulnerability (CVE-2024-6385) in GitLab Community Edition (CE) and Enterprise Edition (EE). Due to the incomplete fixing of CVE-2024-5655, if the target branch has been deleted, when the target Gitlab repository merges the Merge Request controllable by attackers, The Pipeline […]

Microsoft’s Security Update in July of High-Risk Vulnerabilities in Multiple Products

julho 12, 2024 | NSFOCUS

Overview On July 10, NSFOCUS CERT detected that Microsoft released a security update patch for July, which fixed 139 security issues involving Windows, Microsoft SQL Server, Microsoft Office, Azure and other widely used products, including high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed in Microsoft’s monthly update this month, […]

NSFOCUS Recognized as a Leading Innovator in AI-driven Cybersecurity Solutions at WAIC 2024

julho 12, 2024 | NSFOCUS

SANTA CLARA, Calif., July 12, 2024 — NSFOCUS is honored to announce that its Large Model Empowered Security Operations case has been featured in the 2024 Case Studies of Demonstration Application for Foundation Models at the World Artificial Intelligence Conference (WAIC). This prestigious recognition highlights NSFOCUS’s pioneering efforts in AI-driven cybersecurity solutions. The Case Studies, […]

Imagem que ilustra uma segurança cibernética contra ddos.

O que é RSAS? Veja como funciona a solução

julho 10, 2024 | Eduardo Guerra

Em meio ao cenário dinâmico de segurança cibernética, as organizações enfrentam um desafios cada vez maiores. A necessidade de proteger ativos de dados críticos e atender aos requisitos de conformidade é mais crucial do que nunca. Nesse contexto, o RSAS (Sistema de Avaliação de Segurança Remota) da NSFOCUS se destaca como uma importante ferramenta para […]

Remote Code Execution Vulnerability between GeoServer and GeoTools (CVE-2024-36401/CVE-2024-36404) Notification

julho 3, 2024 | NSFOCUS

Overview Recently, NSFOCUS CERT detected that GeoServer and GeoTools issued security announcements and fixed the XPath expression injection vulnerability in GeoServer and GeoTools (CVE-2024-36404). As the GeoTools library API called by GeoServer will pass the attribute name of element type to commons-jxpath library in an insecure manner, this library can execute arbitrary code when parsing […]

OpenSSH Remote Code Execution Vulnerability (CVE-2024-6387) Notification

julho 2, 2024 | NSFOCUS

Overview Recently, NSFOCUS CERT detected that OpenSSH issued a security announcement and fixed the remote code execution vulnerability of OpenSSH (CVE-2024-6387). Due to a signal handler race condition issue in OpenSSH Server (sshd) under the default configuration, if the client does not authenticate within seconds of LoginGraceTime (120 seconds by default and 600 seconds in […]