Overview NSFOCUS security team recently monitored that Microsoft released a security patch, fixing the Windows Error Reporting service privilege escalation vulnerability (CVE-2023-36874). An attacker who successfully exploited this vulnerability could gain administrator privileges. Microsoft's official security update announcement in July stated that attackers must have local access to the target...
Categoria: Blog
Adobe ColdFusion Multiple Security Vulnerabilities Notification
Overview Recently, NSFOCUS CERT monitored that Adobe has officially released security notices and fixed multiple Adobe ColdFusion vulnerabilities. Affected users should take measures as soon as possible. The key vulnerabilities are as follows: Adobe ColdFusion Access Control Bypass Vulnerability (CVS 2023-29298): Adobe ColdFusion has an access control bypass vulnerability that...
Enhancing Campus Network Resilience: How NSFOCUS Anti-DDoS Solution Safeguards the Education Sector from DDoS Attacks
Customer Overview The customer is a leading research-intensive university in Asia, with a distinguished history and a reputation for excellence in teaching and research. The university has a large campus network that serves students, faculty, staff, external partners, and visitors. With the increasing threats of DDoS attacks, the customer recognized...
Apple WebKit Remote Code Execution Vulnerability (CVS 2023-37450) Notification
Overview Recently, NSFOCUS CERT detected that Apple has officially fixed a 0-day vulnerability in Apple WebKit. Remote attackers can trigger this vulnerability by inducing the victim to open a specially crafted web page, which can ultimately enable the execution of arbitrary code on the target system. At present, the vulnerability...
GitLab Unauthorized Access Vulnerability (CVS 2023-3484) Notification
Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, which fixed an unauthorized access vulnerability in Gitlab EE. In some cases, remote attackers with low privileges can change the name or path of a public top-level group beyond their authority. The CVSS score is 8.0. Affected users...
An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About
In the process of developing code, developers will worry about whether there are security problems in the image of code, dependencies and projects packaged. In the RSAC 2023 this year, David Melamed and Luke O'Malley recommended five open source security tools in their speech "5 Open Source Security Tools All...
