A new reflective Distributed-Denial-of-Service (DDoS) amplification vulnerability was recently discovered in the Service Location Protocol (SLP), which allows attackers to achieve a high amplification factor of over 2,200 times. This vulnerability has been identified as CVE-2023-29552, potentially making it one of the largest amplification attacks ever recorded. SLP is a...
Categoria: Blog
Linux Kernel Privilege Escalation Vulnerability (CVS 2023-32233) Notice
Overview Recently, NSFOCUS CERT found that the PoC of Linux Kernel privilege escalation vulnerability (CVE-2023-32233) was publicly disclosed online. There is a use-after-free vulnerability in Linux kernel's subsystem Netfilter nf_tables, which can be exploited by authenticated local attackers to perform arbitrary read and write operations in kernel memory, ultimately elevating...
Retrospective of Insights at RSAC 2023: The Secret Life of Enterprise Botnets
Secret Life of Enterprise Botnets The Secret Life of Enterprise Botnets is a speech in a session of RSA Conference 2023 by Dr. Craig Labovitz, Head of Technology for the Deepfield business unit at Nokia. In collaboration with global Internet providers, researchers tracked more than 500,000 compromised enterprise servers, security...
Key Technologies for Software Supply Chain Security – Data Security Technology
According to Gartner's supply chain security risk report in 2021[1], breaches of confidential or sensitive information constitute another major factor contributing to software supply chain risks. Hackers steal hard-coded credentials in source code, building logs, and infrastructure, such as API keys, encryption keys, tokens, and passwords, or locate vulnerabilities in...
Microsoft’s May security update for multiple high-risk product vulnerabilities
Overview On May 10, NSFOCUS CERT monitored that Microsoft had released a security update patch for May, which fixed 38 security issues, involving Win32k, Windows OLE, Microsoft SharePoint Server, Windows Pragmatic General Multicast (PGM) and other widely used products, including high-risk vulnerability types such as privilege enhancement and remote code...
A Recap of NSFOCUS Seminar on “Are You Ready for the Evolving DDoS Threat Landscape? “
In the middle of April, NSFOCUS held a seminar on “Are You Ready for the Evolving DDoS Landscape?â€. In the seminar, David Gao, Principal Security Solution Architect of NSFOCUS summarized the findings of the Global DDoS Attack Landscape in 2022 and gave his insights on the trends to help customers protect against the...
