Information Disclosure

Strapi Multiple Security Vulnerability Notice

abril 26, 2023

Overview Recently, NSFOCUS CERT found that Strapi has officially issued a security notice, which fixes several Strapi security vulnerabilities. Due to a flaw in the Strapi system, when there are any entries created or updated by super administrator users on publicly accessed entries, attackers can execute arbitrary code on the target system by combining the […]

Information Disclosure-Incurred Asset Compromise and Detection and Analysis

fevereiro 4, 2021

According to a survey, 25% of internal security incidents are attributed to information disclosure. Attackers, merely through information disclosure, without needing to resort to measures with obvious patterns, like password cracking, can further acquire sensitive information about users and enterprises. It should be noted that this kind of attack method has a high degree of anonymity, rendering pattern-based network traffic analysis and terminal security log analysis fruitless. Combining user entity behavior analysis (UEBA) with dissection of network traffic logs and terminal security logs, we can identify abnormal behaviors, associate the behaviors with attack alerts, and present readable threat event analysis, offering users a new approach to discovering stealthy threats.



Inscreva-se no Blog da NSFOCUS