NSFOCUS

NSFOCUS Named a Representative Vendor in Gartner Market for Security Threat Intelligence Products and Services

maio 30, 2020

The world’s leading research and advisory company, Gartner, has named NSFOCUS as a Representative Vendor in its May 2020 Market Guide for Security Threat Intelligence Products and Services.

This guide provides in-depth analysis of the threat intelligence (TI) market, focusing on introducing its technical value and commercial potential of threat intelligence, and selecting credible vendors globally. NSFOCUS is honored to be named in the list.

(mais…)

NSFOCUS’s Presence at Botconf 2018

dezembro 17, 2018

On December 7, 2018 security experts from NSFOCUS Fu Ying Labs delivered a speech at Botconf 2018, presenting WASM security threat analysis technologies with researchers from security firms, media personnel, and security practitioners from CERTs (Computer Emergency Response Teams) of various countries. Their striking insights were highly accepted and acknowledged by the international security industry. […]

Satan Variant Analysis & Handling Guide

dezembro 6, 2018

1 Background

In early November 2018, NSFOCUS discovered that some of its financial customers had been infected with a worm virus FT.exe that could affect both Linux and Windows platforms. Like the ransomware Satan, the virus spreads itself by exploiting multiple application vulnerabilities. However, this virus, after breaking into the system, does not do anything obviously damaging, but only spreads itself.

At the end of Novemb (mais…)

NSFOCUS Present at the CS3STHLM Summit as the Only Asia-Pacific Security Vendor

novembro 12, 2018

On October 24, 2018, the CS3STHLM industrial cyber security & Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems (“the Stockholm summit”) kicked off in Sweden for the fifth consecutive year,  bringing together cybersecurity experts worldwide. NSFOCUS, as the only participating security vendor from Asia-Pacific, delivered a speech titled Attacking PLCs by PLC in Deep, sharing the company’s security research experience in the industrial control system (ICS) realm. (mais…)

Cisco ASA Security Product Denial-of-Service Vulnerability (CVE-2018-15454) Threat Alert

novembro 12, 2018

  1. Vulnerability Overview

Recently, Cisco officially released a security advisory to fix the denial-of-service (DoS) vulnerability (CVE-2018-15454) in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability exists in the Session Initiation Protocol (SIP) inspection engine used by Cisco ASA and FTD. An unauthorized attacker could exploit this vulnerability remotely to cause an affected device to reload or trigger a high CPU usage, causing a denial of service to the device. (mais…)

FreeRTOS Multiple Remote Code Execution Vulnerabilities Threat Alert

outubro 25, 2018

Overview

Recently, researchers from Zimperium disclosed 13 critical vulnerabilities in FreeRTOS, including four remote code execution vulnerabilities. (mais…)

Drupal Remote Code Execution Vulnerability Threat Alert

outubro 24, 2018

Overview

Recently, Drupal released an official security advisory to announce the fixes for multiple security issues, including two critical remote code execution vulnerabilities which affect Drupal 7 and 8.

The two critical vulnerabilities are described as follows: (mais…)

libssh Server-Side Identity Authentication Bypass Vulnerability (CVE-2018-10933)Threat Alert

outubro 23, 2018

Overview

On October 16, local time, libssh officially released an update to fix the server-side identity authentication bypass vulnerability (CVE-2018-10933) existing in libssh 0.6 and later versions. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials. (mais…)

WebLogic Remote Code Execution Vulnerability(CVE-2018-3191)Threat Alert

outubro 23, 2018

Overview

On October 17, Beijing time, Oracle officially released a Critical Patch Update (CPU), which contains a fix for the critical WebLogic remote code execution vulnerability (CVE-2018-3191). This vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle WebLogic Server. Successful exploitation of it can result in takeover of Oracle WebLogic Server, hence remote code execution.

(mais…)

XBash Malware Security Advisory

outubro 18, 2018

On September 17, 2018, Unit42 researchers published an analysis of a new malware family XBash on its official blog. According to them, XBash was developed by the Iron Group, a cybercrime organization that has been active since 2016. The malware was named XBash based on the name of the malicious code’s original main module. XBash combines functions of ransomware, coinminers, botnets, and worms to target Linux and Microsoft Windows servers. (mais…)