Fabriquants

Retour à Sécurité

Fortinet

    • Reactive vs. Proactive Cybersecurity: 5 Reasons Why Traditional Security No Longer Works 22 février 2019
      Getting out of the trap of reaction-based security requires organizations to rethink both their networking and security strategies. Organizations need to begin by anticipating attacks by implementing zero-trust strategies, leveraging real-time threat intelligence, deploying behavioral analytics tools, and implementing a cohesive security fabric. …

    • Fortinet Secures the Path to 5G 19 février 2019
      Fortinet has just announced its portfolio support for the Mobile Service Provider transformation to a 5G core network. Fortinet has a growing family of advanced security solutions not only designed for, but fully integrated together to protect today’s evolving networks and virtual infrastructures. …

    • Analysis of a Fresh Variant of the Emotet Malware 18 février 2019
      Recently, FortiGuard Labs captured a fresh variant of the Emotet malware. This time, it’s embedded in a Microsoft Word document. We did a quick analysis on it, and in this blog we show how it works on a victim’s machine.

    • What to Expect at our Accelerate 2019 Conference 13 février 2019
      Accelerate 2019 offers a wide variety of sessions and workshops to give users and partners the tools and experience they need to secure their networks and the networks of their customers. Learn what to expect from this year’s conference.

    • Using Services to Fill Critical Security Gaps 12 février 2019
      Security services ensure that organizations of all sizes can consistently receive the security support they need across their entire security lifecycle, including planning, designing, implementing, integrating, managing, operating, and optimizing the security infrastructure—all provided by experienced security professionals with broad visibility into global threat trends and strategies. …

Aruba

Cisco

    • Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019 22 février 2019
      A vulnerability in the Open Container Initiative runc CLI tool used by multiple products could allow an unauthenticated, remote attacker to escalate privileges on a targeted system. The vulnerability exists because the affected software improperly handles file descriptors related to /proc/self/exe. An attacker could exploit the vulnerability either by persuading a user to create a new container us …

    • Cisco Webex Meetings Online Content Injection Vulnerability 21 février 2019
      A vulnerability in Cisco Webex Meetings Online could allow an unauthenticated, remote attacker to inject arbitrary text into a user’s browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user’s …

    • Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability 21 février 2019
      A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it …

    • Cisco Prime Infrastructure Certificate Validation Vulnerability 21 février 2019
      A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An att …

    • Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability 21 février 2019
      A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could …

    • Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability 21 février 2019
      A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-supplied input within TFTP requests processed by the affected software. An attacker could exploit this …

    • Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability 21 février 2019
      A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vul …

    • Cisco IoT Field Network Director XML External Entity Vulnerability 21 février 2019
      A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by …

    • Cisco HyperFlex Software Command Injection Vulnerability 21 février 2019
      A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the atta …

Google Online Security Blog