Fabriquants

Retour à Sécurité

Fortinet

    • Key Takeaways from Our Latest Global Threat Landscape Report 21 mai 2019
      Fortinet announced the findings of the latest quarterly Global Threat Landscape Report. The research reveals that cybercriminals continue to evolve the sophistication of their attack methods, from tailored ransomware and custom coding for some attacks, to utilizing pre-installed tools or established infrastructure to maximize efficiency for their opportunities. …

    • A Closer Look at Satan Ransomware’s Propagation Techniques 20 mai 2019
      Satan ransomware first appeared in early 2017, and since then threat actors have been constantly improving the malware to infect its victims more effectively and to maximize its profits. Learn more about how this malware finds new targets to attack.

    • Not all Secure SD-WAN Solutions are Created Equal 16 mai 2019
      New NSS Labs research explains why having security built into an SD-WAN solution is the right approach for successful WAN Edge deployments. Learn more about the importance of security-driven networking and Fortinet’s Secure SD-WAN solution.

    • Key Considerations for a Secure Cloud Migration 15 mai 2019
      Addressing the challenges of cloud migration requires careful preparation. To establish a consistent security framework, organizations should consider these six steps as part of their migration strategy.

    • How to Cost-Effectively Dynamically Analyze UEFI Malware 14 mai 2019
      With the growing popularity of UEFI systems adversaries are starting to focus on exploiting this new attack surface. There is a pressing need for security researchers to be able to handle this threat. In this blog post, we examine how.

    • Fortinet Operational Technology Security Trends Report 13 mai 2019
      To increase efficiencies in places like manufacturing floors, energy production and delivery, or interconnected transportation systems, operational technology (OT) environments are being connected to the outside world. Find out how this presents new threats to OT organizations.

    • The Problem with Too Many Security Options 9 mai 2019
      In today’s meshed and increasingly perimeterless networks, security teams need to be able to identify everything connected to their ecosystem—which is a challenge with too many security solutions that do not work together.

    • New Spam Attack Targets Romanian Corporation 8 mai 2019
      The FortiGuard SE team has discovered an ongoing malicious spam campaign over the past few weeks. It uses a combination of a variant of the Fareit/Pony downloader together with the Formbook infostealer malware. Read this analysis report of the spam campaign.

Aruba

Cisco

    • Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1780) 21 mai 2019
      A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit thi …

    • Cisco Secure Boot Hardware Tampering Vulnerability 21 mai 2019
      A vulnerability in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the ar …

    • Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability 20 mai 2019
      A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect imp …

    • Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability 20 mai 2019
      A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker …

    • Cisco NX-OS Software SSH Key Information Disclosure Vulnerability 16 mai 2019
      A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user’s private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key expo …

    • Cisco AnyConnect Secure Mobility Client for Linux Out-of-Bounds Memory Read Vulnerability 15 mai 2019
      A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to downlo …

    • Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities 15 mai 2019
      Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulner …

    • Cisco Small Business 300 Series Managed Switches DHCP Denial of Service Vulnerability 15 mai 2019
      A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a fa …

Google Online Security Blog