Fabriquants

Retour à Sécurité

Fortinet

    • Common SD-WAN Security Mistakes 17 décembre 2018
      SD-WAN is quickly becoming an essential component of any network transformation effort, allowing organizations to compete more quickly and efficiently in today’s digital marketplace.

    • A Look into XPC Internals: Reverse Engineering the XPC Objects 14 décembre 2018
      We have recently been engaged in deep security research on macOS for FortiGuard Labs focused on the discovery and analysis of IPC vulnerabilities. In this blog, we uncover the XPC internals data types to help researchers not only quickly analyze the root causes of XPC vulnerabilities, but to also assist with deep analysis of exploits targeted at those vulnerabilities. …

    • Preparing for Tomorrow's Threats 13 décembre 2018
      Organizations can start today to protect against 2019’s threats. Look out for crooks using AI « fuzzing » techniques, machine learning, and swarms.

    • The Shifting AI-Driven Threat Landscape 11 décembre 2018
      As the modern threat landscape continues to expand, adding artificial intelligence (AI) to a security strategy has become paramount to establishing and maintaining an effective security posture.

    • More Encrypted Traffic Than Ever 10 décembre 2018
      Over 72% of all network traffic is encrypted, and that figure is expected to grow. Very few security devices can inspect encrypted data without severely impacting network performance.

    • The Weaponization of PUAs 6 décembre 2018
      In this FortiGuard Labs article we will define what a PUA is, describe its inherent risks, and how malware makes use of them by showcasing a malware sample.

Aruba

Cisco

    • Texas Instruments Bluetooth Low Energy Denial of Service and Remote Code Execution Vulnerability 14 décembre 2018
      On November 1st, 2018, Armis announced the presence of a Remote Code Execution (RCE) or Denial of Service (DoS) vulnerability in the Bluetooth Low Energy (BLE) Stack on Texas Instruments (TI) chips CC2640 and CC2650. This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID of CVE-2018-16986. The vulnerability is due to a memory corruption condition that may occur when …

    • Cisco Prime License Manager SQL Injection Vulnerability 11 décembre 2018
      Update (2018-December-10): Installing the ciscocm.CSCvk30822_v1.0.k3.cop.sgn patch may cause functional issues. Workarounds are available for some of these issues. Rolling back this patch as described in the Fixed Releases section will correct these functional issues, but the device will be affected by this vulnerability again when the patch is not in place. See the Fixed Releases section for …

    • Cisco Energy Management Suite Default PostgreSQL Password Vulnerability 4 décembre 2018
      A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default access credentials. An attacker could exploit this vulnerability by logging in to the machine where CE …

    • Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability 27 novembre 2018
      A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the …

    • Cisco TelePresence Video Communication Server Test Validation Script Issue 21 novembre 2018
      A failure in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently allowed a set of sample, dormant exploit code used internally by Cisco in validation scripts to be included in shipping software images. This includes an exploit for the Dirty CoW vulnerability (CVE-2016 …

    • Cisco Small Business Switches Privileged Access Vulnerability 13 novembre 2018
      A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using th …

    • Cisco Stealthwatch Management Console Authentication Bypass Vulnerability 9 novembre 2018
      A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the t …

    • Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability 7 novembre 2018
      A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the aff …

Google Online Security Blog