Fortinet
- 16 mars 2023Ransomware Roundup — HardBit 2.0
In this week’s Ransomware Roundup, FortiGuard Labs covers the HardBit 2.0 ransomware along with protection recommendations. Learn more. - 16 mars 2023How Best to Secure Applications in Any Cloud
Read about some of the barriers to cloud adoption along with the risks and challenges that come with it to secure your applications. - 16 mars 2023Microsoft OneNote File Being Leveraged by Phishing Campaigns to Spread Malware
An in-depth analysis of a phishing campaign utilizing a Microsoft OneNote file. Learn about the contents of this malicious attack from how it executes, to evading detection, and fully controlling the victim’s device. - 15 mars 2023Reduce, Reuse, Recycle: Bad Actors Practicing the Three Rs
Cybercriminals are big proponents of getting the most out of their resources. Read how FortiGuard Labs researchers investigated how they’re retrofitting code to enable more successful criminal outcomes. - 15 mars 2023Meet Fortinet Experts at RSA Conference 2023
Fortinet will once against be attending the RSA Conference in San Francisco. Come visit us at our booth (#5863) and see our feature demo kiosks, theater, and Experts Bar. - 14 mars 2023Extending Cybersecurity to Employees No Matter Where They’re Working
Read how IT teams can provide enterprise-level cybersecurity protection to keep employees productive and secure in a hybrid workforce. - 13 mars 2023Fortinet and WiCyS Provide Upskilling and Reskilling Opportunities to Women
Fortinet partnered with Women in Cybersecurity (WiCyS) to sponsor five females who participated in the NSE 4 Certification Boot Camp. We recently spoke with one of the women to learn about her career in cybersecurity and how the combined resources are helping her upskill. - 10 mars 2023Here's How We Can Collectively Shrink the Cybersecurity Skills Gap
Shrinking the cybersecurity skills gap requires outside-the-box thinking. Find out a variety of ways to address shrinking the skills gap and talent shortage. - 9 mars 2023Go from Zero-Day Threats to Zero Threats with Inline Sandboxing
Learn how inline sandboxing technology is helping organizations move into the future to gain real-time, in-network protection capabilities. - 9 mars 2023Analysis of FG-IR-22-369
A following write-up that details Fortinet’s investigation into the incident that led to the discovery of FG-IR-22-369 and additional IoCs identified during our ongoing analysis.
Aruba
- 14 mars 2023ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
The post ClearPass Policy Manager Multiple Vulnerabilities first appeared on Aruba. - 28 février 2023ArubaOS Multiple Vulnerabilities
Aruba has released patches for ArubaOS that address multiple security vulnerabilities.
The post ArubaOS Multiple Vulnerabilities first appeared on Aruba. - 8 février 2023Multiple Vulnerabilities in OpenSSL
Multiple vulnerabilities have been disclosed in OpenSSL.
The post Multiple Vulnerabilities in OpenSSL first appeared on Aruba. - 13 décembre 2022Multiple Vulnerabilities in Aruba Orchestrator
Aruba has released patches for Aruba Orchestrator that address multiple security vulnerabilities.
The post Multiple Vulnerabilities in Aruba Orchestrator first appeared on Aruba. - 6 décembre 2022ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
The post ClearPass Policy Manager Multiple Vulnerabilities first appeared on Aruba. - 29 novembre 2022AirWave Management Platform Multiple Vulnerabilities
Aruba has released updates to the AirWave Management Platform that address multiple security vulnerabilities.
The post AirWave Management Platform Multiple Vulnerabilities first appeared on Aruba. - 22 novembre 2022Multiple Vulnerabilities in Aruba EdgeConnect SD-WAN
Aruba has released patches for Aruba EdgeConnect SD-WAN that address multiple security vulnerabilities.
The post Multiple Vulnerabilities in Aruba EdgeConnect SD-WAN first appeared on Aruba. - 1 novembre 2022OpenSSL X.509 Email Address Buffer Overflow
CVE-2022-3602 and CVE-2022-3786 have been published about buffer overflow vulnerabilities discovered in OpenSSL 3.0.0 through 3.0.6. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.The post OpenSSL X.509 Email Address Buffer Overflow first appeared on Aruba. … - 25 octobre 2022ArubaOS Multiple Vulnerabilities
Aruba has released patches for ArubaOS that address multiple security vulnerabilities.
The post ArubaOS Multiple Vulnerabilities first appeared on Aruba. - 11 octobre 2022Multiple Vulnerabilities in Aruba Orchestrator
Aruba has released patches for Aruba Orchestrator that address multiple security vulnerabilities.
The post Multiple Vulnerabilities in Aruba Orchestrator first appeared on Aruba.
Cisco
- 17 mars 2023Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability
A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit thi … - 14 mars 2023Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has not rele … - 10 mars 2023Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workaro … - 8 mars 2023Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability
A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnera … - 7 mars 2023Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to conduct server-side request forgery (SSRF) attacks through an affected device or to overwrite arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has release … - 2 mars 2023Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability
A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulner … - 2 mars 2023Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerabilities
Update for March 2, 2023: Since this advisory originally published, Cisco has become aware of an issue in a fix for older major Cisco Secure Web Appliance software releases. That issue introduced additional vulnerabilities in releases 14.5.0-537 and 14.5.1-008. Cisco is investigating these new issues and will provide a fix in April 2023 for software releases later than Rel … - 2 mars 2023Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface … - 1 mars 2023Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this … - 1 mars 2023Cisco Webex App for Web Cross-Site Scripting Vulnerability
A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending an arbitrary file to a user and persuading that user to br …
Google Online Security Blog