Fortinet
- 2 décembre 2022The Changing Nature of the CISO in 2023
With the ever-changing cybersecurity landscape, CISOs must continuously adapt their strategies to stay ahead of the curve. Learn some of the most significant changes CISOs have had to make. - 2 décembre 2022FortiGuard Labs Contributes to INTERPOL Multinational Cybercrime Suppression Operation in Africa
Recently, FortiGuard Labs provided evidentiary support to INTERPOL and African Member countries as part of the Africa Cyber Surge Operation to help detect, investigate, and disrupt cybercrime. Learn more. - 1 décembre 2022Now Is The Time for Improved Funding to Support Education Cybersecurity
Fortinet supports calls from the education community for access to stronger network security tools through the modernization of E-Rate eligible services list. Read more about efforts to secure the education sector. - 30 novembre 2022The Importance of Integrated Solutions for MSSPs
Learn why finding integrated and integratable cybersecurity solutions is critical for MSSPs when choosing a cybersecurity vendor. - 29 novembre 2022Fortinet Supports ZTNA On-Premises and in the Cloud
Learn how Fortinet gives organizations the option of both cloud-based and on-premises ZTNA, allowing you to own, control, and manage your infrastructure and policies yourself in your own environment. - 28 novembre 2022Simplify Cloud Security with the FortiGate Cloud-Native Firewall on AWS
Backed by a strong collaboration between Fortinet and Amazon Web Services (AWS), we are excited to announce FortiGate Cloud-Native Firewall on AWS. Read More. - 25 novembre 2022Staying Digitally Secure This Holiday Season
Read about some of the most common cyber threats to prepare for during the holidays—along with a few unique outliers to be on the watch for according to Fortinet’s FortiGuard Labs. - 23 novembre 2022Ransomware Roundup: Cryptonite Ransomware
The latest FortiGuard Labs Threat Signal Ransomware Roundup covers the Cryptonite ransomware, along with protection recommendations. Read more. - 23 novembre 2022Beware of Cybercriminals Preying on Online Shoppers on Black Friday
The holiday season is a busy time of year for retailers and shoppers, but also for cybercriminals. The FortiGuard Labs team examines two Black Friday-themed cyberattacks, one using an old PDF file and another exploiting typosquatting. - 22 novembre 2022Cyber Risk Management Lessons from the Battlefield
There are numerous parallels between the armed forces and cybersecurity. Find out how many of the lessons learned on the battlefield can easily be applied by security teams to protect an organization more effectively from cyberattacks.
Aruba
- 29 novembre 2022AirWave Management Platform Multiple Vulnerabilities
Aruba has released updates to the AirWave Management Platform that address multiple security vulnerabilities.
The post AirWave Management Platform Multiple Vulnerabilities first appeared on Aruba. - 22 novembre 2022Multiple Vulnerabilities in Aruba EdgeConnect Enterprise
Aruba has released patches for Aruba EdgeConnect Enterprise that address multiple security vulnerabilities.
The post Multiple Vulnerabilities in Aruba EdgeConnect Enterprise first appeared on Aruba. - 1 novembre 2022OpenSSL X.509 Email Address Buffer Overflow
CVE-2022-3602 and CVE-2022-3786 have been published about buffer overflow vulnerabilities discovered in OpenSSL 3.0.0 through 3.0.6. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.The post OpenSSL X.509 Email Address Buffer Overflow first appeared on Aruba. … - 25 octobre 2022ArubaOS Multiple Vulnerabilities
Aruba has released patches for ArubaOS that address multiple security vulnerabilities.
The post ArubaOS Multiple Vulnerabilities first appeared on Aruba. - 11 octobre 2022Multiple Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator
Aruba has released patches for Aruba EdgeConnect Enterprise Orchestrator that address multiple security vulnerabilities.The post Multiple Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator first appeared on Aruba. … - 27 septembre 2022Aruba Access Points Multiple Vulnerabilities
Aruba has released patches for Aruba access points running InstantOS and ArubaOS 10 that address multiple security vulnerabilities.
The post Aruba Access Points Multiple Vulnerabilities first appeared on Aruba. - 7 septembre 2022ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
The post ClearPass Policy Manager Multiple Vulnerabilities first appeared on Aruba. - 30 août 2022AOS-CX Switches Multiple Vulnerabilities
Aruba has released updates for wired switch products running AOS-CX that address multiple security vulnerabilities.
The post AOS-CX Switches Multiple Vulnerabilities first appeared on Aruba. - 26 juillet 2022Vulnerability in Aruba Virtual Intranet Access (VIA)
Aruba has released an update to Aruba Virtual Intranet Access (VIA) that addresses a security vulnerability in the Aruba VIA client for the Microsoft Windows operating system. This vulnerability does not affect Aruba VIA clients for other operating systems.The post Vulnerability in Aruba Virtual Intranet Access (VIA) first appeared on Aruba. … - 21 juillet 2022Multiple Vulnerabilities in Expat XML processing library
Multiple CVEs have been disclosed that involve the faulty handling of XML input by the Expat application and library. These CVEs impact multiple Aruba products.The post Multiple Vulnerabilities in Expat XML processing library first appeared on Aruba. …
Cisco
- 30 novembre 2022Multiple Cisco Products Snort SMB2 Detection Engine Policy Bypass and Denial of Service Vulnerabilities
Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is proce … - 30 novembre 2022Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Next Generation Management Vulnerabilities
Multiple vulnerabilities in the next-generation UI management interface for Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an attacker to elevate privileges or to conduct a SQL injection attack and obtain root privileges. For more information about these vulnerabilities, see … - 28 novembre 2022Cisco Identity Services Engine Insufficient Access Control Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected de … - 23 novembre 2022Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022
On November 1, 2022, the OpenSSL Project announced the following vulnerabilities: CVE-2022-3602 – X.509 Email Address 4-byte Buffer Overflow CVE-2022-3786 – X.509 Email Address Variable Length Buffer Overflow For a description of these vulnerabilities, see OpenSSL Security Advisory [Nov 1 2022]. This advisory is available at the following link:https://tools.cisco.com/security/center/content/CiscoS … - 23 novembre 2022Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. … - 23 novembre 2022Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this … - 23 novembre 2022Cisco Identity Services Engine Path Traversal Vulnerability
A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exp … - 17 novembre 2022Cisco Identity Services Engine Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to inject arbitrary operating system commands, bypass security protections, and conduct cross-site scripting attacks. For more information about these vulnerabilities, see the Details section of this advisory. Cisco plans to release software updates that address these vulnerabilities. The … - 14 novembre 2022Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administ … - 10 novembre 2022Cisco Firepower Management Center and Firepower Threat Defense Software SSH Denial of Service Vulnerability
A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerabi …
Google Online Security Blog