Fortinet
- 5 août 2021Examining the Role of Secure SD-WAN in the Retail Space
Discover the role Secure SD-WAN and SD-Branch played in one retailer’s recent digital transformation and how these solutions impact the retail industry at large. … - 4 août 2021Transitioning into the Cybersecurity Industry
Learn how a Fortinet FortiGuard Labs team member established a career in cybersecurity as part of a global threat intelligence team. … - 3 août 2021Accurate Analysis Matters: Fortinet Secure SD-WAN Cyber Threat Assessment Can Help
For organizations evaluating or in different stages in their SD-WAN deployment, Fortinet offers a Secure SD-WAN Assessment Report through the Cyber Threat Assessment Program (CTAP). Learn more. … - 2 août 2021Tips for Good Cyber Hygiene During Hybrid Work
FortiGuard Labs’ Aamir Lakhani and Jonas Walker share their perspective on how cybersecurity hygiene is critical as hybrid work becomes the norm and as many organizations start to bring workers or students back in person. Learn more. … - 30 juillet 2021How COVID-19 Changed the Role of IT Leaders
Read about how the pandemic has changed the role of IT leaders, challenges around returning to the office, and how technologies such as SD-WAN can help governments do more with less. … - 30 juillet 2021Redefining Next-Generation Firewalls
Next-generation firewalls (NGFWs) protect organizations from threats by filtering network traffic. Read this post to learn what to look for in a next-generation firewall. … - 29 juillet 2021Protect Hybrid Data Centers and Prevent Ransomware with FortiGate 3500F NGFW
Fortinet introduces the industry’s first high performance NGFW with integrated Zero Trust Network Access and ransomware protection to secure hybrid data centers. Learn more. … - 29 juillet 2021Fortinet Expands Security Services Offerings and Introduces FortiTrust
Fortinet expands security services offerings to protect digital infrastructures with FortiTrust, to enable flexible consumption options across endpoints, networks and the cloud. Learn more. … - 28 juillet 2021How to Prevent Ransomware Attacks: Top Nine Things to Keep in Mind
Ransomware attacks are getting bolder and affect enterprises of all sizes. Explore the recommendations to give your organization the best possible chance of defeating a ransomware attack. … - 26 juillet 2021Fortinet Training Advancement Agenda (TAA) Helps Foster Cybersecurity Education for All
Fortinet’s cybersecurity training initiatives are designed to increase awareness, help close the skills gap, and prepare the workforce of the future as part of our Training Advancement Agenda (TAA). Learn more. …
Aruba
- 3 août 2021Sudo Privilege Escalation Vulnerability in Analytics and Location Engine (ALE)
Aruba has released updates to Analytics and Location Engine (ALE) that address a security vulnerability in the sudo utility.The post Sudo Privilege Escalation Vulnerability in Analytics and Location Engine (ALE) first appeared on Aruba. … - 13 juillet 2021AOS-CX Devices Multiple Vulnerabilities
Aruba has released updates for wired switch products running AOS-CX that address multiple security vulnerabilities.
The post AOS-CX Devices Multiple Vulnerabilities first appeared on Aruba. - 29 juin 2021ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
The post ClearPass Policy Manager Multiple Vulnerabilities first appeared on Aruba. - 11 mai 2021802.11 Frame Aggregation and Fragmentation Vulnerabilities
Twelve new vulnerabilities related to different components in the implementation of the 802.11 standard have been published. Successful exploitation of each one of these vulnerabilities can result in sensitive data disclosure and possibly traffic manipulation.The post 802.11 Frame Aggregation and Fragmentation Vulnerabilities first appeared on Aruba. … - 20 avril 2021AirWave Management Platform Multiple Vulnerabilities
Aruba has released updates to the AirWave Management Platform that address multiple security vulnerabilities.
The post AirWave Management Platform Multiple Vulnerabilities first appeared on Aruba. - 20 avril 2021ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
The post ClearPass Policy Manager Multiple Vulnerabilities first appeared on Aruba. - 9 mars 2021SAD DNS side channel attack
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. This vulnerability is present in some Aruba products which are listed below. For more information please see https://www.saddns.net/.The post SAD DNS side channel attack first appeared on Aruba. … - 9 mars 2021Aruba Instant (IAP) Multiple Vulnerabilities
Aruba has released patches for Aruba Instant that address multiple security vulnerabilities.
The post Aruba Instant (IAP) Multiple Vulnerabilities first appeared on Aruba. - 23 février 2021Multiple Vulnerabilities in dnsmasq
Seven new vulnerabilities were reported in the open-source component dnsmasq. This collection of vulnerabilities has been made public under the name DNSpooq.
The post Multiple Vulnerabilities in dnsmasq first appeared on Aruba. - 23 février 2021AirWave Management Platform Multiple Vulnerabilities
Aruba has released updates to the AirWave Management Platform that address multiple security vulnerabilities.
The post AirWave Management Platform Multiple Vulnerabilities first appeared on Aruba.
Cisco
- 5 août 2021Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability
A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user’s operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle po … - 4 août 2021Cisco Packet Tracer for Windows DLL Injection Vulnerability
A vulnerability in Cisco Packet Tracer for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configu … - 4 août 2021Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a … - 4 août 2021Cisco Connected Mobile Experiences Strong Authentication Requirements Enforcement Bypass
A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability exists because a password policy check is incomplete at the time a password is changed at server … - 4 août 2021Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory. Cisco … - 4 août 2021Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability
A vulnerability in Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which Cisco NSO is running, which is root by default. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs th … - 4 août 2021Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability
A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the a … - 4 août 2021ConfD CLI Secure Shell Server Privilege Escalation Vulnerability
A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of … - 4 août 2021Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about thes … - 3 août 2021Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending craft …
Google Online Security Blog