Fortinet
- 17 mai 2021FortiCASB Extends Support of New Cloud Applications to Further Provide Adaptive Cloud Security
To help organizations better secure this growing attack surface, Fortinet’s Cloud Access Security Broker (CASB) solution, FortiCASB, will now provide protection for additional applications and platforms. Learn more. … - 17 mai 2021Analyzing the History of Ransomware Across Industries
We take a dive into the history of ransomware across industries explaining how these threats are still looming today. Learn more. … - 17 mai 2021Newly Discovered Function in DarkSide Ransomware Variant Targets Disk Partitions
FortiGuard Labs has uncovered additional tactics used by the DarkSide Threat Actors, primarily the discovery of the DarkSide ransomware seeking out partition information. Learn more. … - 17 mai 2021FortiEDR Stands Out in MITRE Engenuity’s ATT&CK Evaluations
FortiEDR has the ability to identify and ultimately block future cyberattacks that use tactics and techniques similar to those emulated in the MITRE Protection Evaluations tests. Learn more. … - 13 mai 2021Join Fortinet at RSA 2021
Join Fortinet at RSA Conference 2021 virtually to learn about the latest security innovations addressing the challenges facing organizations in the era of digital transformation. … - 12 mai 2021FortiGuard Labs Discovers Multiple Critical Zero Day Vulnerabilities in Adobe Illustrator
FortiGuard Labs discovered and reported multiple critical zero-day vulnerabilities in Adobe Illustrator to Adobe, Inc. Learn about the details for these vulnerabilities and how to apply the related Adobe security patches. … - 11 mai 2021A Cybersecurity Conversation with a Fortinet Authorized Training Center: Compendium
Part of the Fortinet NSE Training Institute, our Authorized Training Centers (ATC) program has a network of accredited training organizations around the world to further push forward our Training Advancement Agenda (TAA). Learn more. … - 11 mai 2021Understanding the Impact of New Retail Technology
As technology use in the retail industry continues to expand and evolve, so must the cybersecurity strategies that are deployed in this sector. Learn about the new study on retail technology in cybersecurity. … - 10 mai 2021SD-WAN is Essential for any SASE Deployment
Learn about the challenges of relying exclusively on a SASE solution, and how SD-WAN is necessary for building the foundation for a more secure, flexible, and convertible network ecosystem. … - 10 mai 2021Offensive Defense: Using Deception Against Ransomware Attacks
Organizations around the world have been reporting on cyberattacks involving ransomware, and this is a trend that is expected to continue. Learn how to address ransomware attacks with deception. …
Aruba
- 11 mai 2021802.11 Frame Aggregation and Fragmentation Vulnerabilities
Twelve new vulnerabilities related to different components in the implementation of the 802.11 standard have been published. Successful exploitation of each one of these vulnerabilities can result in sensitive data disclosure and possibly traffic manipulation.The post 802.11 Frame Aggregation and Fragmentation Vulnerabilities first appeared on Aruba. … - 20 avril 2021AirWave Management Platform Multiple Vulnerabilities
Aruba has released updates to the AirWave Management Platform that address multiple security vulnerabilities.
The post AirWave Management Platform Multiple Vulnerabilities first appeared on Aruba. - 20 avril 2021ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
The post ClearPass Policy Manager Multiple Vulnerabilities first appeared on Aruba. - 9 mars 2021SAD DNS side channel attack
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. This vulnerability is present in some Aruba products which are listed below. For more information please see https://www.saddns.net/.The post SAD DNS side channel attack first appeared on Aruba. … - 9 mars 2021Aruba Instant (IAP) Multiple Vulnerabilities
Aruba has released patches for Aruba Instant that address multiple security vulnerabilities.
The post Aruba Instant (IAP) Multiple Vulnerabilities first appeared on Aruba. - 23 février 2021Multiple Vulnerabilities in dnsmasq
Seven new vulnerabilities were reported in the open-source component dnsmasq. This collection of vulnerabilities has been made public under the name DNSpooq.
The post Multiple Vulnerabilities in dnsmasq first appeared on Aruba. - 23 février 2021AirWave Management Platform Multiple Vulnerabilities
Aruba has released updates to the AirWave Management Platform that address multiple security vulnerabilities.
The post AirWave Management Platform Multiple Vulnerabilities first appeared on Aruba. - 16 février 2021ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
The post ClearPass Policy Manager Multiple Vulnerabilities first appeared on Aruba. - 5 février 2021HPE and Aruba L2/L3 Switches, Remote Memory Corruption
A potential security vulnerability has been identified in certain HPE and Aruba L2/L3 switches. The vulnerability could be remotely exploited to cause memory corruption.The post HPE and Aruba L2/L3 Switches, Remote Memory Corruption first appeared on Aruba. … - 5 février 2021HPE and Aruba L2/L3 Switches, Local Denial of Service (DoS)
A security vulnerability has been identified in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch’s management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itse …
Cisco
- 17 mai 2021Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by pe … - 17 mai 2021Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
On May 11, 2021, the research paper Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation was made public. This paper discusses 12 vulnerabilities in the 802.11 standard. One vulnerability is in the frame aggregation functionality, two vulnerabilities are in the frame fragmentation functionality, and the other nine are implementation vulnerabilities. These vulnerabili … - 13 mai 2021Cisco Hosted Collaboration Mediation Fulfillment Denial of Service Vulnerability
A vulnerability in the Java Management Extensions (JMX) component of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A … - 12 mai 2021Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnec … - 11 mai 2021MacOS Local Privilege Escalation Exploitable through Cisco AnyConnect Secure Mobility Client
On May 26, 2020, Apple released a security update for MacOS Catalina, Mojave, and High Sierra. Part of this update addressed a local privilege escalation vulnerability (CVE-2020-9817). Cisco has determined that Cisco AnyConnect Secure Mobility Client releases 4.10.00093 and earlier could be used to exploit this vulnerability. This advisory is available at the following link:https://tools … - 10 mai 2021Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021
On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition … - 7 mai 2021Cisco HyperFlex HX Command Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds tha … - 7 mai 2021Cisco HyperFlex HX Data Platform File Upload Vulnerability
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the a … - 5 mai 2021Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, t … - 5 mai 2021Cisco Web Security Appliance Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could e …
Google Online Security Blog