Fortinet
- Fortinet Joins New Operational Technology Cyber Security Alliance (OTCSA) 22 octobre 2019
Learn more about Fortinet’s involvement in the new Operational Technology Cyber Security Alliance (OTCSA). - Promote Cybersecurity Awareness to Protect Your Family Online 21 octobre 2019
Learn how parents can protect their family online by teaching kids vital lessons about infosecurity awareness. - New Variant of Remcos RAT Observed In the Wild 21 octobre 2019
Recently, we identified several new spam samples as a Remcos RAT campaign. Read more about our analysis of this threat. - FortiGuard Labs Weekly Threat Update – Week of 18 October 2019 18 octobre 2019
Learn about the cyber threats uncovered during the week of October 14, 2019. - Field CISO Q&A: Jonathan Nguyen 17 octobre 2019
Read insights on employee education, digital transformation, and the future of cybersecurity from Fortinet’s VP of the Global Field CISO Team, Jonathan Nguyen. - Getting to NSE Level 8: A Conversation with Mohammad Al-Zard 16 octobre 2019
Mohammad Al-Zard, the 100th person to be NSE 8 certified and first to pass the first version of the written exam with a perfect score, discusses what drew him to cybersecurity, why he took on Fortinet’s NSE program, and how to close the cyber skills gap. - Where Human Factors Can Eclipse Technology: Complexity, Privacy and Human Error 15 octobre 2019
Learn how CISOs can mitigate security risks by understanding and planning for human fallibility, in excerpts from Phil Quade’s new book: The Digital Big Bang. - How CISOs Can Create a Cyber-Aware Workforce Using Non-Traditional Training Techniques 14 octobre 2019
Learn how CISOs can leverage non-traditional forms of training to build a cyber-aware workforce and create a true learning organization. - FortiGuard Labs Weekly Threat Update – Week of 11 October 2019 11 octobre 2019
Learn about the cyber threats uncovered during the week of October 7, 2019. - Customers Choose Fortinet Secure SD-WAN for True WAN Edge Transformation 10 octobre 2019
Learn why one of the largest North American recycling and waste management companies chose Fortinet’s integrated Secure SD-WAN and SD-Branch solutions.
Aruba
- Aruba Impact for CPU Side-Channel Attacks 25 juin 2019
- WPA3 Multiple Vulnerabilities 16 avril 2019
On April 10, 2019 a research paper by Mathy Vanhoef and Eyal Ronen was released documenting a series of potential vulnerabilities in implementations of WPA3 and EAP-pwd (RFC 5931). Details on EAP-pwd vulnerabilities have not yet been released. This advisory covers only WPA3 vulnerabilities.
- Aruba Instant Multiple Vulnerabilities 27 février 2019
Aruba has released updates to Aruba Instant (IAP) that address multiple serious vulnerabilities. The most significant vulnerability is rated CRITICAL with a CVSS score of 9.8.
- ClearPass Policy Manager Multiple Vulnerabilities 7 novembre 2018
Aruba has released an update to ClearPass Policy Manager that addresses multiple security vulnerabilities.
- Aruba BLE Radio Firmware Vulnerability 18 octobre 2018
A vulnerability exists in the firmware of embedded BLE radios that are part of all Aruba AP-3xx series access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP’s BLE radio and could then gain access to the AP’s console port. Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986 … - Apache Struts Vulnerability in ClearPass Policy Manager 24 août 2018
The Apache Struts group announced Struts version 2.3.35 on August 22, 2018.
Included in this update is a fix for one security vulnerability. Aruba ClearPass includes Apache Struts 2.3.34, but in a non-vulnerable configuration. - Linux Kernel Vulnerabilities in ClearPass and AirWave 24 août 2018
Two Linux kernel vulnerabilities, known as “SegmentSmack” and “FragmentSmack”, have been publicly disclosed. The Linux kernel used by Aruba ClearPass Policy Manager and Aruba AirWave is affected. Other Aruba products are not affected.
- Return Of Bleichenbacher’s Oracle Threat (ROBOT) 28 mars 2018
The cryptography library used by Aruba Instant provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker may be able to recover private keys for X.509 certificates. This vulnerability is
referred to as “ROBOT.” - ClearPass Policy Manager Multiple Vulnerabilities 21 mars 2018
Aruba has released an update to ClearPass Policy Manager that addresses four security vulnerabilities.
Cisco
- Cisco Firepower Detection Engine Secure Sockets Layer Denial of Service Vulnerability 18 avril 2018
A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service (DoS) condition. The vulnerability is due to the affected software imp … - Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability 19 octobre 2019
A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of FTP data. An attacker could exploit this vulnerability by sending malicious FTP tr … - Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability 19 octobre 2019
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software improperly parses cert … - Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability 18 octobre 2019
A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP r … - Cisco Firepower Management Center Remote Code Execution Vulnerability 18 octobre 2019
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands with … - Multiple Issues in Cisco Small Business 250/350/350X/550X Series Switches Firmware and Cisco FindIT Network Probe 17 octobre 2019
On June 3, 2019, SEC Consult, a consulting firm for the areas of cyber and application security, contacted the Cisco Product Security Incident Response Team (PSIRT) to report the following issues that they found in firmware images for Cisco Small Business 250 Series Switches: Certificates and keys issued to Futurewei Technologies Empty password hashes Unneeded software packages Multiple vulnerabil … - Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability 16 octobre 2019
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message p … - Cisco Wireless LAN Controller Secure Shell Denial of Service Vulnerability 16 octobre 2019
A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when an SSH connection to the device is disconnected. An attacker could exploit this vulnerabili … - Cisco Wireless LAN Controller Path Traversal Vulnerability 16 octobre 2019
A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path … - Cisco Expressway Series and TelePresence Video Communication Server Cross-Site Scripting Vulnerability 16 octobre 2019
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the …
Google Online Security Blog