Fortinet
- 6 août 2020Ushering the Era of Hyperscale Security – The New FortiGate 4400F
Today Fortinet announced the first hyperscale firewall, the FortiGate 4400F, capable of securing hyperscale data centers and 5G networks. Learn more. … - 6 août 2020Secure SD-WAN Addresses Manufacturing and Services Organization's Security Challenges
Discover how this multinational manufacturing and services organization secures its entire infrastructure and ensures continued connectivity with Fortinet Secure SD-WAN. … - 5 août 2020Securing the 5G-Enabled Future
Fortinet’s Ronen Shpirer and Alain Sanchez discuss some of the security requirements of the 5G future. Learn more about securing 5G. … - 4 août 2020Keeping Up With the Performance Demands of Encrypted Web Traffic
The total percentage of encrypted web traffic is up in recent years. Learn more about how this could be a hidden opportunity for cybercriminals and how to keep up with the demands of encrypted traffic. … - 3 août 2020Selecting a Secure SD-WAN Solution That Addresses All Key Requirements
Organizations are turning to SD-WAN solutions to ensure fast, scalable, and flexible connectivity across the corporate network. Learn how organizations can enable digital innovation with the right Secure SD-WAN solution. … - 31 juillet 2020Tutorial of ARM Stack Overflow Exploit against SETUID Root Program
FortiGuard labs presents another technique on how to exploit a classic buffer overflow vulnerability against a SETUID root program when ASLR is enabled. Learn more on how to use data from a local file, instead of stdin, to cause a stack overflow. … - 31 juillet 2020Offense and Defense – A Tale of Two Sides: Group Policy and Logon Scripts
Learn about the 4th installment in this blog series, focusing on different tactics and techniques malicious actors use to complete their cyber missions—and how organizations can detect and ultimately prevent them. … - 30 juillet 2020Automotive Company Selects Fortinet to Provide Robust Security and Connectivity
Learn how this automotive company leverages Fortinet’s Security Fabric platform and Secure SD-WAN solution to meet evolving business requirements and achieve their digital innovation goals. … - 29 juillet 2020Prioritize Cybersecurity Awareness in Reopening Plans
As restaurants around the country start to reopen, there are many cybersecurity lessons to be learned from recent months during transition. Read more. … - 28 juillet 2020Themes and Lessons Learned from COVID-19 Cyberattacks
Throughout the pandemic, threat actors have continued to launch cyberattacks as a means of capitalizing on fear, uncertainty, and doubt. Learn more. …
Aruba
- 14 avril 2020ClearPass Policy Manager Multiple Vulnerabilities
- 28 février 2020WPA and WPA2 Disassociation Vulnerability (“Kr00k”)
- 25 février 2020AirWave Management Platform Multiple Vulnerabilities
- 11 février 2020Information Disclosure in Web Management Interface for Aruba Intelligent Edge Switches
- 25 juin 2019Aruba Impact for CPU Side-Channel Attacks
- 16 avril 2019WPA3 Multiple Vulnerabilities
On April 10, 2019 a research paper by Mathy Vanhoef and Eyal Ronen was released documenting a series of potential vulnerabilities in implementations of WPA3 and EAP-pwd (RFC 5931). Details on EAP-pwd vulnerabilities have not yet been released. This advisory covers only WPA3 vulnerabilities.
- 27 février 2019Aruba Instant Multiple Vulnerabilities
Aruba has released updates to Aruba Instant (IAP) that address multiple serious vulnerabilities. The most significant vulnerability is rated CRITICAL with a CVSS score of 9.8.
Cisco
- 5 août 2020Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the appl … - 5 août 2020Cisco Webex Meetings Scheduled Meeting Template Deletion Vulnerability
A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for requests to delete scheduled meeting templates. An attacker could exploit this vulnerability by sending a … - 5 août 2020Cisco Webex Meetings Scheduled Meeting Template Creation Vulnerability
A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for the creation of scheduled meeting templates. An attacker could exploit this vulnerability by sending … - 5 août 2020Cisco Webex Meetings Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker … - 5 août 2020Cisco Webex Meetings User Email Address Information Disclosure Vulnerability
A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex M … - 5 août 2020Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a … - 5 août 2020Cisco UCS Director Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate input. An attacker could exploit this vulnerability by inserting m … - 5 août 2020Cisco Small Business Smart and Managed Switches Denial of Service Vulnerability
A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected devi … - 5 août 2020Cisco Identity Services Engine Password Disclosure Vulnerability
A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin portal. An attacker with read or write access to the Admin portal could exploit t … - 5 août 2020Cisco Email Security Appliance and Cisco Content Security Management Appliance Information Disclosure Vulnerability
A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive verbosity in certain log subscriptions. An attacker could exploit this vulnerability …
Google Online Security Blog