Fortinet
- 26 septembre 20225 Cybersecurity Tips to Keep Your Business Protected
A strong cybersecurity strategy should be top of mind for all organizations as the threat landscape evolves. Consider these 5 cybersecurity tips to keep your business protected. - 23 septembre 2022Key Insights from the Second Annual Fortinet Security Summit
The Fortinet community of elite customers, partners, executives, and global industry experts came together for two days of keynotes, panels and roundtable discussions during the Fortinet Championship Security Summit. Read more. - 23 septembre 2022How to Enable Secure Customer-driven Experiences for the Future
While no one can know exactly what the years ahead hold for the convenience and fuel retailing industry, trends suggest more technology-driven experiences. Read more about enabling secure customer-driven experiences. - 22 septembre 2022Fortinet’s FortiGuard Labs Discovers Multiple dotCMS Vulnerabilities
FortiGuard Labs discovered and reported vulnerabilities in dotCMS versions 22.05 and below. The vendor released security patches that fixed these vulnerabilities. Read for more details. - 21 septembre 2022How to Protect Against Social Engineering Fraud
Human factor remains a key concern in breaches and cyber attacks. Learn how basic cyber hygiene and cybersecurity awareness training can become a critical cyber defense method, especially for fraud based social engineering attacks. - 19 septembre 2022Meeting the “Ministrer”
FortiGuard Labs discovered an unassuming phishing email that attempts to deploy malware. The actions used to execute this strategy are consistent with Konni, a RAT that has been tied to the group APT 37. Read to learn more about this social engineering lure. - 19 septembre 2022Excel Document Delivers Multiple Malware By Exploiting CVE-2017-11882 – Part I
FortiGuard Labs discovered an Excel document with an embedded file name that is randomized, which exploits CVE-2017-11882 to deliver and execute malware on a victim’s device. Read our blog to learn what malware families it can download and what malicious actions it can conduct. - 17 septembre 2022Ransomware Roundup: Ragnar Locker Ransomware
The latest edition of the Ransomware Roundup from FortiGuard Labs covers the Ragnar Locker ransomware. Read to learn more about protections. - 16 septembre 2022FortiGuard Labs Researcher Discovers 12 Zero-Day Vulnerabilities in Adobe InDesign
FortiGuard Labs has discovered and reported several zero-day vulnerabilities in Adobe InDesign to Adobe. On September 13, 2022, Adobe released security patches that fixed these vulnerabilities. Read for more details. - 16 septembre 2022Fortinet Collaborates with AWS to Deliver Low Cost, High Performance NGFW Protection on AWS Graviton Instances
FortiGate-VM Next Generation Firewall (NGFW) now supports AWS Graviton-based EC2 instances. Learn how this new capability provides Fortinet customers with more choice while helping them optimize their investments in AWS cloud.
Aruba
- 7 septembre 2022ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
The post ClearPass Policy Manager Multiple Vulnerabilities first appeared on Aruba. - 30 août 2022AOS-CX Switches Multiple Vulnerabilities
Aruba has released updates for wired switch products running AOS-CX that address multiple security vulnerabilities.
The post AOS-CX Switches Multiple Vulnerabilities first appeared on Aruba. - 26 juillet 2022Vulnerability in Aruba Virtual Intranet Access (VIA)
Aruba has released an update to Aruba Virtual Intranet Access (VIA) that addresses a security vulnerability in the Aruba VIA client for the Microsoft Windows operating system. This vulnerability does not affect Aruba VIA clients for other operating systems.The post Vulnerability in Aruba Virtual Intranet Access (VIA) first appeared on Aruba. … - 21 juillet 2022Multiple Vulnerabilities in Expat XML processing library
Multiple CVEs have been disclosed that involve the faulty handling of XML input by the Expat application and library. These CVEs impact multiple Aruba products.The post Multiple Vulnerabilities in Expat XML processing library first appeared on Aruba. … - 21 juillet 2022Faulty OpenSSL Handling of Certificates Containing Elliptic Curve Public Keys Leading to Denial of Service
A CVE has been disclosed that involves the faulty handling of certain certificates by OpenSSL. This CVE impacts multiple Aruba products.The post Faulty OpenSSL Handling of Certificates Containing Elliptic Curve Public Keys Leading to Denial of Service first appeared on Aruba. … - 21 juin 2022Heap Overflow Vulnerabilities Within ArubaOS-Switch Devices
The Armis Research Team has discovered multiple heap overflow vulnerabilities with various networking vendors. ArubaOS-Switch devices are affected by these vulnerabilities in the affected versions. Exploitation of these vulnerabilities allow for attackers to execute arbitrary code on the affected device.The post Heap Overflow Vulnerabilities Within ArubaOS-Switch Devices first appeared on Aruba. … - 4 mai 2022ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
The post ClearPass Policy Manager Multiple Vulnerabilities first appeared on Aruba. - 6 avril 2022AOS-CX Switches Multiple Vulnerabilities
Aruba has released updates for wired switch products running AOS-CX that address multiple security vulnerabilities.
The post AOS-CX Switches Multiple Vulnerabilities first appeared on Aruba. - 6 avril 2022Multiple CVEs involving Spring Cloud and Spring Framework
Three CVEs have been published about various vulnerabilities discovered in the Spring Framework and Spring Cloud.
The post Multiple CVEs involving Spring Cloud and Spring Framework first appeared on Aruba. - 5 avril 2022Aruba Instant On Switch Denial of Service Vulnerabilities
Aruba has discovered two Denial of Service vulnerabilities in Aruba Instant On 1930 Switches. CVE-2021-41005 requires authentication to be exploited and CVE-2021-41004 can be exploited without supplying any authentication information.The post Aruba Instant On Switch Denial of Service Vulnerabilities first appeared on Aruba. …
Cisco
- 22 septembre 2022Cisco NX-OS Software Border Gateway Protocol Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message … - 22 septembre 2022Cisco Secure Web Appliance Privilege Escalation Vulnerability
A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this … - 14 septembre 2022Cisco IOS XR Software Broadband Network Gateway PPP over Ethernet Denial of Service Vulnerability
A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash. This vulnerability exists because the PPPoE feature does not properly handle an error condition within a specific crafted packet sequence. An attacker could exploit this vulnerability by s … - 14 septembre 2022Cisco IOS XR Software Cisco Discovery Protocol Denial of Service Vulnerability
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer overflow in certain Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malici … - 14 septembre 2022Cisco Network Convergence System 4000 Series TL1 Denial of Service Vulnerability
A vulnerability in the TL1 function of Cisco Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memory leak in the TL1 process. This vulnerability is due to TL1 not freeing memory under some conditions. An attacker could exploit this vulnerability by connecting to the device and issuing TL1 commands after being authenticated. A successful expl … - 9 septembre 2022Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability
A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attac … - 7 septembre 2022Cisco Meraki MR Series Splash Page Insecure Configuration Option
A configuration option for the Splash Page feature (also known as Captive Portal) in Cisco Meraki MR Series devices may allow an administrator to configure an 802.11 WLAN in which traffic policies are not applied to clients that are connecting to the network. The insecure configuration is determined when an administrator configures a WLAN with Splash Page access control and Captive Portal str … - 7 septembre 2022Cisco Webex Meetings App Character Interface Manipulation Vulnerability
A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application int … - 7 septembre 2022Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability
A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by l … - 7 septembre 2022Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products: August 2022
On August 29, 2022, NVIDIA announced the following vulnerability with a medium impact: CVE-2022-28199: Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) – August 2022 For a description of this vulnerability, see Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) – August 2022. This advisory will be updated as additional information becomes available. This advisory is a …
Google Online Security Blog