Fortinet
- Securing the Industrial Internet of Things in OT Networks 18 décembre 2018
In many organizations, traditional IT and critical Operational Technology (OT) networks are being merged to take advantage of the speed and efficiency of today’s digital marketplace. - Common SD-WAN Security Mistakes 17 décembre 2018
SD-WAN is quickly becoming an essential component of any network transformation effort, allowing organizations to compete more quickly and efficiently in today’s digital marketplace. - A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587 16 décembre 2018
This blog is a detailed analysis of a Heap Corruption vulnerability in Office Outlook assigned the vulnerability identifier CVE-2018-8587. - What Holiday Shopping Reminded Me About Email Security 14 décembre 2018
This week, SE Labs released results for its new 2018 Email Security Services group test and Fortinet’s FortiMail Secure Email Gateway solution was given a top AAA rating. - A Look into XPC Internals: Reverse Engineering the XPC Objects 14 décembre 2018
We have recently been engaged in deep security research on macOS for FortiGuard Labs focused on the discovery and analysis of IPC vulnerabilities. In this blog, we uncover the XPC internals data types to help researchers not only quickly analyze the root causes of XPC vulnerabilities, but to also assist with deep analysis of exploits targeted at those vulnerabilities. … - Preparing for Tomorrow's Threats 13 décembre 2018
Organizations can start today to protect against 2019’s threats. Look out for crooks using AI « fuzzing » techniques, machine learning, and swarms. - Fortinet and Symantec Join Forces to Help Organizations Move their Security to the Cloud 11 décembre 2018
Bringing two global industry leaders together to provide enterprise-class capabilities across cloud, network, and endpoint security is a remarkable event and reflects a deep commitment to the security of our mutual customers. - The Shifting AI-Driven Threat Landscape 11 décembre 2018
As the modern threat landscape continues to expand, adding artificial intelligence (AI) to a security strategy has become paramount to establishing and maintaining an effective security posture. - More Encrypted Traffic Than Ever 10 décembre 2018
Over 72% of all network traffic is encrypted, and that figure is expected to grow. Very few security devices can inspect encrypted data without severely impacting network performance. - The Weaponization of PUAs 6 décembre 2018
In this FortiGuard Labs article we will define what a PUA is, describe its inherent risks, and how malware makes use of them by showcasing a malware sample.
Aruba
- ClearPass Policy Manager Multiple Vulnerabilities 7 novembre 2018
Aruba has released an update to ClearPass Policy Manager that addresses multiple security vulnerabilities.
- Aruba BLE Radio Firmware Vulnerability 18 octobre 2018
A vulnerability exists in the firmware of embedded BLE radios that are part of all Aruba AP-3xx series access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP’s BLE radio and could then gain access to the AP’s console port. Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986 … - Apache Struts Vulnerability in ClearPass Policy Manager 24 août 2018
The Apache Struts group announced Struts version 2.3.35 on August 22, 2018.
Included in this update is a fix for one security vulnerability. Aruba ClearPass includes Apache Struts 2.3.34, but in a non-vulnerable configuration. - Linux Kernel Vulnerabilities in ClearPass and AirWave 24 août 2018
Two Linux kernel vulnerabilities, known as “SegmentSmack” and “FragmentSmack”, have been publicly disclosed. The Linux kernel used by Aruba ClearPass Policy Manager and Aruba AirWave is affected. Other Aruba products are not affected.
- Return Of Bleichenbacher’s Oracle Threat (ROBOT) 28 mars 2018
The cryptography library used by Aruba Instant provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker may be able to recover private keys for X.509 certificates. This vulnerability is
referred to as “ROBOT.” - ClearPass Policy Manager Multiple Vulnerabilities 21 mars 2018
Aruba has released an update to ClearPass Policy Manager that addresses four security vulnerabilities.
- Unauthorized Memory Disclosure through CPU Side-Channel Attacks (“Meltdown” and “Spectre”) 4 janvier 2018
- WPA2 Key Reinstallation Vulnerabilities (CVE-2017-13077) 16 octobre 2017
- ArubaOS Multiple Vulnerabilities 11 octobre 2017
- Multiple Vulnerabilities in ‘dnsmasq’ 11 octobre 2017
Cisco
- Texas Instruments Bluetooth Low Energy Denial of Service and Remote Code Execution Vulnerability 14 décembre 2018
On November 1st, 2018, Armis announced the presence of a Remote Code Execution (RCE) or Denial of Service (DoS) vulnerability in the Bluetooth Low Energy (BLE) Stack on Texas Instruments (TI) chips CC2640 and CC2650. This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID of CVE-2018-16986. The vulnerability is due to a memory corruption condition that may occur when … - Cisco Prime License Manager SQL Injection Vulnerability 11 décembre 2018
Update (2018-December-10): Installing the ciscocm.CSCvk30822_v1.0.k3.cop.sgn patch may cause functional issues. Workarounds are available for some of these issues. Rolling back this patch as described in the Fixed Releases section will correct these functional issues, but the device will be affected by this vulnerability again when the patch is not in place. See the Fixed Releases section for … - Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018 5 décembre 2018
On November 5, 2018, the Apache Struts Team released a security announcement urging an upgrade of the Commons FileUpload library to version 1.3.3 on systems using Struts 2.3.36 or earlier releases. Systems using earlier versions of this library may be exposed to attacks that could allow execution of arbitrary code or modifications of files on the system. The issue is caused by a previously reporte … - Cisco Energy Management Suite Default PostgreSQL Password Vulnerability 4 décembre 2018
A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default access credentials. An attacker could exploit this vulnerability by logging in to the machine where CE … - Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability 27 novembre 2018
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the … - Cisco TelePresence Video Communication Server Test Validation Script Issue 21 novembre 2018
A failure in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently allowed a set of sample, dormant exploit code used internally by Cisco in validation scripts to be included in shipping software images. This includes an exploit for the Dirty CoW vulnerability (CVE-2016 … - Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability 17 novembre 2018
A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An a … - Cisco Small Business Switches Privileged Access Vulnerability 13 novembre 2018
A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using th … - Cisco Stealthwatch Management Console Authentication Bypass Vulnerability 9 novembre 2018
A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the t … - Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability 7 novembre 2018
A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the aff …
Google Online Security Blog