Fortinet
- 15 juin 2021NSE Training Institute’s Security Academy and Veterans Programs Support Local Community
Fortinet is committed to building an inclusive and diverse workplace that empowers individuals to reach their full potential. Learn how the Fortinet NSE Training Institute and Training Advancement Agenda (TAA) helps provide individuals more career opportunities. … - 14 juin 2021Navigating the Threat Landscape As Social Engineering Lures Change
FortiGuard Labs’ Derek Manky and Aamir Lakhani share their perspective on how COVID-19 social engineering lures have progressed through the pandemic until now and how organizations can ensure a smooth transition to hybrid work. Learn more. … - 11 juin 2021New Report on the State of Operational Technology and Cybersecurity
Increased digital connectivity of IT and OT network infrastructure continues to create risk for CISOs combined with an evolving threat landscape. Read the Fortinet 2021 State of Operational Technology and Cybersecurity Report to gain more insight. … - 10 juin 2021FortiPenTest Exploit Engine – A New Security Arsenal for your Network Application Assessment
FortiPenTest leverages a variety of technologies to test target systems for security vulnerabilities. Learn how FortiPenTest simulates real-world attacks, and gives developers and security teams more insights into how a typical attack scenario might be carried out by adversaries. … - 9 juin 2021Cloud Security 2021: Latest Trends and Insights
With securing the cloud top of mind for security leaders, Fortinet and Cybersecurity Insiders decided to ask cybersecurity professionals in industries around the world for their insights and challenges. Read the 2021 Cloud Security Report. … - 7 juin 2021The Network is Transforming and So Should Visibility and Control
Fortinet introduces two new offerings to accelerate AIOps Network Operations: FortiMonitor and FortiAIOps. Learn how to simplify and automate network operations with Fortinet AIOps Network Operations. … - 7 juin 2021Examining Top IoT Security Threats and Attack Vectors
New connectivity as part of digital transformation has made IoT devices a prime target for cyber criminals. Learn more about IoT attacks and how to secure against them. … - 4 juin 2021Phishing Malware Hijacks Bitcoin Addresses and Delivers New Agent Tesla Variant
FortiGuard Labs recently captured a new phishing campaign in which a MS Excel document attached to a spam email downloaded and executed several pieces of VBscript code. Used to hijack bitcoin address info, this malware delivers a new variant of Agent Tesla onto the victim’s device. Learn more. … - 3 juin 2021Commemorating 50 Years of Email and How to Keep Your Email Secure
The inception of email kickstarted an unprecedented expansion of communications across the globe and 2021 marks its 50th anniversary. Learn more about the evolution of email and how Fortinet’s FortiMail helps organizations guard against email-based cyberthreats. … - 3 juin 2021Security Is Key for the Success of 5G
The benefits of 5G far outweigh its potential risks—but only when security is an integrated part of the process and solution. Learn how organizations can confidently distribute 5G services from the core of their network out to its furthest reaches, while developing and deploying critical digital innovation. …
Aruba
- 11 mai 2021802.11 Frame Aggregation and Fragmentation Vulnerabilities
Twelve new vulnerabilities related to different components in the implementation of the 802.11 standard have been published. Successful exploitation of each one of these vulnerabilities can result in sensitive data disclosure and possibly traffic manipulation.The post 802.11 Frame Aggregation and Fragmentation Vulnerabilities first appeared on Aruba. … - 20 avril 2021AirWave Management Platform Multiple Vulnerabilities
Aruba has released updates to the AirWave Management Platform that address multiple security vulnerabilities.
The post AirWave Management Platform Multiple Vulnerabilities first appeared on Aruba. - 20 avril 2021ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
The post ClearPass Policy Manager Multiple Vulnerabilities first appeared on Aruba. - 9 mars 2021SAD DNS side channel attack
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. This vulnerability is present in some Aruba products which are listed below. For more information please see https://www.saddns.net/.The post SAD DNS side channel attack first appeared on Aruba. … - 9 mars 2021Aruba Instant (IAP) Multiple Vulnerabilities
Aruba has released patches for Aruba Instant that address multiple security vulnerabilities.
The post Aruba Instant (IAP) Multiple Vulnerabilities first appeared on Aruba. - 23 février 2021Multiple Vulnerabilities in dnsmasq
Seven new vulnerabilities were reported in the open-source component dnsmasq. This collection of vulnerabilities has been made public under the name DNSpooq.
The post Multiple Vulnerabilities in dnsmasq first appeared on Aruba. - 23 février 2021AirWave Management Platform Multiple Vulnerabilities
Aruba has released updates to the AirWave Management Platform that address multiple security vulnerabilities.
The post AirWave Management Platform Multiple Vulnerabilities first appeared on Aruba. - 16 février 2021ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
The post ClearPass Policy Manager Multiple Vulnerabilities first appeared on Aruba. - 5 février 2021HPE and Aruba L2/L3 Switches, Remote Memory Corruption
A potential security vulnerability has been identified in certain HPE and Aruba L2/L3 switches. The vulnerability could be remotely exploited to cause memory corruption.The post HPE and Aruba L2/L3 Switches, Remote Memory Corruption first appeared on Aruba. … - 5 février 2021HPE and Aruba L2/L3 Switches, Local Denial of Service (DoS)
A security vulnerability has been identified in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch’s management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itse …
Cisco
- 9 juin 2021Cisco Finesse and Cisco Virtualized Voice Browser OpenSocial Gadget Editor Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Finesse and Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and obtain potentially confidential information by leveraging a flaw in the authentication mechanism. For more information about these vulnerabilities, see the Details section of … - 9 juin 2021Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021
On June 1, 2021, Lasso disclosed a security vulnerability in the Lasso Security Assertion Markup Language (SAML) Single Sign-On (SSO) library. This vulnerability could allow an authenticated attacker to impersonate another authorized user when interacting with an application. For a description of this vulnerability, see lasso.git NEWS. This advisory will be updated as additional information become … - 8 juin 2021Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability
A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker cou … - 2 juin 2021Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
On May 11, 2021, the research paper Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation was made public. This paper discusses 12 vulnerabilities in the 802.11 standard. One vulnerability is in the frame aggregation functionality, two vulnerabilities are in the frame fragmentation functionality, and the other nine are implementation vulnerabilities. These vulnerabili … - 2 juin 2021Cisco Common Services Platform Collector Command Injection Vulnerability
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC con … - 2 juin 2021Cisco Webex Meetings and Webex Meetings Server File Redirect Vulnerability
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability by persuading a user to follow a specially crafted URL that is designed to cause Cisco We … - 2 juin 2021Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could expl … - 2 juin 2021Cisco Webex Player Memory Corruption Vulnerability
A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of values in Webex recording files that are stored in Webex Recording Format (WRF). An attacker could exploit this vu … - 2 juin 2021Cisco Webex Player Memory Corruption Vulnerability
A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious WRF file through a link or email attachment and persuadin … - 2 juin 2021Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could …
Google Online Security Blog