- Key Findings on the State of Operational Technology and Cybersecurity 24 avril 2019
Hear about key findings from our State of Operational Technology and Cybersecurity Report, learn more about the types of threats facing operational technology, and discover how OT teams can mitigate them.
- Detailed Analysis of macOS Vulnerability CVE-2019-8507 23 avril 2019
On March 25, 2019, Apple released macOS Mojave 10.14.4 and iOS 12.2. These two updates fixed a number of security vulnerabilities, including CVE-2019-8507 in QuartzCore (aka CoreAnimation), which was reported to Apple on January 3, 2019 using our FortiGuard Labs responsible disclosure process. Find out more in this detailed analysis of the macOS vulnerability CVE-2019-8507. …
- Predator the Thief: New Routes of Delivery 18 avril 2019
FortiGuard Labs discovered a running campaign against Russian-speakers using a new version of “Predator the Thief” stealer malware. The same actor was using one set of dummy files to deliver the stealer via different forms of phishing, including Zipped files, fake documents, fake pdfs, and the WinRAR exploit described in CVE-2018-20250. …
- Preparing for the Cy-Phy Future 18 avril 2019
We are entering the era of Cy-Phy — the convergence of cyber space with a plethora of devices and data in our physical spaces. Organizations need to start preparing today by developing security strategies designed around the principles of speed, integration, adaptability, and automation.
- Securing the New Network Edge 18 avril 2019
A single, holistic security strategy comprised of interconnected solutions provides a comprehensive approach that is not only manageable and cost effective, but also fluid enough to adapt as networks undergo constant change.
- Silence Group Playbook 15 avril 2019
Silence Group is a cybercriminal organization that targets banks, specifically stealing information used in the payment card industry. The aim of this playbook is to provide first responders with relevant, up-to-date analysis, samples, and indicators of compromise which should help security professionals better protect their infrastructures. …
- Looking Into Anatova Ransomware 11 avril 2019
Anatova is a fairly new ransomware. It avoids infecting computers that are used in analysis and research labs. It systematically avoids infecting files and folders that are important to the stability of the computer system it is infecting.
- Celebrating Our Partner of the Year Winners at Accelerate 2019 11 avril 2019
Fortinet recognized a few of our most dedicated partners of 2018 at this year’s Accelerate conference.
- Patch Your Adobe Shockwave Player: Fortinet Discovers Seven Zero-Day Remote Code Execution Vulnerabilities 11 avril 2019
Adobe released security bulletin APSB19-20, which patches seven Adobe Shockwave Player vulnerabilities. All of them were discovered by FortiGuard Labs researcher Honggang Ren and reported to Adobe by following Fortinet’s responsible disclosure process.
- LockerGoga: Ransomware Targeting Critical Infrastructure 11 avril 2019
LockerGoga is not at all exceptional in terms of sophistication, especially when compared to other ransomware families. However, it has a unique way of iterating through the files of the victim.
- WPA3 Multiple Vulnerabilities 16 avril 2019
On April 10, 2019 a research paper by Mathy Vanhoef and Eyal Ronen was released documenting a series of potential vulnerabilities in implementations of WPA3 and EAP-pwd (RFC 5931). Details on EAP-pwd vulnerabilities have not yet been released. This advisory covers only WPA3 vulnerabilities.
- Aruba Instant Multiple Vulnerabilities 27 février 2019
Aruba has released updates to Aruba Instant (IAP) that address multiple serious vulnerabilities. The most significant vulnerability is rated CRITICAL with a CVSS score of 9.8.
- ClearPass Policy Manager Multiple Vulnerabilities 7 novembre 2018
Aruba has released an update to ClearPass Policy Manager that addresses multiple security vulnerabilities.
- Aruba BLE Radio Firmware Vulnerability 18 octobre 2018
A vulnerability exists in the firmware of embedded BLE radios that are part of all Aruba AP-3xx series access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP’s BLE radio and could then gain access to the AP’s console port. Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986 …
- Apache Struts Vulnerability in ClearPass Policy Manager 24 août 2018
The Apache Struts group announced Struts version 2.3.35 on August 22, 2018.
Included in this update is a fix for one security vulnerability. Aruba ClearPass includes Apache Struts 2.3.34, but in a non-vulnerable configuration.
- Linux Kernel Vulnerabilities in ClearPass and AirWave 24 août 2018
Two Linux kernel vulnerabilities, known as “SegmentSmack” and “FragmentSmack”, have been publicly disclosed. The Linux kernel used by Aruba ClearPass Policy Manager and Aruba AirWave is affected. Other Aruba products are not affected.
- Return Of Bleichenbacher’s Oracle Threat (ROBOT) 28 mars 2018
The cryptography library used by Aruba Instant provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker may be able to recover private keys for X.509 certificates. This vulnerability is
referred to as “ROBOT.”
- ClearPass Policy Manager Multiple Vulnerabilities 21 mars 2018
Aruba has released an update to ClearPass Policy Manager that addresses four security vulnerabilities.
- Unauthorized Memory Disclosure through CPU Side-Channel Attacks (“Meltdown” and “Spectre”) 4 janvier 2018
- WPA2 Key Reinstallation Vulnerabilities (CVE-2017-13077) 16 octobre 2017
- Cisco Wireless LAN Controller Software GUI Configuration Denial of Service Vulnerabilities 19 avril 2019
Multiple vulnerabilities in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid administra …
- SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software 18 avril 2019
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traf …
- Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability 18 avril 2019
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is du …
- Cisco Aironet Series Access Points Quality of Service Denial of Service Vulnerability 17 avril 2019
A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames by the affected device. An attacker could exploit this vulnerability by sending malformed Wi-Fi …
- Cisco Wireless LAN Controller Secure Shell Unauthorized Access Vulnerability 17 avril 2019
A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input- and validation-checking mechanisms for inbound SSH connections on an affected device. An attacker c …
- Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities 17 avril 2019
Multiple vulnerabilities in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerabilities exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerabilities by sending …
- Cisco Wireless LAN Controller Software Cross-Site Request Forgery Vulnerability 17 avril 2019
A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on the device with the privileges of the user, including modifying the device configuration. The vulnerability is due to insufficient CSRF protections for the we …
- Cisco Wireless LAN Controller Locally Significant Certificate Denial of Service Vulnerability 17 avril 2019
A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to est …
- Cisco Wireless LAN Controller Software Session Hijacking Vulnerability 17 avril 2019
A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not properly clear previously assigned session identifiers for a user session when a user au …
- Cisco Umbrella Cross-Site Scripting Vulnerability 17 avril 2019
A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella. The vulnerability is due to insufficient validation of input parameters passed to that page. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously …
Google Online Security Blog
- Android Security & Privacy Year in Review 2018: Keeping two billion users, and their data, safe and sound
- Android Security Improvement update: Helping developers harden their apps, one thwarted vulnerability at a time