Written by Rafael Silva08/10/2022

CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies

CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies https://ift.tt/8gwmkzs Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On October 3, 2022, Fortinet released a software update that indicates then-current versions of their FortiOS (firewall) and FortiProxy (web proxy) software are vulnerable to CVE-2022-40684, […]

Written by Rafael Silva02/10/2022

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 https://ift.tt/jeBcMH5 October 1, 2022 update – Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. We also removed a section on MFA as a mitigation, which was included in a prior version of this blog as standard guidance. Microsoft […]

Written by Rafael Silva30/09/2022

Microsoft Exchange 0-Day Vulnerability Updates

Microsoft Exchange 0-Day Vulnerability Updates https://ift.tt/7ZkdUye On 28th September, 2022, the cybersecurity company GTSC released a blog detailing an exploit attempt on a system they were monitoring. After analysis, they were able to locate and submit two bugs to Microsoft via the Zero Day Initiative (ZDI-CAN-18333 (CVSS 8.8) and ZDI-CAN-18802 (CVSS 6.3)). Microsoft validated the […]

Written by Rafael Silva22/09/2022

How to Protect Against Social Engineering Fraud

How to Protect Against Social Engineering Fraud https://ift.tt/s6HLECR Cyber adversaries maximize every opportunity they can get. They prey on vulnerabilities, security gaps, but also human nature. In fact, there is one risk that cannot be “patched” easily and that is the human factor. It remains a key concern in breaches and cyber attacks. Basic cyber […]

Written by Rafael Silva27/08/2022

Azure PaaS Database Root CA Certificate Changes

Azure PaaS Database Root CA Certificate Changes https://ift.tt/vnPUQAd Introduction Transport Layer Security (TLS) provides server authentication and channel defenses (encryption and integrity verification) for communication between two applications such as a web browser and a web server. Optionally, TLS can provide client authentication, too. Most TLS connections today use X.509 certificates, and core to certificates […]

Written by Rafael Silva26/08/2022

FortiOS, FortiProxy, FortiADC and FortiMail – Format string vulnerability in command line interpreter

FortiOS, FortiProxy, FortiADC and FortiMail – Format string vulnerability in command line interpreter https://ift.tt/dJNCzcK FortiOS, FortiProxy, FortiADC and FortiMail – Format string vulnerability in command line interpreter Summary A format string vulnerability [CWE-134] in the command line interpreter of FortiOS, FortiProxy, FortiADC, and FortiMail may allow an authenticated user to execute unauthorized code or commands […]

Written by Rafael Silva23/08/2022

Zero Trust Architecture: Adoption, Benefits, and Best Practices

Zero Trust Architecture: Adoption, Benefits, and Best Practices https://ift.tt/QJR4nu3 What is Zero Trust security, and what are the benefits? Here’s how to prevent data breaches by staying on top of security with Zero Trust architecture. By Harish Akali, Chief Technology Officer, ColorTokens ‘Trust Nothing, Verify Everything’: Benefits and Best Practices of Zero Trust Architecture […]

Written by Rafael Silva18/08/2022

Don’t let Janet Jackson’s ‘Rhythm Nation’ crash your old laptop

Don’t let Janet Jackson’s ‘Rhythm Nation’ crash your old laptop https://ift.tt/dZlqOKT Getty Images/iStockphoto Playing Janet Jackson’s ‘Rhythm Nation’ on some older laptops causes them to crash. Microsoft veteran Raymond Chen explains why. According to Chen, a “major computer manufacturer” at some point in the 2000s discovered that Rhythm Nation, a Jackson hit released in 1989, […]

Written by Rafael Silva27/07/2022

How SMBs are evolving their cybersecurity operations practices

How SMBs are evolving their cybersecurity operations practices https://ift.tt/JB8VgMz While 81% of SMBs are monitored by a security operations center (SOC), 57% do not operate 24 hours a day, 7 days a week. Considering that 69% of SMBs feel they are facing critical and expanding cybersecurity threats and 75% say cyberattacks have increased in the […]

Written by Rafael Silva25/07/2022

Monitoring the impact of security solutions on user experiences is critical

Monitoring the impact of security solutions on user experiences is critical https://ift.tt/pmDvL13 Modern organizations are challenged by conflicting demands to secure the enterprise while delivering excellent end-user experiences, according to Broadcom Software. The survey found more than half of respondents prioritize security over the end-user experience, often at the expense of productivity and customer satisfaction. […]

Stack IT News

Collecting news

Tag: Security