Critical FortiOS – FG-IR-23-097: Fortinet released security updates to address a heap-based buffer overflow vulnerability [CVE-2023-27997] in FortiOS. An attacker could exploit this vulnerability to take control of an affected system. Hackers are actively exploiting the latest Fortinet’s FortiOS and FortiProxy flaw, targeting government, manufacturing, and critical infrastructure sectors. Take immediate action and update to …
Category: CERT
Mar 08
High Veeam Backup & Replication Vulnerability – CVE-2023-27532
Today, Veeam has released patches for Veeam Backup & Replication v11 and v12. A critical vulnerability (CVSSv3 7.5 – CVE-2023-27532) has been fixed and you should apply the patch as soon as possible. Unauthorized users may be able to request encrypted credentials from the Veeam Backup service, and therefore get access to the backup infrastructure. …
Mar 07
Critical FortiOS and FortiProxy Vulnerability – FG-IR-23-001
Critical FortiOS and FortiProxy Vulnerability – FG-IR-23-001: Fortinet has just announced a critical vulnerability in all versions. A buffer underwrite (‘buffer underflow’) vulnerability in FortiOS & FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests. The impact …
Dec 12
Critical Fortigate VPN SSL Vulnerability – CVE-2022-42475
Updated on Tuesday 13, December – Affected versions. Critical VPN SSL Vulnerability (FortiOS): Fortinet has just announced a critical vulnerability in all versions. Vulnerabilities that can be easily exploited remotely to compromise firewall or where remote code execution is considered likely in common situations. Manipulate the dynamic resources of some processes, the goal is to …
Dec 06
The core function of a SOC
The core function of a SOC (Security Operations Center) is to investigate, monitor, prevent, and respond to threats. SOC teams benefit from using a single platform with integrated yet disparate technologies for a full-picture view that is continually updated with emerging threat intelligence. This unified perspective simplifies security monitoring, supports incident response workflows, and provides …
- 1
- 2