Fortinet Warns of Critical FortiOS SSL VPN Vulnerability Under Active Exploitation
Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild
Stay updated on the latest in information security flaws. Explore news, insights, and analysis on vulnerabilities affecting digital safety.
Search across headline titles and summaries.
Background for this topic.
A flaw is a defect in software, hardware, system design, or configuration that causes unintended behavior. In security reporting, the term usually means a weakness that could violate confidentiality, integrity, or availability when reached through a particular interface, input, privilege, or operating condition. Not every flaw is exploitable, and exploitability depends on factors such as exposure, authentication requirements, affected versions, and available mitigations.
Flaws matter because they can create attack paths in applications, operating systems, devices, APIs, or administrative settings. Security teams assess their severity and exposure, prioritize remediation, apply patches or configuration changes, and use isolation or access controls when immediate fixes are unavailable. Code review, testing, vulnerability scanning, and monitoring can reveal flaws across the development and operational lifecycle. Reports should distinguish a confirmed vulnerability from a theoretical defect and provide enough technical detail to support validation without unnecessarily enabling exploitation.
Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild
Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. [...]
Also: A Widespread Linux Bootloader VulnerabilityThis week, the U.S. banned AI robocalls, researchers discovered a Linux bootloader flaw, France investigated health sector hackings, the feds offered money for Hive information, Verizon disclosed an insider breach, Germany opened a cybersecurity center, and cyberattack victims reported high costs.
The flaw allows the installation of malware that operates at the firmware level
Security is a process, not a product. Nor a language Memory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they're not necessarily associated with the majority of vulnerabilities that actually get exploited.…
Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices
Plaintiffs Alleged Google Sought to Cover Up API Flaw That Exposed Private DataSilicon Valley giant Google agreed to settle for $350 million a shareholder lawsuit alleging it mislead investors by attempting to cover up a privacy flaw in now-defunct social network Google+ that resulted in outside applications having access to private profile information.
Tracked as CVE-2024-23917, the flaw carries a CVSS rating of 9.8
A critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms. [...]
The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances
Cloud version is safe, but no assurances offered about possible on-prem exploits JetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool.…
Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices
JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors to take over susceptible instances
Mispadu Trojan Is Compromising Windows Security, Posing Threat to Banking SystemsThe novel variant of the banking Trojan Mispadu is targeting Latin American countries, especially Mexico, by exploiting a flaw in Windows SmartScreen. In this latest distribution method, the attackers send spam emails that deliver deceptive URL files that circumvent the SmartScreen banner warning.
Full 10s on the CVSS vulnerability severity scale have been assigned to two flaws discovered in Fortinet's FortiSIEM cybersecurity operations platform.
Three new security vulnerabilities have been discovered in Azure HDInsight's Apache Hadoop, Kafka, and Spark services that could be exploited to achieve privilege escalation and a regular expression denial-of-service (ReDoS) condition
A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation
At this point you might be better just shutting the stuff down All manner of miscreants are piling onto the latest Ivanti flaw, a server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893, according to threat hunters tracking the string of CVEs that have been plaguing the software shop's gateways over recent weeks.…
The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico