New Fortinet RCE bug is actively exploited, CISA confirms
CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday. [...]
Patch management fixes known software flaws before attackers exploit them, reducing intrusion risk; prioritize critical systems and verify deployment.
Search across headline titles and summaries.
Background for this topic.
Patch is a software, firmware, or configuration update that fixes a defect, including a vulnerability an attacker could use to gain access, execute code, escalate privileges, or expose data. Patching reduces the exploitable attack surface across operating systems, applications, network devices, and embedded systems; it does not remove risk from unsupported or misconfigured assets, and updates can sometimes introduce compatibility or availability problems.
Effective patch management starts with an accurate inventory and vulnerability assessment, then prioritizes internet-facing systems, high-impact assets, and flaws known to be exploited. Organizations should test updates where practical, deploy them within defined time limits, verify installation, and retain rollback or compensating controls when immediate patching is unsafe. Monitoring vendor advisories and threat intelligence can identify urgent fixes, while documenting exceptions and coverage supports vulnerability management and audit requirements.
CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday. [...]
Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest security patches. However, in practice, developers often face a large amount of security work without
Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. [...]
The flaw allows the installation of malware that operates at the firmware level
Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices
Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution. [...]
Officials Say Hackers Are Evading Detection on Critical Infrastructure NetworksThe U.S. Cybersecurity and Infrastructure Security Agency urged critical infrastructure owners to patch systems after publishing a warning that Chinese hackers are evading detection and maintaining persistent unauthorized access in U.S. information technology environments.
Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks. [...]
Cyberattackers can exploit a vulnerability in JetBrain's continuous integration and delivery (CI/CD) server (a popular APT target) to gain administrative control.
Tracked as CVE-2024-23917, the flaw carries a CVSS rating of 9.8
JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors to take over susceptible instances
Mispadu Trojan Is Compromising Windows Security, Posing Threat to Banking SystemsThe novel variant of the banking Trojan Mispadu is targeting Latin American countries, especially Mexico, by exploiting a flaw in Windows SmartScreen. In this latest distribution method, the attackers send spam emails that deliver deceptive URL files that circumvent the SmartScreen banner warning.
JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. [...]
Microsoft is investigating an issue that triggers Outlook security alerts when trying to open .ICS calendar files after installing December 2023 Patch Tuesday Office security updates. [...]
The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico