Fortinet Products Are in the Crosshairs Again
The company disclosed a critical FortiSIEM flaw with a PoC exploit for it the same week researchers warned of an ominous surge in malicious traffic targeting the vendor's SSL VPNs.
Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.
Search across headline titles and summaries.
Background for this topic.
Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.
Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.
The company disclosed a critical FortiSIEM flaw with a PoC exploit for it the same week researchers warned of an ominous surge in malicious traffic targeting the vendor's SSL VPNs.
OpenAI, Anthropic Launch $1 Year-Long Offerings as Critics Warn of Vendor Lock-InLeading artificial intelligence firms are racing to introduce services to federal agencies with ultra low-cost first-year contracts, despite warnings that the bids may lead to vendor lock-in, compliance risks and future challenges adopting emerging technology offerings from competitors.
At Least 918K Affected in 2024 BianLian Data Theft AttackA New York-based pediatric practice and its managed services vendor have agreed to pay $5.15 million to settle a proposed class action lawsuit stemming from a 2024 data theft attack affecting more than 918,000 people and allegedly carried out by cybercrime gang BianLian.