fortinet (8)

13253946668?profile=RESIZE_400xWhile threat actors continue to rely on many “classic” tactics that have existed for decades, our threat predictions for the coming year largely focus on cybercriminals embracing bigger, bolder, and, from their perspectives, better attacks.  From Cybercrime-as-a-Service (CaaS) groups becoming more specialized to adversaries using sophisticated playbooks that combine both digital and physical threats, cybercriminals are upping the ante to execute more targeted and harmful attacks.

In its 2025 thr

 12665919293?profile=RESIZE_400xThe single-vendor SASE market is immature and dynamic but developing rapidly. I&O leaders responsible for networking should work with their security colleagues when selecting SASE vendors and use this research to cut through marketing hype to determine which vendors best suit their needs.

Strategic Planning Assumptions - By 2025, there will be over a 50% increase in vendors with generally available single-vendor SASE offerings compared to mid-2023.  By 2026, 60% of new SD-WAN purchases will be

12403501258?profile=RESIZE_400xOur friends at Fortinet, https://www.fortinet.com has patched a critical Remote Code Execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) for managing endpoint devices.  The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage component of the server.  It gives unauthenticated attackers a way to execute arbitrary code and commands with system admin privileges on affected systems, using specially crafted requests.[1]

For

11493412088?profile=RESIZE_400xThe human element is near and dear to my heart in the world of Cyber Security.  As cyberattacks intensify, more and more organizations recognize the need to have a strong security culture for all employees.  This cyber-aware workforce is a necessary addition to a skilled and knowledgeable security team and the use of advanced cybersecurity solutions.  Employees who know how to practice good cyber hygiene are increasingly seen as a crucial line of defense.

Bolstering cyber defenses will be import

10944149069?profile=RESIZE_180x180The FortiGuard Labs team has discovered a new 0-day attack embedded in three PyPI packages (Python Package Index) called ‘colorslib’, ‘httpslib’, and “libhttps”.  These were found on 10 January 2023, by monitoring an open-source ecosystem.  The Python packages “colorslib” and “httpslib” were published on 7 January 2023, and “libhttps” was published on 12 January 2023.  All three were published by the same author, ‘Lolip0p’, as shown in the official PyPI repository.  ‘Lolip0p’ joined the reposito

10909509287?profile=RESIZE_400xRed Sky Alliance utilizes Fortinet collections, analysis, and support; this is important.  A vulnerability has been recently discovered in Fortinet's FortiOS, which could allow for arbitrary code execution.  FortiOS is the Fortinet’s proprietary operation system which is utilized across multiple product lines.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Users whose acc

10844544093?profile=RESIZE_400xA vulnerability has been discovered in FortiOS, FortiProxy and FortiSwitchManager, which could allow for authentication bypass on administrative interface.  FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. operation systemsFortiProxy is a secure web proxy that protects employees against internet-borne attacks by incorporating multiple detection techniques.  FortiSwitch Manager is an on-premise management platform for the FortiSwitch product.

7517751492?profile=RESIZE_400xNew samples of the Ekans ransomware have revealed how today's cyber attackers are using a variety of methods to compromise key industrial companies.  Researchers from our friends at FortiGuard Labs have uncovered two samples of the Ekans ransomware strain that offer some additional insight into how the crypto-locking malware targets industrial control systems.[1] 

Ekans, which is also referred to as Snake[2], was first identified in February 2020 and early reports indicated that it had been desi