Day: October 14, 2022

Breaches Vulnerabilities

Zscaler releases technical details—and PoC—for now-patched Windows 0-day

Microsoft has rated the previously exploited CVE-2022-37969 as being of high-severity, so now might be a good time to patch (264 words). What: New technical details and proof-of-concept code have become available on a zero-day bug in the Windows Common Log File System Driver (CLFS.sys) that Microsoft addressed in its September 2022 security update (CVE-2022-37969) […]

Read More
Breaches Emerging Threats Vulnerabilities

More than 29K+ Fortinet systems in US have admin login screen exposed to the Internet—and two other updates on CVE-2022-40684

Here’s the latest on the authentication bypass flaw (CVE-2022-40684) in FortiOS, FortiProxy, and FortiSwitchManager [300 words] As of October 13, 2022, there were 24,924 servers in the US and 196,668 units globally, that exposed the attack surface of the vulnerability— the login screen for Fortinet administrators—to the Internet. The number includes versions of Fortinet technology […]

Read More