Emerging Threats Vulnerabilities

PoC Exploit Chain for Critical SharePoint Vulns Heightens Attack Risks

Orgs should immediately apply the patches that Microsoft issued for the flaws if they haven’t done so already. Researchers at Singapore-based StarLabs have released details of a chained remote code execution exploit they developed for two critical flaws in Microsoft SharePoint server that they previously discovered and disclosed to the company. Microsoft patched one of […]

Read More
Breaches Emerging Threats Vulnerabilities

More than 29K+ Fortinet systems in US have admin login screen exposed to the Internet—and two other updates on CVE-2022-40684

Here’s the latest on the authentication bypass flaw (CVE-2022-40684) in FortiOS, FortiProxy, and FortiSwitchManager [300 words] As of October 13, 2022, there were 24,924 servers in the US and 196,668 units globally, that exposed the attack surface of the vulnerability— the login screen for Fortinet administrators—to the Internet. The number includes versions of Fortinet technology […]

Read More
Breaches Enterprise Vulnerabilities

Update: Attackers actively exploiting recently disclosed authentication bypass vulnerability in FortiOS, FortiProxy and FortiSwitchManager

Key takeaway:  Adversaries can exploit the vulnerability remotely to gain full control of affected systems [297 words]. What: Attackers have begun actively exploiting a critical authentication bypass vulnerability (CVE-2022-40684) that Fortinet privately disclosed last week in its FortiOS, FortiProxy and FortiSwitchManager technologies.  The vulnerability allows a remote, unauthenticated attacker to gain full administrative control of […]

Read More
Breaches Vulnerabilities

GLPI warns of massive exploit activity targeting one of two critical flaws disclosed in Sept.

Key takeaway: Update now to latest versions of the IT asset management software. If you can’t, implement GLPIs recommended mitigation. Attackers are targeting the flaw to execute arbitrary code on insecure servers [241 words]. What: Organizations using GLPI’s free, open-source asset and IT management software platform should immediately update to versions 9.5.9 or 10.0.3. GLPi […]

Read More