Saturday , February 22 2025
Fortinet

Fortinet Releases Security Updates for Multiple Products

Fortinet has released security updates for various products, including OS and FortiProxy, to fix vulnerabilities that could allow a cyber threat actor to take control of a system.

CISA encourages users and administrators to take the following steps for enhanced security:

B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum

On February 19, 2025, the illegal marketplace B1ack's Stash released over 1 million unique stolen credit and debit card details...
Read More
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum

Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks

Cisco Talos reported that  Salt Typhoon, also known as FamousSparrow and GhostEmperor, has been spying on U.S. telecommunication providers using...
Read More
Cisco Confirms  Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks

AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets

A free tool is now available to scan public GitHub repositories for exposed AWS credentials. Security engineer Anmol Singh Yadav created...
Read More
AWS Key Hunter  Test this free automated tool to hunt for exposed AWS secrets

Check Point Flaw Used to Deploy ShadowPad and Ransomware

An unknown threat cluster has targeted European healthcare organizations, deploying PlugX and ShadowPad. In some cases, these intrusions resulted in...
Read More
Check Point Flaw Used to Deploy ShadowPad and Ransomware

CVE-2024-12284
Citrix Issues Security Update for NetScaler Console

Citrix has issued security updates for a serious vulnerability in the NetScaler Console and NetScaler Agent that could allow privilege...
Read More
CVE-2024-12284  Citrix Issues Security Update for NetScaler Console

CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries

The FBI and CISA reported on Wednesday that the ransomware group Ghost has been exploiting software and firmware vulnerabilities as...
Read More
CISA and FBI ALERT  Ghost ransomware to breach organizations in 70 countries

Hacker chains multiple vulns to attack Palo Alto Firewall

Palo Alto Networks has issued urgent warnings about threat actors to exploit vulnerabilities in PAN-OS, the operating system powering its...
Read More
Hacker chains multiple vulns to attack Palo Alto Firewall

150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

Indian government and educational websites, along with reputable financial brands, have experienced SEO poisoning, causing user traffic to be redirected...
Read More
150 Gov.t Portal affected  Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

The Cyber Threat Intelligence Unit of BGD e-GOV CIRT has found 600 vulnerable PRTG instances in Bangladesh, affected by the...
Read More
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru

Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages to the tune of Rs...
Read More
Builder claims Rs 150 cr for data loss;  AWS faces FIR In Bengaluru

FR-IR-23-345 FortiClientMac – Lack of configuration file validation:

An external control of file name or path vulnerability [CWE-73] in FortiClientMac’s installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

            Source: FortiGuard

FG-IR-23-493 FortiOS & FortiProxy – Administrator cookie leakage

FG-IR-23-087 FortiClient Linux – Remote Code Execution due to dangerous nodejs configuration:

An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] in FortiClientLinux may allow
an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.

     Source: FortiGuard

 

 

Check Also

Zuckerberg

Everything I Say Leaks,’ Zuckerberg Says in Leaked Meeting Audio

At an all-hands meeting at Meta on Thursday, Mark Zuckerberg did not mention the company’s …

Leave a Reply

Your email address will not be published. Required fields are marked *