Celebrating our Community: Thank You for an Incredible Month
Blogs
Recently active
What is CVE-2024-1708? CVE-2024-1708 is a critical path traversal vulnerability impacting ConnectWise ScreenConnect versions up to 23.9.7. This flaw enables attackers to manipulate file paths, potentially gaining unauthorized access to files or directories located outside the intended restricted directory. Exploitation of this vulnerability could lead to remote code execution or compromise sensitive data and critical systems. The Importance of CVE-2024-1708 Path traversal vulnerabilities pose a significant threat because they allow attackers to navigate beyond the intended directory restrictions within web applications. By exploiting these vulnerabilities, attackers can access sensitive system files that are typically inaccessible through normal application usage. This could result in the disclosure of confidential information, compromise of system integrity, or facilitate subsequent attacks targeting other areas within the network infrastructure. Such exploits
Secure Connectivity for Mobile Fleets: FortiExtender Vehicle 211F By @PatVita | Director of Product Marketing, FortiExtender If you’re a close follower of Fortinet product news, chances are you’ve heard rumors of a mobility solution coming to the FortiExtender family. I’m happy to say the wait is over: FortiExtender Vehicle is here. Secure Connectivity for Mobile Fleets Many IT teams struggle to service mobile fleets. Whether it’s a public safety, transportation, logistics, or the travel industry fleet, vehicles are unique in that they require secure connectivity to cloud applications but cannot leverage wired broadband. Adding point solutions creates complexity and risk for organizations. Mobile fleets cannot become another silo for enterprise IT. Secure connectivity for must be delivered within a digital platform alongside other areas of IT, such as OT, IoT and wireless access, Enter FortiExtender Vehicle 211F
What is CVE-2019-7256? CVE-2019-7256 is a serious command injection vulnerability affecting Linear eMerge E3-Series access control systems. It stems from improper sanitization of user inputs, enabling remote attackers to inject and execute arbitrary commands. The severity of this vulnerability is high due to the potential for unauthorized command execution. Attackers can gain complete control over the eMerge E3-Series systems, allowing them to alter configurations, access sensitive data, or disrupt operations. This poses a significant security risk for organizations that depend on these systems for physical security and access management. This vulnerability highlights the importance of robust input validation and secure coding practices in developing network-connected devices. To mitigate CVE-2019-7256, organizations should promptly apply vendor-supplied patches or updates. Additionally, they should implement network segmentation, access controls, and monitoring to de
FortiWeb Security Insights: Addressing XSS Vulnerability in Serenity Software (CVE-2023-31285) What is CVE-2023-31285? CVE-2023-31285 is a Cross-Site Scripting (XSS) vulnerability discovered in Serenity Serene and StartSharp versions prior to 6.7.0. This issue allows attackers to upload malicious HTML or HTM files through a feature meant for temporary file uploads. The vulnerability is particularly concerning because it enables the execution of harmful scripts in the administrator’s browser. Exploiting this flaw could allow attackers to perform actions on behalf of the administrator or access sensitive information. Why CVE-2023-31285 is a Critical Security Concern XSS vulnerabilities are crucial because they compromise the security and integrity of user interactions on a website. Attackers exploiting these flaws can manipulate web sessions and gain access to confidential information, thereby jeopardizing the overall security of the application.&nbs
Last year we launched a network security solution in the Azure Marketplace that protects both east-west and north-south traffic as it passes through Azure Virtual WAN (vWAN). This security is provided through FortiGate VM, in the form of a managed Network Virtual Appliance (NVA) There are multiple use cases supported with our offering. This includes a secure SD-WAN, SD-WAN with next-generation firewall (NGFW), and solely NGFW with layer 4-7 inspection. The integration of FortiGate VM with Secure SD-WAN and Azure vWAN allows users to more effectively interconnect with applications and workloads running in Azure with the rest of their hybrid and multi-cloud deployments. The result is an even simpler, further automated, and operationally efficient cloud on-ramp and SD-WAN experience and the ability to apply NGFW policies to vWAN traffic. Now, we have released an extension of this offering to include internet-inbound traffic, also known as Destination NAT. We are one o
Modern applications are the backbone of digital transformation but protecting them has become a daunting challenge. Organizations are grappling with the complexity of multi-cloud environments, evolving architectures, agile development practices, and emerging threats. These factors, coupled with a shortage of skilled professionals, expand the attack surface and create significant visibility gaps. The distributed nature of data across these environments further increases the likelihood of misconfigurations, inconsistencies, and human errors, all of which can lead to data breaches, service disruptions, and enforcement challenges. The Growing Complexity of Application Security Multi-Cloud Environments: Enterprises now operate across multiple cloud providers, each with unique security controls and configurations. This diversity can lead to inconsistencies and potential vulnerabilities. Evolving Architectures: The adoption of microservices, containerization, and serverless com
Introduction: Streamlining Software Deployment with AWS Marketplace Image Builder AWS Marketplace has introduced an innovative feature to simplify software deployment for customers and sellers alike: the AWS Marketplace EC2 Image Builder. This feature allows customers to discover, purchase, and deploy third-party software directly through the EC2 Image Builder console and Image Builder APIs. With a straightforward console-driven onboarding process, customers can access security tools, OS hardening scripts, and analytics applications to create optimized, secure, and compliant images—referred to as “golden images”—tailored to their needs. Whether you’re a seller looking to expand reach or a customer seeking a streamlined way to integrate third-party applications, this blog post is for you. In the previous blog post, we described what EC2 Image Builder is at a high level, and how it can alleviate the operational overhead of deploying software such as
A prominent US-based specialty engineering and construction company faced challenges centralizing security controls, gaining visibility into traffic patterns and intrusion attempts, and applying policies at the application level within their cloud infrastructure. They turned to Fortinet Cloud Consulting Services to develop a comprehensive cloud network security design tailored to their unique requirements to ensure top-tier security and operational efficiency on AWS. Guided Expertise in Selecting the Right Cloud Architecture The Fortinet Cloud Consulting Services team worked closely with the customer to create an architecture that emphasized scalability, reliability, and robustness. The Fortinet consultants outlined multiple options, highlighting their unique benefits and potential challenges. This in-depth analysis enabled the customer to make informed decisions, ensuring their infrastructure not only satisfied current needs but was also adaptable for future advancements
What is CVE-2018-11784? CVE-2018-11784 is an open redirect vulnerability impacting several versions of Apache Tomcat, specifically versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90. This vulnerability arises when the default servlet in Apache Tomcat incorrectly handles redirects to directories. For instance, if a user requests '/foo', the server might improperly redirect them to '/foo/' using a specially crafted URL, allowing an attacker to redirect to any URI. This could be exploited to redirect users to malicious websites without their knowledge. The Significance of Mitigating Open Redirect Vulnerabilities Open redirect vulnerabilities are crucial to mitigate because they can serve as a mechanism in phishing attacks, misleading users about the authenticity of a website. When exploited, these vulnerabilities allow attackers to redirect users from legitimate websites to malicious ones. This redirection can deceive users into believ
For more than a decade, digital transformation has been the talk within businesses. One of the core elements in this journey is the migration to the public cloud, which adopts new ways of thinking and working the infrastructure and applications. This journey centers on automating infrastructure and application provisioning, rapidly detecting and responding in operations, containerizing applications, and leveraging serverless technology or other services from cloud providers for rapid prototyping, innovation, and adoption. Executives prioritize this initiative to expedite the pace of innovation, save on capital costs and time to set up infrastructure and realize new ways of delivering services. In the urgency to be part of the wave, some companies rush to adopt an “all-in” approach too quickly without sufficient due diligence. This presents a risk of failure, beyond a technical point of view which is the financial viewpoint. One of the elements that customers must realize is that they n
FortiWeb SOCaaS: Comprehensive 24/7 Protection, Security Hardening, Incident Response, and Cloud Service Dashboard In an era where cyber threats continue to rise in frequency and sophistication, securing web applications is more critical than ever. Enterprises are increasingly turning to managed security services like FortiWeb SOCaaS (Security Operations Center as a Service) to protect their digital assets. With features such as 24/7 protection, security hardening, incident response, and a powerful cloud service dashboard, FortiWeb SOCaaS offers a robust solution for managing the complexities of modern web application security. The Need for FortiWeb SOCaaS Web applications are among the most exposed components of any IT infrastructure, making them prime targets for cyberattacks. From SQL injections to cross-site scripting and distributed denial-of-service (DDoS) attacks, the risks are diverse and ever-evolving. FortiWeb SOCaaS addresses these challenges by delivering a co
FortiWeb Security Alert: CVE-2024-3651 Vulnerability in idna.encode The Impact of CVE-2024-3651 In the realm of web security, vulnerabilities can often lead to severe consequences if left unaddressed. One such critical issue is identified by CVE-2024-3651, a vulnerability that significantly impacts web applications by exposing them to potential denial-of-service (DoS) attacks and remote code execution (RCE). This essay explores the nature of CVE-2024-3651, its implications for web security, and the importance of addressing such vulnerabilities to maintain robust and secure web applications. CVE-2024-3651 is categorized as a critical vulnerability primarily due to its origin in the improper validation of URL, header, and argument lengths within web applications. Web applications rely on numerous parameters passed through URLs, headers, and request bodies to function correctly. These inputs are crucial for processing requests, managing sessions, and delivering co
What is CVE-2023-34434? CVE-2023-34434 is a critical security vulnerability identified in Apache InLong, an open-source data collection and processing platform. This vulnerability affects versions 1.4.0 through 1.7.0 of Apache InLong. It is classified as a deserialization flaw, which can be exploited to bypass security mechanisms and gain unauthorized access to arbitrary files. The issue was resolved in Apache InLong version 1.8.0. The Significance of CVE-2023-34434 Deserialization of untrusted data is a critical security concern that can lead to unauthorized access and system compromise. This vulnerability within Apache InLong could enable attackers to manipulate or steal data by bypassing existing logic controls, making it a priority to address. The vulnerability is rooted in the deserialization process, which is the method of converting data from a serialized format back into an object or data structure. Deserialization is a common practice
What is CVE-2024-4577? CVE-2024-4577 is a severe security vulnerability found in PHP installations running in CGI mode. This flaw arises from inadequate input data handling, which can lead to attackers injecting and executing arbitrary PHP code on the server. The issue affects PHP versions prior to 8.1.29, 8.2.20, and 8.3.8. Due to its nature, the vulnerability poses a significant risk to many web applications, potentially allowing unauthorized users to compromise the server and execute malicious code. This can lead to various security breaches, including data theft, server control, or disruption of services. Users of affected PHP versions should prioritize upgrading to patched versions to mitigate this critical risk. The Significance of CVE-2024-4577 The exploitation of CVE-2024-4577 can lead to remote code execution (RCE), enabling attackers to perform a variety of malicious activities such as deploying malware and launching denial-of-service attacks. I
What is the Critical D-Link NAS Vulnerabilities (CVE-2024-3272 and CVE-2024-3273)? Critical vulnerabilities CVE-2024-3272 and CVE-2024-3273 have been identified in multiple D-Link NAS (Network Attached Storage) devices. CVE-2024-3272 involves hard-coded credentials that could enable unauthorized remote access, while CVE-2024-3273 presents a command injection flaw that allows attackers to execute arbitrary commands on the devices. Both vulnerabilities are currently being exploited in the wild and pose severe security risks. Immediate action is required to protect affected systems. The Significance of CVE CVE-2024-3272 and CVE-2024-3273 are critical vulnerabilities identified in a widely used software component that poses a significant security risk. This vulnerability allows attackers to exploit a flaw in the software to execute arbitrary code remotely, without requiring any user interaction. The affected software, being prevalent in various applica
I am a BIG supporter of Central NAT. I believe it is in-line with the present day firewall platforms. Even if you use Policy NAT (the original way on FortiOS) or Central NAT you normally want bidirectional NAT'ng, that is SNAT and DNAT. DNAT / VIP There is a feature on the CLI of the VIP which makes the VIP bi-directional. That command is set nat-source-vip enable. This is NOT enabled by default. You can get to the VIP settings by right-clicking the VIP and choosing edit in cli Once you are in the cli you can type set ? and it will show you all of the set options available to you. You can also give the show full to see all the options, default and or custom. The other option you can type is tree which gives you the entire command structure for that section. Once you shell out to the cli FortiOS will show you the basic configuration for that VIP config firewall vip edit "OBSER" set uuid 169ccfa6-a
A customer-facing FAQ is available in the FortiSASE Admin Guide for existing FortiClient EMS customers interested in shifting from FortiClient EMS to FortiSASE for endpoint management:https://docs.fortinet.com/document/fortisase/latest/administration-guide/90443/shifting-from-forticlient-ems-to-fortisase This FAQ provides guidance about licensing and FortiSASE configuration for endpoint management for these cases: 1. Existing FortiClient EMS on-premise deployments2. Existing FortiClient Cloud deployments As part of this shift to a FortiSASE deployment, new configuration of endpoint management features must be performed in FortiSASE: Existing FortiClient EMS or FortiClient Cloud configuration is not preserved because FortiSASE uses its own EMS instance. FortiSASE does not support some FortiClient EMS features. To assist customers with new deployments requiring endpoint management features, see the 4-D FortiSASE endpoint management deployment guide:https://docs.fortinet.c
In today's fast-paced digital landscape, the network edge has become a critical battleground for businesses. It's where users connect, data flows, and opportunities arise. But managing this dynamic environment can be a complex and time-consuming task, especially for organizations with distributed networks. That's where FortiEdge Cloud comes in, offering a powerful and intuitive cloud-based management platform that simplifies network operations and empowers businesses to thrive at the edge. Single Pane of Glass Management FortiEdge Cloud provides a centralized platform for managing your entire LAN and WAN edge infrastructure, including FortiSwitch, FortiAP, and FortiExtender devices. With its intuitive interface and powerful tools, you can easily configure, monitor, and troubleshoot your network from anywhere, at any time. The platform's single pane of glass view eliminates the need to juggle multiple management consoles, streamlining operations and saving valuable time and resou
What is CVE-2024-28147? CVE-2024-28147 is a critical security vulnerability that has been identified in the edu-sharing software. The edu-sharing is an open-source e-learning integration solution. The core of the system is a repository for the cooperative creation, management, and usage of objects such as files, links, instances of integrated tools and courses of connected learning management systems such as Moodle. This flaw impacts versions of the software prior to 8.0.8-RC2, 8.1.4-RC0, and 9.0.0-RC19. The vulnerability arises from the software's handling of file uploads through the collection preview images feature, which permits authenticated users to upload arbitrary files. Specifically, this issue allows users to upload files such as HTML and SVG files that can contain malicious code. When these files are accessed directly via their URLs, they have the potential to execute malicious JavaScript code. This could lead to unauthorized actions being performed
The Impact of CVE-2024-3651 In the realm of web security, vulnerabilities can often lead to severe consequences if left unaddressed. One such critical issue is identified by CVE-2024-3651, a vulnerability that significantly impacts web applications by exposing them to potential denial-of-service (DoS) attacks and remote code execution (RCE). This essay explores the nature of CVE-2024-3651, its implications for web security, and the importance of addressing such vulnerabilities to maintain robust and secure web applications. CVE-2024-3651 is categorized as a critical vulnerability primarily due to its origin in the improper validation of URL, header, and argument lengths within web applications. Web applications rely on numerous parameters passed through URLs, headers, and request bodies to function correctly. These inputs are crucial for processing requests, managing sessions, and delivering content. However, when an application fails to validate the size of t
Solution overview The Landing Zone Accelerator on AWS (LZA) for Canadian Centre for Cyber Security (CCCS) Cloud Medium is a specialized deployment designed in collaboration with national security entities and government agencies. It facilitates compliance with strict security requirements, offering a comprehensive AWS cloud architecture for handling sensitive workloads. The CCCS Medium Reference Architecture addresses identity and access management, governance, data security, logging, and network design in alignment with various security frameworks, including NIST 800-53, ITSG-33, FEDRAMP Moderate, CCCS-Medium, IRAP, and other medium-level security profiles. Please refer to the CCCS Medium Reference Architecture document for the full detailed design. Note: This solution will not, by itself, make you compliant. It provides the foundational infrastructure from which additional complementary solutions can be integrated. Solution Detail This version of
Introduction D-Link, a global leader in networking solutions and is particularly renowned for its offerings tailored to small and medium-sized businesses (SMBs). Over the decades, D-Link has expanded its product portfolio and global reach, making it a key player in the networking industry. Today there are many device vulnerabilities that have been identified across various D-Link devices, posing significant security risks. CVE-2020-9376: The D-Link DIR-610 devices are affected by an information disclosure vulnerability that exposes sensitive information through inadequately secured getcfg.php endpoints. This issue is particularly problematic because it impacts devices that are no longer supported by D-Link, meaning there are no official updates or patches available to address the vulnerability. CVE-2022-28956: The getcfg.php component in D-Link DIR816L routers with firmware version FW206b01 has a critical vulnerability that allows attackers to gain una
What is Check Point CVE-2024-24919? CVE-2024-24919 is an information disclosure vulnerability that could enable an attacker to access sensitive information on internet-connected Gateways configured with IPSec VPN, remote access VPN, or mobile access software blades. Check Point's advisory notes that this vulnerability has been exploited in the wild, with attacks primarily targeting devices set up with local accounts that use password-only authentication. Using password-only authentication is discouraged due to the risk of brute-force attacks, which can exploit weak passwords. Check Point recommends against using local accounts where possible and recommends implementing added layers of authentication if they are necessary. A hotfix is available to address this issue. Significance of CVE-2024-24919 On May 28, 2024, Check Point issued a zero-day advisory for CVE-2024-24919, which has a CVSS score of 8.6. According to the advisory, this vulnerability allows a
Many of today’s most damaging security breaches result from compromised user accounts and passwords. To address this issue, businesses of all sizes are seeking alternatives to password-only authentication. Multifactor authentication (MFA), whether through traditional hardware tokens orr mobile software tokens, or increasingly popular passkeys for passwordless authentication, has become the standard. Previously, implementing and managing MFA deployments was complex. FortiToken Cloud simplifies this process by offering a secure, effective way to manage MFA through an intuitive interface accessible from anywhere. FortiToken Cloud includes tokens for our FortiToken Mobile App, which features PUSH notification and response technology, making the end user experience as simple as swiping or clicking to approve a login. With FortiToken Cloud we continue to develop new application security features that ensure access to sensitive data and systems is restricted to authorized users o
Why FortiToken Cloud? Many of today’s most damaging security breaches result from compromised user accounts and passwords. To address this issue, businesses of all sizes are seeking alternatives to password-only authentication. Multifactor authentication (MFA), whether through traditional hardware tokens or increasingly popular mobile software tokens, has become the standard. Previously, implementing and managing MFA deployments was complex. FortiToken Cloud simplifies this process by offering a secure, effective way to manage MFA through an intuitive interface accessible from anywhere. FortiToken Cloud includes tokens for our FortiToken Mobile App, which features PUSH notification and response technology, making the end user experience as simple as swiping or clicking to approve a login. With FortiToken Cloud we continue to develop new application security features ensures that access to sensitive data and systems is restricted to authorized users only, thereby reducing
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.