Threat Mitigation | Breaking Cybersecurity News | The Hacker News

Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. "An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website," Fortinet  said  in an advisory. The shortcoming, which has been described as a case of remote code execution due to a "dangerous nodejs configuration," impacts the following versions - FortiClientLinux versions 7.0.3 through 7.0.4 and 7.0.6 through 7.0.10 (Upgrade to 7.0.11 or above) FortiClientLinux version 7.2.0 (Upgrade to 7.2.1 or above) Security researcher CataLpa from Dbappsecurity has been credited with discovering and reporting the vulnerability. Fortinet&

Fortra has released details of a now-patched critical security flaw impacting its  FileCatalyst  file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory traversal within the 'ftpservlet' of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended 'uploadtemp' directory with a specially crafted POST request," the company  said  in an advisory last week. "In situations where a file is successfully uploaded to web portal's DocumentRoot, specially crafted JSP files could be used to execute code, including web shells." The vulnerability, the company said, was first reported on August 9, 2023, and addressed two days later in FileCatalyst Workflow version 5.1.6 Build 114 without a CVE identifier. Fortra was  authorized  as a CVE Numbering Authorit

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) – impacting Cisco Expressway Series that could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. All the issues, which were found during internal security testing, stem from insufficient CSRF protections for the web-based management interface that could permit an attacker to perform arbitrary actions with the privilege level of the affected user. "If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts," Cisco  said  about CVE-2024-20252 and CVE-2024-20254. On the other hand, successful exploitatio

A recently disclosed server-side request forgery ( SSRF ) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver Foundation  said  it observed exploitation attempts originating from more than 170 unique IP addresses that aim to establish a reverse shell, among others. The attacks exploit  CVE-2024-21893  (CVSS score: 8.2), an SSRF flaw in the SAML component of Ivanti Connect Secure, Policy Secure, and Neurons for ZTA that allows an attacker to access otherwise restricted resources without authentication. Ivanti had previously divulged that the vulnerability had been exploited in targeted attacks aimed at a "limited number of customers," but cautioned the status quo could change post public disclosure. That's exactly what appears to have happened, especially following the  release  of a proof-of-concept (PoC) exploit by cybersecurity firm Rapid7 last week. The PoC involves fashioning an exploit cha

As much as threat mitigation is to a degree a specialist task involving cybersecurity experts, the day to day of threat mitigation often still comes down to systems administrators. For these sysadmins it's not an easy task, however. In enterprise IT, sysadmins teams have a wide remit but limited resources. For systems administrators finding the time and resources to mitigate against a growing and constantly moving threat is challenging. In this article, we outline the difficulties implied by enterprise threat mitigation, and explain why automated, purpose-built mitigation tools are the way forward. Threat management is an overwhelming task There is a range of specialists that work within threat management, but the practical implementation of threat management strategies often comes down to systems administrators. Whether it's patch management, intrusion detection or remediation after an attack, sysadmins typically bear the brunt of the work. It's an impossible task, gi