Fortinet Urges Critical Updates for FortiSwitch

 🔐 Fortinet Urges Critical Updates for FortiSwitch 🚨

Fortinet has released patches for a critical vulnerability (CVE-2024-48887) in FortiSwitch devices, rated with a CVSS score of 9.3. This flaw could allow unauthorized password changes via a specially crafted request, posing significant risks to administrative security.

Key Details:

Affected Versions: FortiSwitch 6.4.0 through 7.6.0.

Mitigation: Upgrade to patched versions (6.4.15, 7.0.11, 7.2.9, 7.4.5, or 7.6.1).

Workaround: Disable HTTP/HTTPS access from administrative interfaces and restrict access to trusted hosts.

This vulnerability underscores the importance of proactive patch management and securing administrative interfaces. Let's stay vigilant and ensure our systems are protected against emerging threats.



Comments

Post a Comment

Popular posts from this blog

Hadooken: New Linux Malware Exploiting Oracle WebLogic Servers

Image
Hadooken: New Linux Malware Exploiting Oracle WebLogic Servers Introduction In the ever-evolving landscape of cybersecurity threats, a new player has emerged: Hadooken. This Linux malware specifically targets Oracle WebLogic servers, which are widely used for running critical applications in enterprises. Let’s dive into the details. What Is Hadooken? Attack Vector: Hadooken gains unauthorized access to WebLogic servers by exploiting weak passwords. Once inside, it remotely executes malicious code. Attack flow (Source – Aquasec) Payload Components: A shell script named “c” A Python script called “y” Cryptominer and DDoS Botnet Hadooken doesn’t stop at infiltration. It includes: A cryptominer: Hijacking server resources for cryptocurrency mining. The Tsunami malware: A DDoS botnet and backdoor, giving attackers full control. Persistence and Lateral Movement Hadooken ensures persistence by creating cron jobs. It can steal user credentials, allowing lateral movement within networks. But t...
Read more

New Cybercrime Warning: 2FA Vulnerability Targeting Gmail, Outlook, Facebook, and X Users

Image
New Cybercrime Warning: 2FA Vulnerability Targeting Gmail, Outlook, Facebook, and X Users The landscape of cybersecurity is ever-evolving, and with it, new threats emerge. Recently, a leading cybercrime agency issued a crucial warning regarding a new vulnerability targeting Two-Factor Authentication (2FA) across popular platforms such as Gmail, Outlook, Facebook, and X (formerly Twitter). What is 2FA? Two-Factor Authentication (2FA) is a security measure that requires users to provide two forms of identification before accessing an account. Typically, this involves something you know (like a password) and something you have (like a mobile device). This extra layer of security is designed to prevent unauthorized access even if your password is compromised. The New Threat Despite its effectiveness, cybercriminals have developed new methods to bypass 2FA protections. This latest threat specifically targets major email providers and social media platforms, exploiting weaknesses in the 2FA ...
Read more

Synology Rushes to Patch Zero-Days Exploited at Pwn2Own

Image
Synology Rushes to Patch Zero-Days Exploited at Pwn2Own In the fast-paced world of cybersecurity, staying ahead of threats is paramount. This was highlighted once again at the recent Pwn2Own hacking competition in Ireland, where researchers uncovered critical vulnerabilities in Synology's popular network-attached storage (NAS) devices. Here’s what you need to know: The Discovery During the competition, security researcher Rick de Jager from Midnight Blue discovered two zero-click vulnerabilities in Synology Photos and BeePhotos for BeeStation software. These vulnerabilities were particularly concerning because they allowed remote attackers to execute arbitrary code on vulnerable NAS appliances—without any user interaction. The Immediate Response Synology acted swiftly to address these vulnerabilities. Within days of their discovery, the company released patches to protect users from potential exploits. The affected versions were: Synology Photos 1.7 for DSM 7.2: Users should upgra...
Read more