Legacy MFA

The Hidden Risks of Legacy MFA

The Hidden Risks of Legacy MFA Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them. When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination Read more…

Vulnerability

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation Oct 24, 2024Ravie LakshmananVulnerability / Network Security Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump Read more…

Globe with people

Congratulations to the Top MSRC 2024 Q3 Security Researchers! | MSRC Blog

Congratulations to the Top MSRC 2024 Q3 Security Researchers! | MSRC Blog Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q3 Security Researcher Read more…

A cake made to resemble Fortigate device

FortiGate admins report active exploitation 0-day. Vendor isn’t talking.

FortiGate admins report active exploitation 0-day. Vendor isn’t talking. Citing the Reddit comment, Beaumont took to Mastodon to explain: “People are quite openly posting what is happening on Reddit now, threat actors are registering rogue FortiGates into FortiManager with hostnames like ‘localhost’ and using them to get RCE.” Beaumont wasn’t Read more…

CVE-2024-38094

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) Oct 23, 2024Ravie LakshmananVulnerability / Threat Intelligence A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation. The Read more…