October 14, 2024 at 08:36AM Over 86,000 Fortinet instances remain vulnerable to a critical flaw (CVE-2024-23113) actively exploited since last week, mainly in Asia. The vulnerability, with a high severity rating, affects various Fortinet products and requires urgent updates or mitigations as recommended by Fortinet to ensure security against potential exploits. ### Meeting Takeaways: Fortinet … Read more
October 13, 2024 at 02:30PM Apple has released updates for watchOS 11 addressing various security vulnerabilities, including issues related to state management, out-of-bounds access, and cross-origin problems. These vulnerabilities may allow unauthorized access, app termination, and denial-of-service. Updates are available for Apple Watch Series 6 and later devices. **Meeting Takeaways: Security Updates for watchOS 11** … Read more
October 11, 2024 at 12:38PM CISA warns that threat actors are exploiting unencrypted persistent F5 BIG-IP cookies to identify and target additional internal devices within compromised networks. This highlights the importance of securing sensitive cookies to prevent unauthorized access and potential breaches. **Meeting Takeaways:** 1. **Threat Actor Activity:** CISA has issued a warning regarding the … Read more
October 11, 2024 at 12:30PM CISA warns that unencrypted F5 BIG-IP persistent cookies are being exploited by threat actors to map internal devices, potentially identifying vulnerabilities for cyberattacks. Administrators are advised to enable cookie encryption and consult F5’s guidelines to protect against these security risks, emphasizing the importance of proper configurations. **Meeting Takeaways:** 1. **CISA … Read more
October 11, 2024 at 05:27AM CISA warns of threat actors exploiting unencrypted persistent cookies in F5 BIG-IP Local Traffic Manager for network reconnaissance. Organizations are advised to encrypt these cookies and use the BIG-IP iHealth diagnostic tool. Meanwhile, joint U.S.-U.K. agencies highlight threats from APT29, a Russian military intelligence group targeting various sectors. **Meeting Takeaways … Read more
October 11, 2024 at 03:27AM GitLab has released security updates for its Community and Enterprise Editions, addressing eight vulnerabilities, including a critical one (CVE-2024-9164) with a CVSS score of 9.6, allowing unauthorized CI/CD pipeline execution. Users are urged to update their instances to mitigate potential threats, as ongoing vulnerabilities have recently been disclosed. **Meeting Takeaways … Read more
October 10, 2024 at 09:39AM The US CISA has added vulnerabilities in Fortinet and Ivanti products to its Known Exploited Vulnerabilities catalog. Fortinet’s critical CVE-2024-23113 affects multiple products, allowing remote code execution. Ivanti faces issues with CVE-2024-9379 and CVE-2024-9380 related to its Cloud Services Application, prompting security recommendations for users. ### Meeting Takeaways **1. Fortinet … Read more
October 10, 2024 at 07:08AM The CVE program, celebrating 25 years, has significantly advanced vulnerability management despite persistent challenges like inconsistency in CVE issuance, subjective severity scoring, and the automation of CVE creation. Effective patching requires a nuanced approach, prioritizing critical systems to mitigate risks from potential attacks across all system layers. ### Meeting Takeaways … Read more
October 10, 2024 at 02:06AM CISA has added a critical vulnerability (CVE-2024-23113) impacting Fortinet products to its KEV catalog, requiring federal agencies to apply mitigations by October 30, 2024. Meanwhile, Palo Alto Networks disclosed multiple high-risk flaws in Expedition and Cisco patched a critical command execution vulnerability in Nexus Dashboard Fabric Controller. ### Meeting Takeaways … Read more
October 10, 2024 at 12:57AM Mozilla has disclosed a critical vulnerability (CVE-2024-9680) affecting Firefox, exploited in the wild. This use-after-free bug in the Animation timeline component allows attackers to execute code. Users are urged to update to the latest versions (Firefox 131.0.2, ESR 128.3.1, and 115.16.1) to mitigate risks. **Meeting Takeaways – October 10, 2024** … Read more