Security Boulevard

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘RNAWorld’ appeared first on Security Boulevard.

Authors/Presenters:Jen Ozmen, Aaron Shim

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – AppSec Village – Securing Frontends at Scale;Paving our Way to Post XSS World appeared first on Security Boulevard.

As businesses navigate an increasingly digital landscape, leveraging advanced technologies has become essential. At GITEX 2024, Seceon proudly showcased its commitment to empowering organizations with AI-driven cybersecurity solutions, with our story prominently featured in What’s On, published by Tech First Gulf (TFG). Key Highlights from GITEX 2024 Seceon participated at TFG’s stand located in Hall

The post Embracing Innovation: Seceon’s Journey at GITEX 2024 appeared first on Seceon Inc.

The post Embracing Innovation: Seceon’s Journey at GITEX 2024 appeared first on Security Boulevard.

We’re just weeks away from November 12, 2024—the date when Google Chrome will begin distrusting newly issued certificates from Entrust Roots. Shortly after, Mozilla will implement its distrust in Entrust Roots by the end of November. If your organization hasn’t yet switched to a reliable public Certificate Authorities (CA), it’s time to do so. This […]

The post The Entrust Distrust Deadline is Closing In. Are you Prepared? appeared first on Security Boulevard.

Our daily lives depend on critical infrastructure – water treatment facilities, power grids, transportation systems. Unfortunately, these systems are increasingly becoming targets for cyberattacks.

The post The Rise of Cyberattacks on Critical Infrastructure: Are You Prepared? appeared first on Security Boulevard.

Reading Time: 2 min Read the inspiring story of how UK-based MSP CloudTech24 automated and simplified domain security management for multiple client domains with PowerDMARC.

The post DMARC MSP Case Study: CloudTech24 Simplies Domain Security Management for Clients with PowerDMARC appeared first on Security Boulevard.

Since 2022, the FBI and other agencies have been sounding the alarm about North Koreans posing as US or other non-North Korean based IT workers and infiltrating companies. In July, security firm KnowBe4 publicly revealed that they unknowingly hired a fake IT worker from North Korea. Fortunately they detected and blocked access as he attempted to load malware onto his system-connected laptop. Since then, similar stories have flooded in. Last week, reports surfaced that a fake North Korean IT worker hired by an unnamed company stole proprietary data and demanded a ransom payment in order to keep the hack secret.

The post Fake IT Workers: How HYPR Stopped a Fraudulent Hire appeared first on Security Boulevard.

A recent alert jointly issued by a myriad of governmental agencies including CISA, FBI, EPA, DOE, NSA and NCSC-UK has spotlighted activities by Russians targeting U.S. and European critical infrastructure.

The post Strengthening Critical Infrastructure Defense: Shifting to an Exposure Management Mindset appeared first on Security Boulevard.

The SEC fined Unisys, Avaya, Check Point, and Mimecast millions of dollars for disclosures in the wake of the high-profile SolarWinds data breach that intentionally mislead investors and downplayed the impact the supply chain attack had on them.

The post SEC Fines Four Tech Firms for Downplaying SolarWinds Impacts appeared first on Security Boulevard.

The overwhelming majority of teachers, parents, and students believe in the efficacy of classroom technology.  The education technology sector, or EdTech, is currently valued at $142.37 billion. Its buy-in from these groups, plus that of policymakers and investors, leads experts to expect classroom technology to become more heavily used — with the market predicted to grow ...

The post Technology for classrooms: Top 15 tools for K-12 schools  appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Technology for classrooms: Top 15 tools for K-12 schools  appeared first on Security Boulevard.

By continuously learning from new data, ML models can adapt to evolving threat landscapes, making them invaluable in identifying zero-day vulnerabilities before they can be exploited. 

The post Exploring the Transformative Potential of AI in Cybersecurity  appeared first on Security Boulevard.

Unmanaged software as a service (SaaS) applications and AI tools within organizations are posing a growing security risk as vulnerabilities increase, according to a report from Grip Security.

The post Majority of SaaS Applications, AI Tools Unmanaged appeared first on Security Boulevard.

Security leaders must leverage the best of both to truly protect an organization in today's complex digital environment — blending the old with the new.

The post Blending Traditional and Emerging Cybersecurity Practices for a Holistic Approach appeared first on Security Boulevard.

At long last, there’s a spotlight — Application Detection and Response (ADR) — that shines the light into what’s been a blindspot: namely, the application layer. 

The post Application Layer Security: ADR Brings the Application Layer into Cybersecurity Monitoring and Response | Contrast Security appeared first on Security Boulevard.

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

CVE Description CVSSv3 CVE-2024-47575 FortiManager Missing authentication in fgfmsd Vulnerability 9.8

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:/pblockquote class=reddit-embed-bq data-embed-height=377pa href=https://www.reddit.com/r/fortinet/comments/1g9bxfk/comment/lt72xjd/Comment/abrby from discussionbrina href=https://www.reddit.com/r/fortinet/fortinet/a/p/blockquotepnbsp;/ppAccording to a href=https://www.shodan.io/search?query=port%3A541+xaburesults from Shodan/u/a, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:/pimg src=https://www.tenable.com/sites/default/files/images/blog/2009fd1c-5bc4-42a6-9839-3decd7b4c7b1.png alt=Shodan search results for Fortinet FortiManager devices that are internet-facing. width=449 height=666 referrerpolicy=no-referrer loading=lazypstrongWhen was FortiJump first disclosed?/strong/ppThere were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont a href=https://cyberplace.social/@GossiTheDog/113299762582288860uposted a warning to Mastodon on October 13/u/a:/pblockquote class=mastodon-embed data-embed-url=https://cyberplace.social/@GossiTheDog/113299762582288860/embeda href=https://cyberplace.social/@GossiTheDog/113299762582288860 target=_blank/adiva href=https://cyberplace.social/@GossiTheDog/113299762582288860 target=_blankPost by @[email protected]/a/divdiva href=https://cyberplace.social/@GossiTheDog/113299762582288860 target=_blankView on Mastodon/a/div/blockquotepnbsp;/ppstrongWas this exploited as a zero-day?/strong/ppYes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day./ppstrongWhich threat actors are exploiting FortiJump?/strong/ppNo specific threat actors have been attributed to the exploitation of FortiJump, though reports suggest the flaw has been exploited by nation-state groups as part of cyber espionage activity./ppstrongIs there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?/strong/ppAs of October 23, there are no public proof-of-concept exploits available for FortiJump./ppstrongAre patches or mitigations available for FortiJump?/strong/ppThe following table contains a list of affected products, versions and fixed versions./pdiv class=table-responsivetable class=tabletheadtrthstrongAffected Product/strong/ththstrongAffected Versions/strong/ththstrongFixed Version/strong/th/tr/theadtbodytrtdFortiManager 6.2/tdtd6.2.0 through 6.2.12/tdtdUpgrade to 6.2.13 or above/td/trtrtdFortiManager 6.4/tdtd6.4.0 through 6.4.14/tdtdUpgrade to 6.4.15 or above/td/trtrtdFortiManager 7.0/tdtd7.0.0 through 7.0.12/tdtdUpgrade to 7.0.13 or above/td/trtrtdFortiManager 7.2/tdtd7.2.0 through 7.2.7/tdtdUpgrade to 7.2.8 or above/td/trtrtdFortiManager 7.4/tdtd7.4.0 through 7.4.4/tdtdUpgrade to 7.4.5 or above/td/trtrtdFortiManager 7.6/tdtd7.6.0/tdtdUpgrade to 7.6.1 or above/td/trtrtdFortiManager Cloud 6.4/tdtd6.4 all versions/tdtdMigrate to a fixed release/td/trtrtdFortiManager Cloud 7.0/tdtd7.0.1 through 7.0.12/tdtdUpgrade to 7.0.13 or above/td/trtrtdFortiManager Cloud 7.2/tdtd7.2.1 through 7.2.7/tdtdUpgrade to 7.2.8 or above/td/trtrtdFortiManager Cloud 7.4/tdtd7.4.1 through 7.4.4/tdtdUpgrade to 7.4.5 or above/td/trtrtdFortiManager Cloud 7.6/tdtdNot affected/tdtdNot Applicable/td/tr/tbody/table/divpFortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing./ppstrongHas Tenable released any product coverage for these vulnerabilities?/strong/ppA list of Tenable plugins for this vulnerability can be found on the individual CVE page for a href=https://www.tenable.com/cve/CVE-2024-47575/pluginsuCVE-2024-47575/u/a as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our a href=https://www.tenable.com/plugins/pipelineuPlugins Pipeline/u/a./ph3Get more information/h3ullia href=https://doublepulsar.com/burning-zero-days-fortijump-fortimanager-vulnerability-used-by-nation-state-in-espionage-via-msps-c79abec59773uBurning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs/u/a/lilia href=https://www.fortiguard.com/psirt/FG-IR-24-423uFortiGuard Labs PSIRT FG-IR-24-423 Advisory/u/a/li/ulpemstrongJoin /strong/ema href=https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alertsemstronguTenable's Security Response Team/u/strong/em/aemstrong on the Tenable Community./strong/embremstrongLearn more about /strong/ema href=https://www.tenable.com/products/tenable-oneemstronguTenable One/u/strong/em/aemstrong, the Exposure Management Platform for the modern attack surface./strong/em/p
img src=https://www.tenable.com/sites/default/files/images/articles/blog-tenable-research-advisory-high-FAQ_7.jpg /

The post CVE-2024-47575: Frequently Asked Questions About FortiJump Zero-Day in FortiManager and FortiManager Cloud appeared first on Security Boulevard.

In recent years, the adoption and growth of open source software (OSS) have soared, with 2024 set to break records, projecting over 6.6 trillion downloads by year-end. The vast influence of open source now underpins nearly every aspect of software development.

The post The scale of open source: Growth, challenges, and key insights appeared first on Security Boulevard.

Authors/Presenters:Paulo Silva, David Sopas

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – AppSec Village – Speed Bumps and Speed HacksP: Adventures in Car Mfg Security appeared first on Security Boulevard.

Discover how a one-week SOAR migration is possible. Learn the key steps to seamlessly transition from your legacy SOAR platform to D3.

The post One-Week SOAR Migration: It’s a Fact appeared first on D3 Security.

The post One-Week SOAR Migration: It’s a Fact appeared first on Security Boulevard.

via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé!

Permalink

The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #310 – The Day After PI Planning appeared first on Security Boulevard.

Keeping up with the world of cybercrime is important but can often feel overwhelming for security practitioners. Leaky Weekly is a podcast hosted by security researcher Nick Ascoli as he dives into the most pressing stories on data leaks, cybercrime, and the dark web in the last week or so. On this episode of Leaky […]

The post Dark Web Forum Arrests, Columbus Ransomware Attack Updates, and American Background Info Data Leak appeared first on Flare | Cyber Threat Intel | Digital Risk Protection.

The post Dark Web Forum Arrests, Columbus Ransomware Attack Updates, and American Background Info Data Leak appeared first on Security Boulevard.