DevSecOps code process
Best practices In the first article in this series we covered the basics. In the second article about the planning process, we covered how developers incorporate security...
Nvidia Appears to Brush Off Ransomware Attack
Online chatter suggests chip giant “hacked back” at its attacker Read More
Meta Squeezes Russian State-Controlled Media Platforms
Social media giant restricts access to state media and disrupts disinfo networks Read More
3 biggest cyber risks from the Ukraine-Russia conflict
The invasion of Ukraine by Russia is reason enough for all CISOs to place their teams at a heightened state of alert and readiness in...
CVE-2020-36510
The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX...
Previously Unseen Backdoor Bvp47 Potentially Victimized Global Targets
FortiGuard Labs is aware of a report by Pangu Lab that a new Linux backdoor malware that reportedly belongs to the Equation group was used...
F5 Releases August 2021 Security Advisory Including Critical CVE-2021-23031
FortiGuard Labs is aware that F5 released a security advisory on August 24th about vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ. The US Cybersecurity...
ProxyToken (CVE-2021-33766): Authentication Bypass in Microsoft Exchange Server
UPDATE 9/17 - An IPS signature has been released in definitions (18.160) as "MS.Exchange.Server.SecurityToken.Authentication.Bypass"FortiGuard Labs is aware of a new disclosure dubbed PROXYTOKEN, which is...
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the...
CVE-2020-27958
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in...