Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability

/in

Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution.
Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.
“An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to

The Hacker News – ​Read More

XZ Utils Scare Exposes Hard Truths About Software Security

/in

Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.

darkreading – ​Read More

Japan, Philippines, & US Forge Cyber Threat Intel-Sharing Alliance

/in

Following the Volt Typhoon attacks on critical infrastructure in the region by China, the US reportedly will share cybersecurity threat information with both countries.

darkreading – ​Read More

NSA Updates Zero-Trust Advice to Reduce Attack Surfaces

/in

Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users.

darkreading – ​Read More

Trump Loyalists Kill Vote on US Wiretap Program

/in

An attempt to reauthorize Section 702, the so-called crown jewel of US spy powers, failed for a third time in the House of Representatives after former president Donald Trump criticized the law.

Security Latest – ​Read More

Selecting the Right Authentication Protocol for Your Business

/in

Prioritizing security and user experience will help you build a robust and reliable authentication system for your business.

darkreading – ​Read More

TA547 Uses an LLM-Generated Dropper to Infect German Orgs

/in

It’s finally happening: Rather than just for productivity and research, threat actors are using LLMs to write malware. But companies need not worry just yet.

darkreading – ​Read More