Fortinet Addresses Unpatched Critical RCE Vector

Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files.

Follow Dark Reading:

December 20, 2024

LATEST SECURITY NEWS & COMMENTARY Fortinet Addresses Unpatched Critical RCE Vector Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files. OT/ICS Engineering Workstations Face Barrage of Fresh Malware Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes. Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2 A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it. Malvertisers Fool Google With AI-Generated Decoy Content Seemingly innocent "white pages," including an elaborate Star Wars-themed site, are bypassing Google's malvertising filters, showing up high in search results to lure users to second-stage phishing sites. Supply Chain Risk Mitigation Must Be a Priority in 2025 A balance of rigorous supplier validation, purposeful data exposure, and meticulous preparation is key to managing and mitigating risk. MORE NEWS / MORE COMMENTARY HOT TOPICS Interpol: Can We Drop the Term 'Pig Butchering'? The agency asks the cybersecurity community to adopt "romance baiting" in place of dehumanizing language. To Defeat Cybercriminals, Understand How They Think Getting inside the mind of a threat actor can help security pros understand how they operate and what they're looking for — in essence, what makes a soft target. The Importance of Empowering CFOs Against Cyber Threats Working closely with CISOs, chief financial officers can become key players in protecting their organizations' critical assets and ensuring long-term financial stability. Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaign Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud. MORE PRODUCTS & RELEASES Wallarm Releases API Honeypot Report Highlighting API Attack Trends Delinea Joins CVE Numbering Authority Program CompTIA Xpert Series Expands With SecurityX Professional Certification CISA Directs Federal Agencies to Secure Cloud Environments MORE PRODUCTS & RELEASES EDITORS' CHOICE Manufacturers Lose Azure Creds to HubSpot Phishing Attack Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe. LASTEST FROM THE EDGE Test Your Cyber Skills With the SANS Holiday Hack Challenge Open to players of all skill levels, the "Snow-mageddon" cybersecurity competition takes place in the world of Santa, elves, and Christmas mayhem. LASTEST FROM DR TECHNOLOGY Vendors Chase Potential of Non-Human Identity Management Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes — before attackers can intercept. LASTEST FROM DR GLOBAL India Sees Surge in API Attacks, Especially in Banking, Utilities The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target. WEBINARS Simplify Data Security with Automation Social Engineering: New Tricks, New Threats, New Defenses View More Dark Reading Webinars >> WHITE PAPERS From security alert to action: Accelerating incident response with automated investigations 4 Steps to Deploying an AppSec Training Program Solution Brief: Introducing the runZero Platform The Definitive Guide to Container Security The State of Cloud Native Security Report 2024 Insider Risk Programs: 3 Truths and a Lie SecOps Checklist View More White Papers >> FEATURED REPORTS Managing Third-Party Risk Through Situational Awareness 2024 InformationWeek US IT Salary Report View More Dark Reading Reports >>

Dark Reading Daily -- Published By Dark Reading Operated by TechTarget, Inc. and its subsidiaries, 275 Grove Street, Newton, Massachusetts, 02466 US To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2024 | TechTarget, Inc. | Privacy Statement | Terms & Conditions | Contact Us