On October 2, 2019, the UK’s National Cyber Security Centre (NCSC) released a notice stating that Pulse Secure, Palo Alto, and Fortinet’s SSL VPN solutions are vulnerable. These vulnerabilities consist of retrieving arbitrary files, some including authentication credentials, as well as post-auth command injection. Unauthorized access into any network is a huge alarm and could … [Read more...]
Don't Be 'fraid of No GHOST; Glibc Vulnerability
During the blog downtime, observant security practitioners probably read about a serious new vulnerabilities called GHOST, which affects all Linux-based systems to some extent. I actually covered GHOST already, in one of my Daily Security Bytes, but you may have missed it during the downtime. Let me recap the issue here. GHOST is the name Qualys gave to a newly reported … [Read more...]
WatchGuard Releases Appliance Updates to Fix OpenSSL Flaws
WatchGuard has released several important updates to software for all product lines over the past couple of weeks to address reported vulnerabilities. Last month the OpenSSL team released an update for their popular SSL/TLS package, which fixes six security vulnerabilities in their product, including a relatively serious Man-in-the-Middle (MitM) flaw. More details about these … [Read more...]