Security News

If you'd like a powerful firewall for your Ubuntu Server, but one that offers a fairly straightforward configuration, Jack Wallen thinks CSF might be the right tool for the job. Although Uncomplicated Firewall is an outstanding security service on Ubuntu Server, there might be times when you need more.

Total SMS firewall revenue will increase from $911 million in 2021 to $4.1 billion in 2026; representing an absolute growth of 346%, a Juniper Research study has found. SMS firewalls are third-party solutions that sit within operator networks; enabling the real-time monitoring of network traffic, enhancing operator capabilities to block fraudulent traffic and minimise revenue loss.

China is actively trying to export its internal internet governance model, according to a paper from the International Cyber Policy Centre at the Australian Strategic Policy Institute. Titled "China's cyber vision: How the Cyberspace Administration of China is building a new consensus on global internet governance", the paper outlines how China perceives sovereignty over its internet as having equivalent importance to sovereignty over its territory.

A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. Successful exploitation of the flaw necessitates that the attacker strings it with a technique known as HTTP smuggling to achieve remote code execution on the VPN installations, not to mention have network access to the device on the GlobalProtect service default port 443.

Critical RCE in Palo Alto Networks firewalls revealed, patch ASAP!The existence of a critical RCE vulnerability affecting certain versions of Palo Alto Networks firewalls using the GlobalProtect Portal VPN has been revealed by a cybersecurity company that exploited it during red team engagements for the last 12 months. Vulnerabilities in Nucleus NET TCP/IP stack could lead to real-world damageResearchers have unearthed 13 vulnerabilities affecting the Nucleus NET TCP/IP stack and have demonstrated how attackers could exploit them to cause serious real-world damage.

The existence of a critical RCE vulnerability affecting certain versions of Palo Alto Networks firewalls using the GlobalProtect Portal VPN has been revealed by a cybersecurity company that exploited it during red team engagements for the last 12 months. The vulnerability has been patched, but since there are still over 10,000 vulnerable internet-facing installations out there, Randori will refrain from publishing technical details related to the vulnerability for a month, to give affected organizations enough time to patch.

Who, Me? Start your week with a warning about those temporary emergency hacks that all too often end up permanent in today's edition of Who, Me? Our story comes from "Gary" - for that is not his name - who worked for a firm that offered a variety of services to the UK banking sector. "Except it didn't," Gary told us, "Because after several fruitless months, the new shiny 'Big Red Firewall' still flatly refused to pass packets on two ports from one host to the other."

Weaknesses in the implementation of TCP protocol in middleboxes and censorship infrastructure could be weaponized as a vector to stage reflected denial of service amplification attacks, surpassing many of the existing UDP-based amplification factors to date. Detailed by a group of academics from the University of Maryland and the University of Colorado Boulder at the USENIX Security Symposium, the volumetric attacks take advantage of TCP-non-compliance in-network middleboxes - such as firewalls, intrusion prevention systems, and deep packet inspection boxes - to amplify network traffic, with hundreds of thousands of IP addresses offering amplification factors exceeding those from DNS, NTP, and Memcached.

A command injection vulnerability exists in Fortinet's management interface for its FortiWeb web app firewall, according to infosec firm Rapid7. An authenticated attacker can use the vuln to execute commands as root on the Fortiweb device, Rapid7 said in a blog post.

The OS command-injection bug, in the web application firewall platform known as FortiWeb, will get a patch at the end of the month. An unpatched OS command-injection security vulnerability has been disclosed in Fortinet's web application firewall platform, known as FortiWeb.