Security News

Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits
2023-08-30 11:15

Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports. "This flaw allows an unauthorized user to exploit the unauthenticated Openfire Setup Environment within an established Openfire configuration," cloud security firm Aqua said.

Exploit released for Juniper firewall bugs allowing RCE attacks
2023-08-28 14:46

Proof-of-concept exploit code has been publicly released for vulnerabilities in Juniper SRX firewalls that, when chained, can allow unauthenticated attackers to gain remote code execution in Juniper's JunOS on unpatched devices.Juniper disclosed four medium-severity bugs in its EX switches and SRX firewalls and released security patches two weeks ago.

PoC for no-auth RCE on Juniper firewalls released
2023-08-28 10:20

Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks' SRX firewalls and EX switches that could allow remote code execution, as well as a proof-of-concept exploit. Earlier this month, Juniper Networks published an out-of-cycle security bulletin notifying customers using its SRX firewalls and EX switches of vulnerabilities that, chained together, would allow attackers to remotely execute code on vulnerable appliances.

Juniper Networks fixes flaws leading to RCE in firewalls and switches
2023-08-22 08:40

Juniper Networks has fixed four vulnerabilities in Junos OS that, if chained together, could allow attackers to achieve remote code execution on the company's SRX firewalls and EX switches.Junos OS is an operating system based on Linux and FreeBSD that runs on Juniper Networks firewalls, network switches and other security devices.

Secure Business-Critical Resources with a Web Application Firewall
2023-07-18 16:00

TechRepublic Premium Checklist: How to Create a Team Charter A good team charter should define the purpose of a team, how work will get done and the expected outcomes. Often, a team charter is described as a "Roadmap" for the team and its sponsors.

Beijing wants to make the Great Firewall of China even greater
2023-07-17 18:28

Over the weekend Chinese president Xi Jinping gave a directive to officials to build a Beijing-supervised "Security barrier" around its internet. According to state-sponsored media republished by the government, Xi said it was "Essential to uphold the Party's leadership over the internet sector."

Alert: 330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw
2023-07-04 06:58

No less than 330000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that have come under active exploitation in the wild. Cybersecurity firm Bishop Fox, in a report published last week, said that out of nearly 490,000 Fortinet SSL-VPN interfaces exposed on the internet, about 69 percent remain unpatched.

You've patched right? '340K+ Fortinet firewalls' wide open to critical security bug
2023-07-03 23:17

More than 338,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical bug Fortinet fixed last month that's being exploited in the wild. Fortinet disclosed the flaw last month and noted that the issue, which it tracks as FG-IR-23-097, "May have been exploited in a limited number of cases and we are working closely with customers to monitor the situation."

300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug
2023-07-03 11:54

Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem.CVE-2023-27997 is exploitable and allows an unauthenticated attacker to execute code remotely on vulnerable devices with the SSL VPN interface exposed on the web.

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls - Patch Now!
2023-06-12 06:49

Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution.The vulnerability, tracked as CVE-2023-27997, is "Reachable pre-authentication, on every SSL VPN appliance," Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend.