Security News

Hackers exploit critical bug in Array Networks SSL VPN products
2024-11-26 13:26

America's Cyber Defense Agency has received evidence of hackers actively exploiting a remote code execution vulnerability in SSL VPN products Array Networks AG and vxAG ArrayOS. [...]

SSL Certificate Best Practices Policy
2024-11-13 16:00

SSL certificates are essential for encrypting traffic between systems such as clients, which access servers via web browsers or applications that communicate with remote systems. Certificates...

DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight
2024-07-31 14:13

Certificate authority DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper Domain Control Validation.

Norway recommends replacing SSL VPN to prevent breaches
2024-05-16 19:07

SSL VPN and WebVPN provide secure remote access to a network over the internet using SSL/TLS protocols, securing the connection between the user's device and the VPN server using an "Encryption tunnel." "The severity of the vulnerabilities and the repeated exploitation of this type of vulnerability by actors means that the NCSC recommends replacing solutions for secure remote access that use SSL/TLS with more secure alternatives. NCSC recommends Internet Protocol Security with Internet Key Exchange," reads the NCSC announcement.

Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation
2024-02-09 07:45

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the...

New Fortinet RCE flaw in SSL VPN likely exploited in attacks
2024-02-08 23:11

Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks.For those unable to apply patches, you can mitigate the flaw by disabling SSL VPN on your FortiOS devices.

SSL Certificate Best Practices Policy
2023-09-20 16:00

SSL certificates are essential for encrypting traffic between systems such as clients, which access servers via web browsers or applications that communicate with remote systems. Certificates protect client and server data, commonly involving confidential information such as credit card details or social security numbers.

Provide Secure Remote Access for Your Employees with an SSL VPN
2023-07-18 16:00

TechRepublic Premium Checklist: How to Create a Team Charter A good team charter should define the purpose of a team, how work will get done and the expected outcomes. Often, a team charter is described as a "Roadmap" for the team and its sponsors.

Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now
2023-06-11 15:43

Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices. While not mentioned in the release notes, security professionals and admins have hinted that the updates quietly fixed a critical SSL-VPN RCE vulnerability that would be disclosed on Tuesday, June 13th, 2023.

CloudPanel installations use the same SSL certificate private key
2023-03-23 15:56

Self-hosted web administration solution CloudPanel was found to have several security issues, including using the same SSL certificate private key across all installations and unintentional overwriting of firewall rules to default to weaker settings. Attackers would need to find fresh CloudPanel installations to exploit this problem, which is made possible by the third issue discovered by Rapid7.