Security News

SSL VPN and WebVPN provide secure remote access to a network over the internet using SSL/TLS protocols, securing the connection between the user's device and the VPN server using an "Encryption tunnel." "The severity of the vulnerabilities and the repeated exploitation of this type of vulnerability by actors means that the NCSC recommends replacing solutions for secure remote access that use SSL/TLS with more secure alternatives. NCSC recommends Internet Protocol Security with Internet Key Exchange," reads the NCSC announcement.

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the...

Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks.For those unable to apply patches, you can mitigate the flaw by disabling SSL VPN on your FortiOS devices.

SSL certificates are essential for encrypting traffic between systems such as clients, which access servers via web browsers or applications that communicate with remote systems. Certificates protect client and server data, commonly involving confidential information such as credit card details or social security numbers.

TechRepublic Premium Checklist: How to Create a Team Charter A good team charter should define the purpose of a team, how work will get done and the expected outcomes. Often, a team charter is described as a "Roadmap" for the team and its sponsors.

Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices. While not mentioned in the release notes, security professionals and admins have hinted that the updates quietly fixed a critical SSL-VPN RCE vulnerability that would be disclosed on Tuesday, June 13th, 2023.

Self-hosted web administration solution CloudPanel was found to have several security issues, including using the same SSL certificate private key across all installations and unintentional overwriting of firewall rules to default to weaker settings. Attackers would need to find fresh CloudPanel installations to exploit this problem, which is made possible by the third issue discovered by Rapid7.

Microsoft's WinGet package manager is currently having problems installing or upgrading packages after WinGet CDN's SSL/TLS certificate expired. The problem appears to be connected to WinGet CDN's SSL/TLS certificate that has now expired.

Portainer smooths out the rather steep learning curve of Kubernetes, making it considerably easier for your teams to manage namespaces, networks, pods, ingresses, Helm, ConfigMaps & Secrets, Volumes and even the cluster. My go-to method of deploying Portainer is via a Microk8s cluster, which is the easiest method of getting Kubernetes support rolled into the web-based GUI; however, when deployed in this fashion, Portainer can be accessed either via HTTP or HTTPS and doesn't use SSL certificates.

Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets. The security flaw abused in these incidents is a heap-based buffer overflow weakness found in the FortiOS SSLVPNd that allowed unauthenticated attackers to crash targeted devices remotely or gain remote code execution.