300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug
Source: Bleeping Computer
Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem. The vulnerability is a remote code execution with a severity score of 9.8 out of 10 resulting from a heap-based buffer overflow problem in FortiOS, the operating system that connects all Fortinet networking components to integrate them in the vendor's Security Fabric platform.
Putting Monetary Value on Cyber Risk
Source: Data Breach Today
When it comes to making decisions around risk, the FAIR model is more useful for security leaders than the kind of measurements provided by cyber insurance companies, according to Jack Jones, chairman of the FAIR Institute.
Feds Urge Healthcare Providers, Vendors to Use Strong MFA
Source: Info Risk Today
Federal regulators are once again reminding healthcare entities and their vendors of the importance of using strong multifactor authentication to help fend off hacks and other compromises, but they also warn about avoiding common mistakes with MFA.
CISA's New 'CyberSentry' Program to Tighten ICS Security
Source: Data Breach Today
The United States is further fortifying its critical infrastructure security with a new Cybersecurity and Infrastructure Security Agency program that enhances the cyber resilience of participating partners leveraging the agency's advanced threat detection and monitoring capabilities.
CISO receives Wells Notice From The SEC: What corporate directors should know and do
Source: OODA Loop
SolarWinds, the enterprise technology company made famous after suffering a nation state directed cyber attack in 2020, has been served notice by the SEC that further action is coming. Not only did they receive their own Wells Notice in October, but now two individuals, their CFO and CISO, have as well.
Comments