A quick Saturday digest of cybersecurity news articles from other sources.
Is Your Company Using a FortiOS SSL VPN? Make Sure It Is Updated
Virtual private networks (VPNs) let remote employees securely connect to their companies’ networks. However, companies using Fortinet’s FortiOS SSL VPNs might be putting their networks at risk. Discover why using FortiOS SSL VPNs can be risky and what all companies need to do to protect their VPNs, no matter what kind of VPN they are using.
Many businesses allow their employees to work from home. They often use virtual private networks (VPNs) so that the remote workers can securely connect to the resources and machines on their companies’ networks.
However, businesses using Fortinet’s FortiOS SSL VPN might be putting their networks in hackers’ cross hairs. The FortiOS SSL VPN has two vulnerabilities that cybercriminals are actively exploiting, according to a joint alert issued in April 2021 by the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA). The hackers are scanning the Internet for vulnerable FortiOS SSL VPNs. When found, they use the vulnerabilities to gain access to businesses’ VPNs and networks. Once inside a company’s network, they steal data, install ransomware, or carry out another type of cyberattack. More…
The post Is Your Company Using a FortiOS SSL VPN? Make Sure It Is Updated appeared first on CHIPS.
CISA and NSA Release Kubernetes Hardening Guidance
Original release date: August 2, 2021 | Last revised: August 3, 2021
The National Security Agency (NSA) and CISA have released Kubernetes Hardening Guidance, a cybersecurity technical report detailing the complexities of securely managing Kubernetes—an open-source, container-orchestration system used to automate deploying, scaling, and managing containerized applications.
This report describes the security challenges associated with setting up and securing a Kubernetes cluster, and presents hardening strategies to guide system administrators avoid common misconfigurations.
CISA encourages users and administrators to ensure the security of applications by following the hardening guidance outlined in this report.
Pulse Secure Releases Security Update for Pulse Secure Connect
Original release date: August 6, 2021
Pulse Secure has released Pulse Secure Connect system software version 9.1R12 to address multiple vulnerabilities an attacker could exploit to take control of an affected system.
CISA encourages users and administrators to review Pulse Secure’s Security Advisory SA44858 and apply the necessary update.
Share
AUG
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com