Virtual private networks (VPNs) let remote employees securely connect to their companies’ networks. However, companies using Fortinet’s FortiOS SSL VPNs might be putting their networks at risk. Discover why using FortiOS SSL VPNs can be risky and what all companies need to do to protect their VPNs, no matter what kind of VPN they are using.
Many businesses allow their employees to work from home. They often use virtual private networks (VPNs) so that the remote workers can securely connect to the resources and machines on their companies’ networks.
However, businesses using Fortinet’s FortiOS SSL VPN might be putting their networks in hackers’ cross hairs. The FortiOS SSL VPN has two vulnerabilities that cybercriminals are actively exploiting, according to a joint alert issued in April 2021 by the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA). The hackers are scanning the Internet for vulnerable FortiOS SSL VPNs. When found, they use the vulnerabilities to gain access to businesses’ VPNs and networks. Once inside a company’s network, they steal data, install ransomware, or carry out another type of cyberattack. More…
The post Is Your Company Using a FortiOS SSL VPN? Make Sure It Is Updated appeared first on CHIPS.
Original release date: August 2, 2021 | Last revised: August 3, 2021
The National Security Agency (NSA) and CISA have released Kubernetes Hardening Guidance, a cybersecurity technical report detailing the complexities of securely managing Kubernetes—an open-source, container-orchestration system used to automate deploying, scaling, and managing containerized applications.
This report describes the security challenges associated with setting up and securing a Kubernetes cluster, and presents hardening strategies to guide system administrators avoid common misconfigurations.
CISA encourages users and administrators to ensure the security of applications by following the hardening guidance outlined in this report.
Original release date: August 6, 2021
Pulse Secure has released Pulse Secure Connect system software version 9.1R12 to address multiple vulnerabilities an attacker could exploit to take control of an affected system.
CISA encourages users and administrators to review Pulse Secure’s Security Advisory SA44858 and apply the necessary update.