Three security vulnerabilities in the FortiOS used in Fortinet SSL VPN are currently being observed to be exploited by advanced persistent threat (APT) actors. Exploitation of the vulnerabilities, CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812, may provide threat actors to gain a foothold within vulnerable networks before moving laterally and carrying out reconnaissance activity. The Federal Bureau of continue reading : Multiple FortiOS Vulnerabilities (CVE-2018-13379, CVE-2019-5591, CVE-2020-12812)

Apple addressed an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. The flaw could be exploited to allow attackers to launch universal cross-site scripting attacks after tricking targets into opening maliciously crafted web content on their devices. A. Nature of the Vulnerability The vulnerability was tracked continue reading : Apple iOS Zero-day Vulnerability (CVE-2021-1879)

Cisco has addressed several vulnerabilities impacting versions of Cisco Jabber client software for Windows, macOS, Android, and iOS, including a critical arbitrary program execution vulnerability. Cisco Jabber is a web conferencing and instant messaging app that allows users to send messages via the Extensible Messaging and Presence Protocol (XMPP). Successful exploitation could enable remote attackers continue reading : Cisco Jabber Multiple Vulnerabilities

QNAP warns customers of ongoing attacks targeting QNAP NAS (network-attached storage) devices.  QNAP has received multiple user reports of hackers attempting to log in to QNAP devices using brute-force attacks, where hackers would try every possible password combination of a QNAP device user account. ___________________________________ A. Nature of the Attack Threat actors are reported to continue reading : Brute-force Attacks on QNAP’s NAS Devices

The OpenSSL Project addresses two high-severity vulnerabilities in OpenSSL Products, a commonly used software library for building networking applications and servers that need to establish secure communications, including one related to verifying a certificate chain and one that can trigger a DoS condition. ___________________________________ A. Nature of the Vulnerabilities The following vulnerabilities were tracked as: continue reading : OpenSSL Vulnerabilities (CVE-2021-3449 and CVE-2021-3450)