Overview
Fortinet has released an urgent security update to address a critical vulnerability in its Fortigate firewalls.
Fortigate is one of the most popular companies worldwide for providing next-generation firewalls that combine traditional firewall and other types of network-device filtering function, including virtual private-network (VPN) support. The popularity of Fortinet products has led to them being common targets for threat-actors
This vulnerability, CVE-2023-27997, affects the SSL VPN function of the firewalls by allowing remote code execution without authentication even if multi-factor authentication (MFA) is in place.
Admins should apply the patch as soon as possible. If you think that your organisation might be using a Fortigate firewall, please speak to your I.T. provider.
VMWare has released a critical security update to address three vulnerabilities in VMWare Aria Operations for Networks.
Barracuda has released a critical security update addressing a remote command injection vulnerability that is known as CVE-2023-2868 in their Barracuda Email Security Gateway (ESG) appliances. When this vulnerability is exploited it allows a remote unauthenticated attacker to execute system commands with the privileges of the ESG product.
Cisco has released a security update to address critical- and high-severity vulnerabilities in the following products:
- Cisco TelePresence Video Communication Server (VCS) and Expressway;
- Cisco AnyConnect Secure Mobility Client Software;
- Cisco Unified Communications Manager IM & Presence;
- Cisco Adaptive Security Appliance Software and Firepower Threat Defence Software for Firepower 2100 Series Appliances.
Strava, the fitness-tracking application, has been identified as having a possible privacy risk in the use of its ‘heatmap’ feature. The North Carolina State University Raleigh has identified that the heatmap could potentially be used to allow the tracking and identification of Strava app users. Researchers have been able to identify where people lived based on their Strava activity. The more often the app is used, the more public someone’s profile and the more information (e.g. location) shared on profiles, the easier it is to identify people and their home addresses.
If you have privacy concerns, the heatmap feature is active by default but it can be switched off. Alternatively, you might want to consider making your profile private to other users and turning on heatmap after you have left your home.
Recommended Action
Organisations are encouraged to review the appropriate security, settings, and advisory pages and apply any recommended updates:
Fortinet – Security Update
VMWare – Security Advisories
Barracuda – Security Update
Cisco – Security Advisories
Strava - Privacy Controls
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.