Google has introduced the Mobile Vulnerability Rewards Program (Mobile VRP), a new bug bounty initiative aimed at incentivizing security researchers to uncover vulnerabilities in the company’s Android applications. The program offers monetary rewards to bughunters who can find and help fix weaknesses in Google-developed or maintained first-party Android apps. In [...]
Default configurations of Fortinet’s FortiGate VPN appliance could open organizations to man-in-the-middle (MitM) attacks, according to researchers, where threat actors could intercept important data.
According to the SAM IoT Security Lab, the FortiGate SSL-VPN client only verifies that the certificate used for client authentication was issued by Fortinet or another trusted certificate authority.
“Therefore, an attacker can easily present a certificate issued to a different FortiGate router without raising any flags, and implement a man-in-the-middle attack,” researchers wrote, in an analysis on Thursday.
They added, “An attacker can actually use this to inject his own traffic, and essentially communicate with any internal device in the business, including point of sales, sensitive data centers, etc. This is a major security breach, that can lead to severe data exposure.”
A Shodan search turned up more than 230,000 vulnerable FortiGate appliances using the VPN functionality, researchers found. Out of those, 88% or more than 200,000 businesses, are using the default configuration and can be easily breached in an MitM attack.
While the issue exists in the default configuration of the FortiGard SSL-VPN client, Fortinet does not consider the issue to be a vulnerability, because users have the ability to manually replace the certificate in order to secure their connections appropriately.
Source- Threatpost
German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf (UKD) caused a failure of IT systems, resulting in the death of a woman who had to ...
Antonio Gerhold DDS on May 13, 2019
Sed et commodi non consectetur ea voluptates accusantium est. Culpa nemo autem dolores voluptatem natus sed. Sunt et libero et aut. Cumque nemo debitis eos id totam consequatur.
Omnis numquam vel consequuntur tenetur totam. Dolores veniam dignissimos nostrum neque magni.
Julia Johns on May 13, 2019
Molestiae consectetur sint debitis quasi quia rerum. Accusantium consequatur soluta praesentium sapiente. Illum et ullam eligendi fugiat excepturi libero vel. Autem repellat quis aliquid et quod.