Fortinet has released a patch an advisory on a recent critical authentication bypass vulnerabilities affecting FortiOS, FortiProxy, and FortiSwitchManager. The authentication bypass bug, CVE-2022-40684, allows an unauthenticated user to perform administrative functions through maliciously crafted HTTPS requests. Account owners with affected devices have been notified early last week prior to their public release to update…

Continue Reading

Google has recently reported that their Cloud Armor service blocked the largest DDoS attack ever recorded. A DDoS, or distributed denial-of-service is a malicious attack where excessive amounts of requests are sent to a target. It’s intended to crash a website or server, affect performance and availability for legitimate traffic, or increase hosting and resource…

Continue Reading

Apple has released updates patching two critical vulnerabilities recently discovered. An application is able to use this vulnerability to run malicious code and gain Kernel privilege, which is the highest privilege allowing full control of the device. These vulnerabilities may have been previously exploited by hackers in likely targeted attacks. The affected devices include: macOS…

Continue Reading

VMware has released patches for bugs and vulnerabilities, including a critical authentication bypass bug. This bug allowed a user to gain administrator privileges without authentication. Products affected include VMware Workspace ONE, VMware Identity Manager, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager software programs. Many of the patches have at least a moderate CVS…

Continue Reading

Mangatoon, the manga and comic reading platform, has suffered a data breach exposing the data of over 20 million accounts. The hacker was able to steal this data by accessing an unsecured or misconfigured database. BleepingComputer in their report was able to confirm their hack method and was able to verify a data sample to…

Continue Reading