security

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2024-Adresse geschuetztVMware vCenter Server Out-of-bounds Write Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the Significant […]

Is AI-Generated Code Secure? Xavier used the free static code analysis tool Bandit to review code he wrote with heavy AI support. https://isc.sans.edu/diary/Is%20AI-Generated%20Code%20Secure%3F/32648 Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts Arctic Wolf summarized some of the attacks it is seeing against FortiGate devices via the insufficiently patched SSL vulnerability. https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-configuration-changes-fortinet-fortigate-devices-via-sso-accounts/ ISC BIND […]