vulnerability in FortiOS SSL VPN

Zero-day vulnerablity in FortiOS SSL VPN

A zero-day vulnerability in FortiOS SSL VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations.” “The attacks entailed the exploitation of CVE-2022-42475, a heap-based buffer overflow flaw that could enable an unauthenticated remote attacker to execute arbitrary code via specifically crafted requests.”

Data Breaches Multifactor Authentication Password management Security
LastPass customer

LastPass customer: time to change passwords

The hacker copied information from backup that contained basic LastPass customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. The threat actor was also able to copy a backup of customer vault data from the […]