Fortinet has just announced that firewall devices running versions of its FortiOS operating system are under active exploit: CVE-2022-42475 allows an unauthenticated attacker to remotely access admin controls from outside the network, posing a serious security threat to unpatched devices.
Fortinet has already released patches that will eliminate the vulnerability…[read more]
Fortinet has recently announced a severe vulnerability in certain firewalls and web proxies: CVE-2022-40684 allows an unauthenticated attacker to remotely access admin controls from outside the network, posing a serious security threat to unpatched devices.
Thankfully, the fix is straightforward: the latest released patches for these products will eliminate the exploit. Therefore, patching these devices as quickly as possible should be a priority for any organization that uses them…[read more]
A newly-discovered malicious exploit for Microsoft Exchange Servers is drawing attention this week. This exploit allows an authenticated attacker to execute malicious code on a vulnerable on-premise Exchange Server. This vulnerability only exists for on-premise servers: Microsoft Exchange Online servers are not affected. Because the attack requires authentication to get past the “first line of defense,” this vulnerability is serious but not catastrophic.
As always, Mytech is monitoring this situation closely and has already taken steps to protect any of our clients who could be affected by this vulnerability. To stay updated on this and other cybersecurity news, follow this page for further details.
A newly-discovered malicious exploit for Microsoft Office files has made headlines over the weekend: the “Follina” MSDT attack uses programs like Microsoft Word to execute malicious code when a prepared file is accessed, allowing an attacker significant access to a device, where they can then deploy further exploits and do even greater damage.
The bad news: this exploit requires user input. The good news: this exploit requires user input! If your team members have experience detecting a phishing attempt, they are well-positioned to stop this attack in its tracks. Please notify your team of this vulnerability for Office files, and remind them that they should never click, open, download, or even preview an email attachment that they were not expecting to receive…[read more]
Subscribe to receive industry updates, best practices articles, invites to in-person events, webinars, and more!
With our philosophy of “presume breach” sophisticated threats like these are mitigated by the security measures we deploy through our SmartBusiness Suite, which can detect pre-attack network changes and prevent the call-and-response tactics that allow further access into a network.