ISC StormCast for Wednesday, January 15th, 2025

Download and listen anywhere
Download your favorite episodes and enjoy them, wherever you are! Sign up or log in now to access offline listening.
Description
Today, Microsoft Patch Tuesday headlines our news with Microsoft patching 209 vulnerabilities, some of which have already been exploited. Fortinet suspects a so far unpatched Node.js authentication bypass to be...
show moreof which have already been exploited. Fortinet suspects a so far unpatched Node.js authentication
bypass to be behind some recent exploits of FortiOS and FortiProxy devices.
Microsoft January 2025 Patch Tuesday
This month's Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as zero-days.
https://isc.sans.edu/diary/rss/31590
Fortinet Security Advisory FG-IR-24-535 CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
https://fortiguard.fortinet.com/psirt/FG-IR-24-535
PRTG Network Monitor Update:
Update for an already exploited XSS vulnerability in Paesler PRTG Network Monitor CVE-2024-12833
https://www.paessler.com/prtg/history/stable
Information
Author | Johannes Ullrich |
Organization | Johannes Ullrich |
Website | - |
Tags |
Copyright 2024 - Spreaker Inc. an iHeartMedia Company
Comments