Adobe Releases Security Updates for Multiple Products

Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the...

Fortinet Releases Security Updates for FortiOS and FortiProxy

Fortinet has released a security update to address a vulnerability in FortiOS and FortiProxy software. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the FG-IR-23-315 FortiOS & FortiProxy - Improper...

ISACA Moscow Vulnerability Management Meetup 2018

Last Thursday, September 20th, I spoke at ISACA Moscow "Vulnerability Management" Meetup held at Polytechnic University. The only event in Moscow devoted solely to Vulnerability Management. So I just had to take part in it. The target audience of the event - people who implement the vulnerability...

Cloudflare: Threat control information leak

The information displayed on the threat control page is retrieved using AJAX calls to the API, however the access token atok which is sent along with the requests is not checked by the receiving end. In addition, a callback function name can be supplied to the API. Combined, these factors allow a...