
Fortinet Firmware Updates
- FortiADCManager 7.0.1 B0008 and release notes are available for download from the Support site : https://support.fortinet.comThis concerns the following models: FADCManager
- FortiPortal 6.0.14 B0375 and release notes are available for download from the Support site : https://support.fortinet.comThis concerns the following models: FPC_VM64
- FortiTester 7.2.3 B0362 and release notes are available for download from the Support site : https://support.fortinet.comThis concerns the following models: FTS_VM_AWS_BYOL, FTS_2000D, FTS_4000E, FTS_VM_IBM_BYOL, FTS_2500E, FTS_3000E, FTS_VM_AZURE_BYOL, FTS_VM_AWS, FTS_VM_GCP_BYOL, FTS_2000F, […]
- FortiAnalyzer-BigData 7.2.3 B0533 and release notes are available for download from the Support site : https://support.fortinet.comThis concerns the following models: FAZBD_Bootloader, FAZBD_VM64
- FortiSIEM 6.7.5 B1742 and release notes are available for download from the Support site : https://support.fortinet.com
- FortiExtender 4.2.6 B0520 and release notes are available for download from the Support site : https://support.fortinet.comThis concerns the following models: FEXT_211E, FEXT_201E
- FortiSwitchManager 7.2.2 B0122 and release notes are available for download from the Support site : https://support.fortinet.comThis concerns the following models: FSWM_VM64_KVM, FSWM_VM64_HV, FSWM_VM64_VMWARE
- FortiWeb 7.0.7 B0151 and release notes are available for download from the Support site : https://support.fortinet.comThis concerns the following models: FWB_KVM_PAYG, FWB_3010E, FWB_4000D, FWB_HYPERV, FWB_400E, FWB_3000D, FWB_3000E, FWB_DOCKER, FWB_XENSERVER, FWB_100E, […]
- FortiMail 7.2.4 B0401 and release notes are available for download from the Support site : https://support.fortinet.comThis concerns the following models: FML_3000E, FML_VM, FML_3200E, FML_2000E, FML_VMAW, FML_VMHV, FML_VMAZ, FML_VMKV, FML_900F, FML_VMOC, […]
- FortiAuthenticator 6.5.2 B1329 and release notes are available for download from the Support site : https://support.fortinet.comThis concerns the following models: FAC_VM_KVM, FAC_300F, FAC_VM_HV, FAC_3000F, FAC_VM_AZURE, FAC_3000E, FAC_800F, FAC_VM, FAC_VM_XEN, FAC_200E, […]
Fortinet Thread Blog
- The FortiGuard Labs team investigates a threat campaign targeting YouTube viewers. Get a view of its entire attack chain along with the malware components that make up this campaign.
- A detailed analysis of a driver named WinTapix that uses Donut open-source payload to inject its shellcode that appears to be primarily targeting countries in the Middle East.
- The FortiGuard Labs team recently discovered over 30 new zero-day attacks in PyPI packages. Read to learn more about all the packages that were found.
- FortiGuard Labs examines the Maori ransomware, another variant that encrypts files on victims' machines in an attempt to extort money but is designed to run on Linux architecture. Learn more.
- FortiGuard Labs discusses the changes observed in a new RapperBot campaign and provides a technical analysis of the variant upgraded with miner capabilities. Learn more.
- FortiGuard Labs details how a unique botnet leverages a Ruckus vulnerability and examines its behavior once inside an infected device. Learn more.
- The FortiGuard Labs team highlights threat actors conducting a targeted campaign that takes the time to create a lure relevant enough for the target to pursue.
- FortiGuardLabs examines the UNIZA ransomware, yet another variant that encrypts files on victims' machines in an attempt to extort money. Learn more in this week’s Ransomware Roundup.
- FortiGuard Labs examines the initial attack method used to deliver EvilExtractor and its malicious activities as an infostealer.
- FortiGuard Labs covers the Kadavro Vector ransomware that encrypts files and demands a ransom in Monero (XMR) cryptocurrency for file decryption. Learn more.
Cert Bund News
- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in verschiedenen Drupal Plugins ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder Sicherheitsvorkehrungen zu umgehen.
- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Arista EOS ausnutzen, um einen Denial of Service Angriff durchzuführen.
- Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in libvirt ausnutzen, um einen Denial of Service Angriff durchzuführen.
- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Java ausnutzen, um die Integrität und die Verfügbarkeit zu gefährden.
- Ein Angreifer aus dem angrenzenden Netzwerk kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
- Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Sicherheitsvorkehrungen zu umgehen und einen Denial of Service Zustand auszulösen.
- Ein Angreifer kann mehrere Schwachstellen in Python ausnutzen, um einen Denial of Service Angriff durchzuführen und Sicherheitsmaßnahmen zu umgehen.
- Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
- Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen und einen nicht spezifizierten Angriff auszuführen.
- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Informationen offenzulegen.
Microsoft Exchange Team Blog
- von The_Exchange_TeamWe’re about a month away from the deadline we communicated in our blog post and Message Center posts, and we want to remind our customers before we start blocking traffic. […]
- von The_Exchange_TeamOn March 23, we announced that we would be enabling a transport enforcement system in Exchange Online to address the problem of email sent to Exchange Online from unsupported and […]
- von The_Exchange_TeamJournaling in Exchange Server or Exchange Online can help your organization respond to legal, regulatory, and organizational compliance requirements by recording all or targeted email messages. To know more about […]
- von The_Exchange_TeamPublic folders provide a way to collect, organize, and share information with other people in your organization. They can help users organize content in a deep hierarchy that's easy to […]
- von The_Exchange_TeamUpdate 5/19/2023: Clarified the timeline and scope of changes. Starting July 15, 2023, we will start deprecating the legacy RPS protocol in the Security and Compliance PowerShell module. RPS is […]
- von The_Exchange_TeamDue to user error, the original version of this article published on March 23 was deleted. We are republishing the article below. Please join us for upcoming Ask Me anything […]
- von The_Exchange_TeamToday we are announcing the availability of the 2023 H1 Cumulative Update (CU) for Exchange Server 2019 (aka CU13). CU13 includes fixes for customer reported issues along with all previously […]
- von The_Exchange_TeamMicrosoft 365 Defender is a unified enterprise defense suite that provides integrated protection against sophisticated attacks by coordinating detection, prevention, investigation, and response across endpoints, identities, email, and applications. It […]
- von The_Exchange_TeamThis blog post is to draw your attention to an issue that we had with one of our script update functions that we use in several of our scripts to […]
- von The_Exchange_TeamLast September, we announced the deprecation of Client Access Rules (CARs) in Exchange Online. CARs allow admins to control which devices can access their organization's mailboxes. It was introduced in […]
MSXFAQ Newsfeed
- 21. Mai 23 Deutschlandticket – Von einem der … – Ich wollte doch nur drei Tage zum European Collab Summit 2023 nach Düsseldorf
- 19. Mai 23 DMARC-Validation – Wie eine DMARC-Eintrag die SPF und DIM-Ergebnisse steuert
- 18. Mai 23 DMARC bricht SPF bei SRS – Das DMARC Alignment blockiert ein SPF=PASS, wenn der Absender per SRS umgeschrieben wird.
- 15. Mai 23 Duplikate Recipient Address – Doppelte Empfängeradressen sind nicht erlaubt aber können passieren. So erkennen und finden Sie die Objekte
- 14. Mai 23 Hybrid Free/Busy Details – Mittlerweile kann FreeBusy mit Hybrid auch AutoD Redirects
- 13. Mai 23 Teams Anrufsignal – Überlegungen zu einer Zweiklingel zur Teams Anrufsignalisierung
- 12. Mai 23 EXO Mailboxserver Insights – Interessante Einblicke in die Größenstruktur von Exchange Online von außen per PowerShell
- 09. Mai 23 AD dsHeuristics – Schutz gegen eine Lücke bei AD-Computerobjekten. Update vom Nov 2021 aber Zwang erst ab Jan 2024
- 08. Mai 23 cloud.microsoft-Name – Microsoft wird Registrar und nutzt cloud.microsoft-Domains für Cloud-Dienste. AMA am 24. Mai 2023
- 07. Mai 23 Limit Enforcement System – Irgendwann dürften zu alte Exchange OnPrem Server keine Hybrid-Mails mehr an Exchange online zustellen