Patch Your Microsoft Windows and Office: Fortinet Discovers Three Zero-Day Remote Code Execution Vulnerabilities

The Patch Tuesday cycle has begun once again and the team at Fortinet has announced some of the conditions surrounding several of the Windows and Office related patches that have been released by Microsoft.  Please review your environments and patch your systems accordingly.

https://www.fortinet.com/blog/threat-research/microsoft-windows-office-zeroday-remote-code-vulnerabilities.html

CIPA Compliance and Cybersecurity: You Can’t Have One Without the Other

Though unabashedly sales centric, this blog post by Fortinet provides a good overview of the intentions and goals associated with CIPA (Children’s Internet Protection Act).  It is well worth a read as both a parent and a potential technology provider in the K-12 space.

https://blog.fortinet.com/2017/08/31/cipa-compliance-and-cybersecurity-you-can-t-have-one-without-the-other

Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak

Is anyone honestly surprised by this revelation?  Let us not forget the photographs provided back during the Prism discussions of NSA employees opening Cisco hardware boxes, altering firmware and repackaging devices.  Regardless one which side of the Snowden debate you find yourself, I think we can all agree that vulnerabilities and backdoors create weaknesses in products and services, despite the best or worst intentions of the people who placed them there.

http://www.scmagazine.com/industry-pros-react-to-cisco-fortinet-advisories-after-possible-snowden-nsa-leak/article/517385/

Cyber Threat Assessment: Threat Landscape Report

The CTAP program at Fortinet is a great initiative designed to help organizations better understand the threats in their environments and the value a UTM can bring to overall network security.  I love that Fortinet has consolidated this data in the form of this landscape report.  It is quite eye opening.

http://blog.fortinet.com/post/cyber-threat-assessment-threat-landscape-report

Brief Statement Regarding Issues Found with FortiOS

This linked article from Fortinet details their response to the reported vulnerability in FortiOS concerning SSH and admin passwords.  Please pay cloase attention to the FortiOS versions involved and make note that SSH must be enabled on an active interface via a firewall rule for this vulnerability to be leveraged.

http://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios