Featured Story
Fortinet Confirms Zero-Day Exploit Targeting FortiManager Systems
The US cybersecurity agency CISA has issued an alert for a critical zero-day vulnerability in Fortinet’s FortiManager platform. The flaw, CVE-2024-47575 (CVSS 9.8), allows unauthenticated remote code execution via specially crafted requests to the fgfmd daemon.
Fortinet confirms the bug is being exploited in the wild. Mitigation includes applying updates, limiting access to trusted IPs, and enabling certificate-based authentication. CISA urges all users to patch immediately and audit logs for unauthorized access.
Another critical Fortinet zero-day underlines the need for rapid patching and strong segmentation. We recommend immediately applying the vendor fix, rotating credentials, and auditing logs from the identified compromise date. Our SOC team can assist in forensic review and defensive hardening.
Other Stories
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
VMware has patched CVE-2024-38812 (CVSS 9.8), a critical heap overflow flaw in the DCE/RPC protocol of vCenter Server. Attackers with network access could exploit this to execute arbitrary code. Updates are now available for versions 8.0 U3d, 8.0 U2e, and 7.0 U3t.
Though exploitation hasn’t been observed yet, unpatched systems remain vulnerable. Apply updates now to vCenter Server and VMware Cloud Foundation. Avoid exposing management interfaces and monitor for unusual network packets.
Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira
Atlassian has resolved six high-severity flaws in Bitbucket, Confluence, and Jira Service Management. These include CVE-2024-21147 in the JRE for Bitbucket and CVE-2024-7254 in Jira’s Protobuf library. Some issues relate to Moment.js, disclosed publicly back in 2022.
These vulnerabilities could allow attackers to tamper with data or disrupt services. Even without signs of exploitation, we recommend applying the latest updates and reviewing application-level logging for anomalies. Outdated third-party libraries remain a persistent risk.
Safe Online Shopping During Mid-Season Sales
Safeonweb warns consumers about an uptick in fake shopping sites during sale periods. Key red flags include: suspiciously low prices, missing legal/contact info, poor spelling/design, no return policy, and “http” sites. Always verify the site and reviews before purchasing.
Even security-savvy users can fall for professionally spoofed e-commerce sites. If you’ve been tricked, contact your bank, report the fraud to police, and email
suspicious@safeonweb.be. Our SOC is available to help verify suspicious sites or messages.Contact the Approach Cyber SOC team for tailored support and training programs.
