Horizon3.ai Chief Attack Engineer Zach Hanley and the Horizon3.ai Red Team Zach Hanley has just published CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive with indicators of compromise and a link to the team’s proof of concept exploit on GitHub to blindly execute commands as root on vulnerable FortiSIEM appliances.
Hanley said: “Several issues were discovered during this audit that ultimately lead to unauthenticated remote code execution in the context of the root user. The vulnerabilities were assigned CVE-2023-34992 with a CVSS3.0 score of 10.0 given that the access allowed reading of secrets for integrated systems, allowing for pivoting into those systems.”
FortiSIEM is Fortinet’s security information and event management (SIEM) with user and entity behavior analytics (UEBA), with the functionality typical to SIEM solutions such as log collection, correlation, automated response, and remediation. It also allows for simple and complex deployments ranging from a standalone appliance to scaled out solutions for enterprises and MSPs.
Kashable and BrightDime Launch New Partnership
Posted in Commentary with tags BrightDime, Kashable on May 20, 2024 by itnerdKashable, a fintech platform that provides Socially Responsible Credit™ and financial wellness solutions as an employer-sponsored voluntary benefit, and BrightDime®, a trusted partner that provides a real-time 360-degree view of individuals’ holistic financial picture, have announced a new partnership. This partnership aims to provide access to personalized financial coaching and money management tools. At inception, the program will be implemented across 50 companies, including IKEA, Chobani, and Nasdaq, covering over 170,000 employees.
According to a recent study, 86% of employees indicated that they’re stressed about finances, directly impacting their overall health and performance at work. Having access to financial literacy and coaching tools is crucial to lowering stress and empowering employees to manage their finances effectively and achieve long-term financial stability and security.
Beginning today, employees who have access to Kashable’s Financial Wellness Program will also have access to free financial coaching sessions and other educational resources from BrightDime.
Adding BrightDime’s financial coaching marks a significant stride in empowering employees with the tools they need to enhance and prioritize their financial wellness and security. Through one-on-one and on-demand financial coaching, employees receive support during challenging financial circumstances. This guidance is essential in navigating important financial decisions, enabling employees to stride confidently toward financial independence and well-being.
To speak with Kashable about access to BrightDime’s personalized financial wellness tools, visit Kashable.com.
Leave a comment »