Three Major Enterprise Vulnerabilities Actively Being Exploited
This month, vulnerabilities were disclosed for three popular products – Webmin servers, Pulse Secure VPN, and Fortinet Fortigate VPN. Threat actors began exploiting the vulnerabilities this week, targeting enterprise networks with the aim to take full control over impacted systems. The Webmin vulnerability could allow attackers to access all servers being managed through Webmin installs, while the two VPN vulnerabilities could allow unauthenticated attackers to retrieve files from a targeted system. The NJCCIC highly recommends all users and administrators update to patched versions of Webmin, Pulse Secure, and Fortinet Fortigate. More information on the vulnerabilities can be found in the ZDNet article.