WatchGuard announced in the last days a new feature called Dark Web Scan. The feature is hosted in the WatchGuard cloud. With this new tool, you can perform searches based on email addresses and domain names to see which accounts have been exposed on the dark web during known data breaches.
Sicherlich haben Sie sich schon gefragt, wann welches Feature in welchem Fireware Release eingeführt wurde. Da sich dies nur mühsam per Release Notes oder Dokumentation rausfinden lässt, hat WatchGuard für ihre Features einen KB Artikel mit einer Feature Liste pro Version erstellt:
Customers of Menlo Security using Internet Explorer (IE) are protected against a recent and still-active zero-day exploit using Internet Explorer, as outlined by Microsoft’s security update CVE-2020-1380.
The remote code execution vulnerability allows an attacker to take advantage of how the engine handles memory and to force corruption.
Based on two recent support cases regarding the IPsec performance between an OnPrem and Azure FortiGate, we did some testing using the latest FortiOS 6.4.1.
We’ve created a basic IPsec tunnel using the wizard, deployed an Ubuntu machine at both sites and used iPerf3 to do some speed testing. The results were nowhere near the expected numbers, while sending from Azure to OnPrem (~250Mbit/s) was a bit faster than reverse (~120Mbit/s).
Since a while, the most recent macOS versions the system do report the use of „legacy system extensions“ which is often triggered by modules or plugins of low-level software like VPN Clients, AV software etc.
There seems to be a vulnerarbility in some FortiMail versions, that allow an unauthenticated remote attacker to access the system by requesting a password change. Please refer to the FortiGuard PSIRT article.
The problem here is not only the unauthorized access to the system, but also the change of the password of all configured administrative accounts. Also, the maintainer functionality to reset the administrator password over a serial console of the FortiMail is being disabled from the attacker.
Since June 1st you may notice that some websites (https) are not working anymore when Fortigate or the Palo Alto Networks Firewall is doing decryption or certificate inspection. Typically you are getting one of the following error messages: