| From: Russell Reiter via talk <[email protected]>
|
| The advisory says even if your org doesn't use the os you should apply
| mitigations.
|
|
https://siliconangle.com/2021/04/04/hackers-actively-targeting-fortios-vulnerabilities-warn-fbi-cisa/
I was not aware of FortiOS. I found that it is "the Heart of the Fortinet
Security Fabric" which doesn't help me. I conclude: I don't care.
The advisory that lists mitigations:
<https://www.ic3.gov/Media/News/2021/210402.pdf>
It seems to say
1) if you run FortiOS, you may have a few problems
2) even if you don't run it, you should "add key artifact files used by
FortiOS to your organization’s execution denylist." [I don't have an
execution denylist.]
3) the usual Good Things, none specific to this vulnerability.
Nothing struck me as interesting. Is there something I'm missing?
---
Post to this mailing list [email protected]
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
