Fortinet’s December 24, 2025, product security advisory is an important reminder that threat actors: Plan on reduced staffing levels during the holidays to launch attacks Often follow a path of least resistance – leveraging old, unpatched vulnerabilities to gain access to systems The post warns that attackers are exploiting an unpatched critical FortiOS vulnerability, CVE-2020-12812, […]
F5 has issued a significant security advisory and released updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients. These updates address risks from nation-state threat actors that broke into F5’s systems and stole files containing some of BIG-IP’s source code and information related to undisclosed vulnerabilities in the product. Underscoring the urgency,
The odds of your network and security devices being disrupted by breaches are increasing. Threat actors exploit known vulnerabilities in devices such as firewalls and routers because they are prime targets for data gathering and cyber espionage, where bad actors can sit undetected for extended periods. And since 25% of network vulnerabilities remain unpatched for over one year, they
When we think about network security, we often focus on vulnerabilities or exploits, internal threats, and password compromises. However, we don’t often consider automation. Anything that can negatively impact network cyber resiliency and recovery of the entire operation after an ‘event’ relates to security. Automation helps maintain optimal network performance and security. With that in
There’s always a layer of details that differentiates between easy and simple. BackBox enhances network security by making network software upgrades for patching security vulnerabilities accessible and straightforward. Let me first illustrate the difference between easy and simple with an example that most people can grasp. Just File a Claim The U.S. healthcare system includes
Network vulnerability management is intended to help network administrators prioritize OS updates based on actual risk to the organization. In theory, updating devices sounds easy. Every vendor provides software updates so you can implement them. In practice, however, it’s not. Because the quality of update tooling varies by vendor and updating at scale can be
Network teams and the devices they manage are not the usual audience for discussions about ransomware. Ransomware affects endpoints and is often the purview of IT administrators and security teams. However, once data is encrypted and/or stolen, the costs of a ransomware attack snowball – as much as 1,000 times higher than if an incident
Vulnerability management is a fundamental element of cyber hygiene. So, why do 56% of organizations report that their most recent data breach resulted from a known vulnerability not properly patched or addressed? As networks become more complex and include network and security devices from multiple vendors, vulnerabilities increase, putting pressure on teams to identify and
This month, Fortinet released a significant security update that addressed multiple vulnerabilities. This addresses issues across its product portfolio, including FortiOS, FortiProxy, FortiManager, and FortiAnalyzer. Such disclosures are not uncommon. However, they pose a challenge to network and security professionals striving to secure their networks. Already overwhelmed, news of new vulnerabilities might not even cut
Why risk management? Risk and risk mitigation involve predicting future probabilities and investing to minimize the likelihood of a breach. Predicting the future is a fool’s game with uncertain and unknowable outcomes. Risk modeling, they say, becomes security theater. Risk Assessment has transformed into a tool for persuasion—essentially, “security theater”— instead of serving as a