On March 21, 2024, security researchers published a technical analysis along with a proof of concept (PoC) regarding the critical Remote Code Execution (RCE) vulnerability, CVE-2023-48788, in Fortinet’s FortiClientEMS. This vulnerability enables an unauthenticated threat actor to achieve RCE through the manipulation of SQL commands. Fortinet has stated that this vulnerability is under active exploitation. PoC exploit code is also now publicly available.

Effortless Solutions faced a unique challenge: implementing an Enterprise Single Sign-On (SSO) solution for a customer's client in the Netherlands, requiring a SaaS application developed on the Bubble platform to seamlessly integrate with Microsoft EntraID, ensuring minimal disruption and downtime while enhancing productivity and maintaining high-security standards.

The wonderful world of apps can make our lives, work, and studies significantly easier. Our phones, tablets, or computers have many apps, ranging from photography, self-help, fitness, social media, and video games. However, some mobile apps are more safe than others. Although the app store rigorously tests its apps to ensure they function correctly and are free from harmful software, some third-party apps can still sneak onto the platform that can steal user data or harm their devices.

IoT devices have become a vital component of worldwide business operations for different industries, including healthcare, IT, transportation, etc. Organizations that invest in IoT deliver more value to their consumers than others. According to a report by Statista, the number of IoT devices is estimated to be 17.08 billion in 2024, and the figure is showing no signs of stopping. But as its usage is continuously increasing, so are the security concerns!

When a new vulnerability is found, the race is on to either solve it or exploit it (depending on which side you’re on). But while attackers are getting faster, companies not so much. Dev teams take around 215 days to resolve a security vulnerability. The numbers are only marginally shorter when dealing with critical vulnerabilities. This delay is particularly concerning given the rise in zero-day exploits, where hackers take advantage of a security flaw before the organization even knows it exists.

In today’s cloud-native world, systems are usually accessed by users from multiple devices and in various geographic locations. Anyone who has tried to operationalize an impossible travel type alert for cloud resources will understand the myriad nuances and gotchas involved in such an endeavor. A user may be accessing a cloud resource from a mobile device that is tied to a carrier network well away from their normal geographic location.

Multi-factor authentication (MFA) is widely recognized as an important control to make our accounts more secure by providing protection beyond just passwords. When MFA is enabled, we tend to think our accounts are safe from unauthorized access — but what if we said it's time to rethink this belief?

With $109.5 billion of growth expected between now and 2030, the global AI cybersecurity market is booming – and it's not hard to see why. According to a recent survey of security professionals, three-quarters (75%) have observed an increase in cyberattacks. Of these, the research found that an even greater proportion (an overwhelming 85%) blamed AI.

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its focus on bypassing victims’ multi-factor authentication measures.

With the Seemplicity platform and VulnCheck KEV, organizations can remediate the riskiest vulnerabilities faster than ever. The integration of the VulnCheck KEV catalog, a community resource that enables security teams to manage vulnerabilities and risk with additional context and evidence-based validation, is available to all Seemplicity platform customers.