Issue: Fortinet, the creator of small, mid, and large scale security devices such as firewalls has announced two vulnerabilities in their web-based management tool. This allows users to bypass authentication into their systems, including bypassing multi-factor authentication.
Resolution: Fortinet has released updates for all of the exposed systems. Users should apply both patches and any firmware-related updates immediately. Note - this is a large number of vulnerabilities discovered in Fortinet products this year. As such, we are placing a heightened warning against Fortinet products until they are able to solidify their platform.
Risk 2: Low
Issue: Microsoft announced an issue with their Server 2019 and higher platforms that would cause their VMs (virtual machines) to crash and restart unexpecedly.
Resolution: A patch has been developed and users maintaining a Server 2019 or higher system should update immediately. Users on a hosted platform should ensure their their hosting provider has applied the patch.
Risk 3: High
Issue: Microsoft has released 62 security and feature updates for Windows 11. No significant details were provided.
Resolution: Users should apply the latest Windows Update to apply these patches.
Risk 4: High
Issue: A vulnerability was discovered within the Google ecosystem that allowed Google Calendar Invites to attack the user's instance of Gemini and access all of the data that had been uploaded, created, and accessible to the AI platform. This exposure would allow an outside actor to access all of the data within your Gemini instance and any connected systems.
Resolution: Google has patched the vulnerabillity but it is important to remember that data uploaded to any system, included AI platforms, is no safer than data stored on any other system.
Announced Data Breaches
Colt Telecom
Canada House of Commons
Pennsylvania Attorney General's Office
Allianz
Manpower
Saint Paul, MN
Connex Credit Union
Google Ads
Upcoming Live CE
Brad will be leading a webinar for NAEA’s Practice Education series on Thursday October 2 at 3pm. The webinar will be about Cybersecurity and the essential components of a WISP (Written Information Security Plan).
Brad will be presenting to the New Jersey Chapter of NATP on October 21 the topic AI, specifically in Simplifying Tax Topics for Clients and Making Tax Research for Efficient.
Financial Guardians is a proud member of InCite, the recently launched online community exclusively for tax professionals, bookkeepers, and accountants. InCite members receive a 30% discount.
Financial Guardians has partnered with the California Society of Tax Consultants to provide a 30% access discount as well as many other offers. More info can be found at www.cstcsociety.org
