Podcast Detail

SANS Stormcast Monday, January 26th, 2026: FortiOS SSO Vuln Updates; Outlook OOB Update; VMware vCenter Exploited

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9780.mp3

previous
Podcast Logo
FortiOS SSO Vuln Updates; Outlook OOB Update; VMware vCenter Exploited
00:00

Analysis of Single Sign-On Abuse on FortiOS
Fortinet released an advisory. FortiOS devices are vulnerable if configured with any SAML integration, not just FortiCloud
https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios

Outlook OOB Update
Microsoft released a non-security OOB Update for Outlook, fixing an issue introduced with this months security patches.
https://support.microsoft.com/en-us/topic/january-24-2026-kb5078127-os-builds-26200-7628-and-26100-7628-out-of-band-cf5777f6-bb4e-4adb-b9cd-2b64df577491

VMware vCenter Server Vulnerabilities Exploited (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081)
A VMWare vCenter vulnerability patched last June is now actively exploited.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

no transcript found