Tag: fortinet
-
Fortinet Authentication Vulnerability Exploited to Gain Super-Admin Access
Tags: access, authentication, cyber, cybersecurity, exploit, fortinet, threat, update, vpn, vulnerabilityA critical authentication vulnerability in Fortinet’s FortiGate SSL VPN appliance tracked as CVE-2024-55591, has been weaponized in active attacks. Threat actors have exploited this vulnerability to gainsuper-admin privileges, bypassing the authentication mechanism, and compromising devices globally. Cybersecurity experts warn organizations using vulnerable Fortinet systems to patch immediately to prevent catastrophic breaches. Fortinet’s Authentication Vulnerability Explained The…
-
BTS #44 Network Appliances: A Growing Concern
In this episode, Paul Asadoorian and Chase Snyder discuss the latest security threats and vulnerabilities affecting network appliances, particularly focusing on Avanti and Fortinet platforms. They explore the increasing risks associated with these devices, the need for improved security standards, and the challenges of risk management and visibility in network security. The conversation emphasizes the……
-
Insights from Fortinet’s 2025 State of Cloud Security Report
Fortinet’s Vincent Hwang on Addressing Security, Compliance Gaps. According to Fortinet’s 2025 State of Cloud Security Report, 76% of organizations have a shortage of cloud security expertise, compounding cloud adoption and security challenges. How should organizations address the skills gap? Vincent Hwang of Fortinet shares analysis and advice. First seen on govinfosecurity.com Jump to article:…
-
The state of cloud security with Fortinet’s Vince Hwang
First seen on scworld.com Jump to article: www.scworld.com/resource/the-state-of-cloud-security-with-fortinets-vince-hwang
-
48,000+ internet-facing Fortinet firewalls still open to attack
Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/22/48000-internet-facing-fortinet-firewalls-still-open-to-attack/
-
Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day
Seven days after disclosure and little action taken, data shows First seen on theregister.com Jump to article: www.theregister.com/2025/01/21/fortinet_firewalls_still_vulnerable/
-
Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are encrypting AWS S3 data without using ransomware A ransomware … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/19/week-in-review-aws-s3-data-encrypted-without-ransomware-data-of-15k-fortinet-firewalls-leaked/
-
Darknet: Konfigurationen und VPN-Passwörter von Fortinet-Geräten aufgetaucht
Vollständige Konfigurationsdateien mit VPN-Passwörtern im Klartext: Eine Gruppe verschenkt diese Daten im Darknet. heise security liegt der Datensatz vor. First seen on heise.de Jump to article: www.heise.de/news/Darknet-Konfigurationen-und-VPN-Passwoerter-von-Fortinet-Geraeten-aufgetaucht-10244015.html
-
U.S. CISA adds Fortinet FortiOS to its Known Exploited Vulnerabilities catalog
Tags: authentication, cisa, cve, cybersecurity, exploit, fortinet, infrastructure, kev, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS authorization bypass vulnerability, tracked as CVE-2024-55591 (CVSS score: 9.6) to its Known Exploited Vulnerabilities (KEV) catalog. Remote attackers can exploit the vulnerability to bypass authentication and gain…
-
Multi-Cloud Adoption Surges Amid Rising Security Concerns
A new report from Fortinet reveals increased adoption of multi-cloud strategies and hybrid implementations combining on-premises and public cloud infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/multicloud-surges-rising-security/
-
Patchday Fortinet: Hintertür ermöglicht unbefugte Zugriffe auf FortiSwitch
Tags: fortinetDer Anbieter von IT-Securitylösungen Fortinet hat zahlreiche Sicherheitsupdates für seine Produkte veröffentlicht. Das sollten Netzwerkadmins im Blick haben. First seen on heise.de Jump to article: www.heise.de/news/Patchday-Fortinet-Hintertuer-ermoeglicht-unbefugte-Zugriffe-auf-FortiSwitch-10243684.html
-
Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls
The security provider published mitigation measures to prevent exploitation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fortinet-confirms-critical-zero-day/
-
Fortinet Confirms New Zero-Day Exploitation
Fortinet patches critical vulnerabilities, including a zero-day that has been exploited in the wild since at least November 2024. The post Fortinet Confirms New Zero-Day Exploitation appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/fortinet-confirms-new-zero-day-exploitation/
-
Attackers exploiting critical Fortinet zero-day vulnerability
Fortinet disclosed another zero-day vulnerability in its FortiOS and FortiProxy products days after Arctic Wolf detailed a threat campaign targeting the vendor’s devices. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366618095/Attackers-exploiting-critical-Fortinet-zero-day-vulnerability
-
Fortinet confirms zero-day flaw used in attacks against its firewalls
Fortinet has confirmed the existence of a critical authentication bypass vulnerability in specific versions of FortiOS firewalls and FortiProxy secure web gateways. The flaw has been exploited in the wild since early December in what appears to be an indiscriminate and widespread campaign, according to cybersecurity firm Arctic Wolf.The fix for this zero-day is part…
-
Fortinet FortiGate Firewalls Targeted in Sophisticated Campaign Exploiting Management Interfaces
A new report from Arctic Wolf Labs reveals a concerning campaign targeting publicly exposed management interfaces on Fortinet First seen on securityonline.info Jump to article: securityonline.info/fortinet-fortigate-firewalls-targeted-in-sophisticated-campaign-exploiting-management-interfaces/
-
CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild
Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024. Background On January 14, Fortinet released a security advisory (FG-IR-24-535) addressing a critical severity vulnerability impacting FortiOS and FortiProxy. CVE Description CVSSv3 CVE-2024-55591 FortiOS and FortiProxy Authentication Bypass Vulnerability…
-
Hackers are exploiting a new Fortinet firewall bug to breach company networks
Security researchers say “tens” of Fortinet devices have been compromised so far as part of the weeks-long hacking campaign. First seen on techcrunch.com Jump to article: techcrunch.com/2025/01/14/hackers-are-exploiting-a-new-fortinet-firewall-bug-to-breach-company-networks/
-
Fortinet Confirms Exploitation Of ‘Critical’ Vulnerability In FortiOS, FortiProxy
Fortinet confirmed exploitation of a critical-severity vulnerability affecting FortiGate firewalls after Arctic Wolf researchers said that ‘mass exploitation’ of the vulnerability is ‘likely.’ First seen on crn.com Jump to article: www.crn.com/news/security/2025/fortinet-confirms-exploitation-of-critical-vulnerability-in-fortios-fortiproxy
-
Widespread Fortinet firewall exploitation likely due to zero-day
First seen on scworld.com Jump to article: www.scworld.com/brief/widespread-fortinet-firewall-exploitation-likely-due-to-zero-day
-
Zero-Day Likely Cause of Campaign Against Fortinet Firewalls
First seen on scworld.com Jump to article: www.scworld.com/brief/zero-day-likely-cause-of-campaign-against-fortinet-firewalls
-
Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)
Fortinet has patched an authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS firewalls and FortiProxy web gateways that’s being exploited by … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/14/fortinet-fortigate-zero-day-vulnerability-exploited-cve-2024-55591/
-
Miscreants ‘mass exploited’ Fortinet firewalls, ‘highly probable’ zero-day used
Ransomware ‘not off the table,’ Arctic Wolf threat hunter tells El Reg First seen on theregister.com Jump to article: www.theregister.com/2025/01/14/miscreants_mass_exploited_fortinet_firewalls/
-
PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts
Fortinet warns of a phishing campaign that uses legitimate links to take over the victims’ PayPal accounts. The post PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/paypal-phishing-campaign-employs-genuine-links-to-take-over-accounts/