Tag: fortinet
-
KeyPlug Malware Server Leak Exposes Fortinet Firewall and VPN Exploitation Tools
Cybersecurity researchers have stumbled upon a treasure trove of operational tools and scripts linked to the KeyPlug malware, associated with the threat group RedGolf, also known as APT41. The server, which was inadvertently exposed for less than 24 hours, provided an unprecedented glimpse into the sophisticated tactics, techniques, and procedures (TTPs) employed by this advanced…
-
Over 17,000 Fortinet Devices Hacked Using Symbolic Link Exploit
According to cybersecurity nonprofit Shadowserver, a major cyberattack has compromised more than 17,000 Fortinet devices globally, exploiting a sophisticated symbolic link persistence technique. The incident marks a rapid escalation from early reports, which initially identified approximately 14,000 affected devices just days ago. Security experts believe the number may continue to rise as investigations progress, as…
-
Toll of symlink backdoor-compromised Fortinet devices increases
First seen on scworld.com Jump to article: www.scworld.com/brief/toll-of-symlink-backdoor-compromised-fortinet-devices-increases
-
Your Network Is Showing Time to Go Stealth
Tags: access, ai, attack, authentication, backdoor, breach, china, cisco, cloud, computer, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, exploit, firewall, firmware, fortinet, group, Hardware, infrastructure, mfa, network, software, theft, threat, tool, update, vpn, vulnerability, zero-day -
Over 16,000 Fortinet devices compromised with symlink backdoor
Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/
-
Hacker bleiben auch nach Patches im System Weiteres Update erforderlich
Hacker haben eine Möglichkeit gefunden, auch nach der Installation von Sicherheitsupdates in den Systemen von FortiGate-Geräten zu verbleiben. Diesen Zugriff soll ein neues Update nun beenden. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/fortinet-hacker-bleiben-auch-nach-patches-im-system—weiteres-update-erforderlich
-
Fortinet FortiGate fixes circumvented by symlink exploit
First seen on scworld.com Jump to article: www.scworld.com/brief/fortinet-fortigate-fixes-circumvented-by-symlink-exploit
-
Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution
A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/fortinet-zero-day-arbitrary-code-execution
-
Over 14K Fortinet devices compromised via new attack method
Fortinet last week warned that a threat actor was using a novel post-exploitation trick to maintain access to devices after they were patched. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/14k-fortinet-devices-compromised-new-attack-method/745259/
-
Attackers Maintaining Access to Fully Patched Fortinet Gear
Symbolic Links Planted by Attackers Survived Patching, Provide Read-Only Access. Attackers have been using a new type of post-exploitation technique to maintain remote access to hacked Fortinet FortiGuard devices – even if they had the latest patches – by dropping symbolic links in the device’s filesystem designed to survive the patching process, the vendor has…
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit
A threat actor claims to offer a zero-day exploit for an unauthenticated remote code execution vulnerability in Fortinet firewalls. The post Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit/
-
FortiGate 0-Day Exploit Allegedly Up for Sale on Dark Web
A chilling new development in the cybersecurity landscape has emerged, as a threat actor has reportedly advertised an alleged zero-day exploit targeting Fortinet’s FortiGate firewalls on a prominent dark web forum. This exploit purportedly enables unauthenticated remote code execution (RCE) and full configuration access to FortiOS, unlocking the potential for attackers to seize control of…
-
Fortinet Issues Fixes After Attackers Bypass Patches to Maintain Access
Hackers exploit Fortinet flaws to plant stealth backdoors on FortiGate devices, maintaining access even after patches. Update to… First seen on hackread.com Jump to article: hackread.com/fortinet-fixe-attackers-bypass-patches-maintain-access/
-
Security Affairs newsletter Round 519 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns Attackers are exploiting recently disclosed OttoKitWordPress plugin flaw…
-
FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887)
Fortinet has released patches for flaws affecting many of its products, among them a critical vulnerability (CVE-2024-48887) in its FortiSwitch appliances that could allow … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/10/fortiswitch-vulnerability-cve-2024-48887/
-
Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords
Fortinet addressed a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. Fortinet has released security updates to address a critical vulnerability, tracked as CVE-2024-48887 (CVSS score 9.8), in its FortiSwitch devices. A remote attacker can exploit the vulnerability to change administrator passwords. >>An unverified password change vulnerability [CWE-620]…
-
Fortinet FortiSwitch Unverified Password Change Vulnerability (CVE-2024-48887)
Summary On April 8, 2025, Fortinet disclosed a critical vulnerability affecting multiple versions of FortiSwitch, tracked asCVE-2024-48887. This vulnerability is anunverified password change vulnerabilityin the First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/04/09/fortinet-fortiswitch-unverified-password-change-vulnerability-cve-2024-48887/
-
Critical FortiSwitch flaw lets hackers change admin passwords remotely
Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-fortiswitch-flaw-lets-hackers-change-admin-passwords-remotely/
-
Fortinet Patches Critical FortiSwitch Vulnerability
Fortinet fixes a critical-severity bug in FortiSwitch that could allow an attacker to modify administrative passwords. The post Fortinet Patches Critical FortiSwitch Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/fortinet-patches-critical-fortiswitch-vulnerability/
-
Fortinet Boosts AI Capabilities Across Security Fabric Platform
First seen on scworld.com Jump to article: www.scworld.com/news/fortinet-expands-ai-capabilities-across-security-fabric-platform
-
Fortinet Warns of Multiple Vulnerabilities in FortiAnalyzer, FortiManager, Other Products
Fortinet has revealed and resolved several vulnerabilities within its range of products, such as FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiVoice, FortiWeb, and FortiSwitch. These weaknesses vary from inadequate filtering of log outputs to unconfirmed password modifications and poorly secured credentials. The organization has released updates and strategies to protect users from possible exploitation. Vulnerability in FortiOS…
-
Stock Sell-Off: Cloudflare, Fortinet, SailPoint Hardest Hit
11 Cyber Stocks Fared Worse Than the Nasdaq Thursday After Trump Announced Tariffs. Cybersecurity vendors took Thursday’s sell-off hard, with Cloudflare, Fortinet and SailPoint experiencing big stock price drops after President Trump announced higher-than-expected tariffs. Eleven publicly traded cybersecurity firms fared worse than the Nasdaq while 12 companies fared better. First seen on govinfosecurity.com Jump…
-
Threat-informed defense for operational technology: Moving from information to action
Tags: access, ai, attack, automation, blueteam, cloud, control, crime, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, exploit, finance, fortinet, framework, group, incident response, infrastructure, intelligence, law, malicious, malware, mitre, network, phishing, PurpleTeam, ransomware, RedTeam, resilience, risk, service, soar, strategy, tactics, technology, threat, tool, usaThe rise of cybercrime-as-a-service Today’s macro threat landscape is a flourishing ecosystem of cybercrime facilitated by crime-as-a-service (CaaS) models. Cybercriminal networks now operate like legitimate businesses, with specialized units dedicated to activities such as money laundering, malware development, and spear phishing. This ecosystem lowers the barrier to entry for cybercrime, enabling low-skilled adversaries to launch…
-
Fortinet vs Palo Alto NGFWs 2025: Comparison Guide
Compare Fortinet and Palo Alto next-generation firewalls to discover which is best for your organization today. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/cybersecurity/fortinet-vs-palo-alto-networks/
-
Die 10 häufigsten IT-Sicherheitsfehler
Von ungepatchten Sicherheitslücken bis hin zu unzureichenden Backups: Lesen Sie, wie sich die häufigsten IT-Sicherheitsfehler vermeiden lassen. Verschlüsselte Dateien und eine Textdatei mit einer Erpresser-Nachricht zeigen klar und deutlich: Ein Unternehmen ist einer Cyberattacke zum Opfer gefallen. Dabei ist das nur das Ende einer langen Angriffskette. Die Tätergruppe bewegt sich oft seit mehreren Wochen oder Monaten…
-
Authentifizierungsumgehung – Neue Ransomware nutzt Zero-Day-Schwachstellen bei Fortinet aus
First seen on security-insider.de Jump to article: www.security-insider.de/ransomware-mora001-schwachstellen-fortinet-firewalls-a-0ea0a1e3c2cb97a1be811ad367590134/
-
Fortinet-Targeting Ransomware Attacks Leave Devices Patched
‘Wave of Ransomware Attacks’ Hitting FortiOS and FortiProxy Devices, Warn Experts. Cyber defenders said they’re seeing a wave of ransomware attacks unleashed by attackers who gain initial access by targeting two known vulnerabilities in Fortinet FortiOS and FortiProxy devices. Hackers sometimes patch the devices to hide their persistent remote access. First seen on govinfosecurity.com Jump…