Fortinet Archives - Cyber Security Minute

Chinese Hackers Targeting Security and Network Appliances

Issued by: DataBreach Today

Chinese threat actors are turning security appliances into penetration pathways, forcing firewall maker Fortinet to again attempt to fend off hackers with a patch. Researchers from Mandiant say suspected Beijing hackers it tracks as UNC3886 has been targeting chip-based firewall and virtualization boxes. The group, it said in a Thursday blog post, exploited a now-patched…

Vulnerabilities

Companies urged to patch critical vulnerability in Fortinet FortiNAC

Issued by: CSO Online

Proof-of-concept exploit code is now available for a critical vulnerability in Fortinet FortiNAC appliances and attackers have already started using it in the wild. Users are advised to patch their systems as soon as possible. FortiNAC is a zero-trust network access solution that can be deployed both as a hardware device or as a virtual…

Vulnerabilities

PoC exploit code for critical Fortinet FortiNAC bug released online

Issued by: Security Affairs

Researchers at Horizon3 cybersecurity firm have released a proof-of-concept exploit for a critical-severity vulnerability, tracked as CVE-2022-39952, in Fortinet’s FortiNAC network access control solution. Last week, Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756, are respectively an external control of…

Malware & Threats

Attackers Crafted Custom Malware for Fortinet Zero-Day

Issued by: Dark Reading

Researchers analyzing data associated with a recently disclosed zero-day vulnerability in Fortinet’s FortiOS SSL-VPN technology have identified a sophisticated new backdoor specifically designed to run on Fortinet’s FortiGate firewalls. The malware appears to be the work of a China-based threat actor engaged in cyber-espionage operations targeting government organizations and those working with these organizations. It…

Malware & Threats

Users Warned of New Aerst, ScareCrow, and Vohuk Ransomware Families

Issued by: Security Week

Targeting Windows computers, these are typical ransomware families that encrypt victim files and demand a ransom payment in exchange for a decryption key. This new ransomware has been used in an increasing number of attacks. Aerst was seen appending to encrypted files the ‘.aerst’ extension and displaying a popup window containing the attacker’s email address,…

Vulnerabilities

Fortinet Patches 6 High-Severity Vulnerabilities

Issued by: Security Week

One of the high-severity issues affects FortiTester and it allows an authenticated attacker to execute commands via specially crafted arguments to existing commands. FortiSIEM is affected by a vulnerability that allows a local attacker with command-line access to perform operations on the Glassfish server directly via a hardcoded password. The remaining high-severity flaws are stored…

Network Security

Fortinet Enhances Network Security OS, Adds AI-based Threat Detection

Issued by: Security Week

Two major new product announcements were made at Fortinet’s Accelerate 18 conference this week, including a new machine learning (ML) threat intelligence and detection offering, along with a major upgrade to the Fortinet Security Fabric (FortiOS). Accelerate 18, held in Las Vegas, Nevada, is Fortinet’s annual global partner and user conference, attended by around 2,000…