New Ransomware Group Exploiting Veeam Backup Software Vulnerability

July 10, 2024 at 10:33AM Veeam Backup & Replication software contains a patched security flaw being exploited by the ransomware group EstateRansomware. The threat actors used a dormant account to gain initial access, pivoting laterally through the SSL VPN service. They deployed a persistent backdoor to evade detection and carried out attacks, including disabling Windows … Read more

In Other News: Fuxnet ICS Malware, Google User Tracking, CISA Employee Scams 

June 14, 2024 at 10:27AM SecurityWeek curates a weekly roundup of cybersecurity stories, focusing on diverse developments like Chinese cyberspies hacking Fortinet devices, a White House initiative to secure rural hospitals, vulnerabilities in biometric access systems, ICS malware Fuxnet, EU’s encryption backdoor push, and more. Microsoft will evaluate employees’ cybersecurity work for compensation. US federal … Read more

China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally

June 12, 2024 at 05:15AM China-backed threat actors accessed 20,000 Fortinet FortiGate systems globally by exploiting a critical vulnerability, with the operation impacting Western governments, international organizations, and defense companies. The attackers deployed a backdoor to maintain remote access and spread malware, highlighting the increasing trend of targeting edge devices for cyber attacks. For more … Read more

Chinese hackers breached 20,000 FortiGate systems worldwide

June 11, 2024 at 12:28PM Dutch Military Intelligence and Security Service (MIVD) warned of the significant impact of a Chinese cyber-espionage campaign. Exploiting a critical vulnerability in FortiOS/FortiProxy, Chinese hackers infected 14,000 devices, targeting governments, organizations, and defense industry. They deployed a remote access trojan malware, giving them permanent access to systems and breaching at … Read more

Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine

June 4, 2024 at 08:13AM A sophisticated cyber attack targeting endpoints in Ukraine aims to deploy Cobalt Strike and establish control over compromised hosts. The attack involves a multi-stage malware strategy using a Microsoft Excel file with an embedded VBA macro. The attack employs evasion techniques, location-based checks, and manipulation of DLL files for persistence … Read more

Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access

May 29, 2024 at 02:10PM A critical vulnerability in Fortinet’s FortiSIEM product, CVE-2024-23108, poses a significant risk for potential exploitation. Dubbed “NodeZero” by researchers at Horizon3AI, the exploit enables unauthorized remote code execution on vulnerable appliances. Users of affected versions should patch immediately to mitigate the risk and prevent compromise. Based on the meeting notes, … Read more

Exploit released for maximum severity Fortinet RCE bug, patch now

May 28, 2024 at 12:25PM Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet’s FortiSIEM solution, impacting versions 6.4.0 and higher. Tracked as CVE-2024-23108, the flaw enables remote command execution as root without authentication. This PoC exploit could allow attackers to execute unauthorized commands and must be addressed promptly to … Read more

New “Goldoon” Botnet Targets D-Link Routers With Decade-Old Flaw

May 2, 2024 at 06:27AM A new botnet named Goldoon exploits D-Link routers through a long-standing vulnerability, allowing for remote code execution. This botnet uses a dropper script to download and execute the Goldoon malware, enabling diverse attack methods, including DDoS flooding. This development reflects the persistent evolution of botnets, which increasingly target routers for … Read more

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

April 17, 2024 at 07:12AM Cybersecurity researchers have uncovered a new campaign exploiting a vulnerability in Fortinet FortiClient EMS devices, allowing unauthorized code execution. The campaign, tracked by Forescout as Connect:fun, utilizes ScreenConnect and Metasploit Powerfun. Organizations are urged to patch the CVE-2023-48788 vulnerability, monitor for suspicious activity, and use a web application firewall for … Read more

Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability

April 11, 2024 at 02:09AM Fortinet has released patches for the critical security flaw in FortiClientLinux (CVE-2023-45590) with a CVSS score of 9.4. The vulnerability allows arbitrary code execution through a malicious website. Versions 7.0.3 through 7.0.10 are affected, requiring an upgrade to 7.0.11 or higher. Other security issues were also addressed, urging users to … Read more