October 23, 2024 at 06:56PM Fortinet disclosed a critical flaw (CVE-2024-47575) in its FortiManager software, allowing remote attackers to execute arbitrary code. With a CVSS score of 9.8, it’s actively exploited. Users are urged to update their software immediately. CISA added it to its Known Exploited Vulnerabilities Catalog, warning of significant user exposure. **Meeting Notes … Read more
October 23, 2024 at 04:07PM Fortinet has confirmed zero-day exploits targeting a remote code execution vulnerability in the FortiManager platform, which has a CVSS severity score of 9.8/10. The information was reported by SecurityWeek. ### Meeting Takeaways – **Subject**: Zero-Day Exploit in FortiManager – **Vendor**: Fortinet – **Issue**: Confirmation of zero-day exploits affecting a remote … Read more
October 23, 2024 at 11:07AM Fortinet disclosed a critical API vulnerability, CVE-2024-47575, in FortiManager, exploited in zero-day attacks to steal sensitive data. The company privately alerted customers on October 13, but details leaked online. The flaw, affecting multiple versions, allows unauthorized command execution, posing risks for corporate networks. Mitigations and patches are available. ### Meeting … Read more
October 22, 2024 at 01:06AM CISA has added a critical vulnerability in ScienceLogic SL1 (CVE-2024-9537) to its KEV catalog due to active exploitation. This flaw could enable remote code execution. Fixes are available for several versions. Separately, Fortinet addressed an exploit linked to Chinese actors, but specifics remain undisclosed. Agencies must apply fixes by November … Read more
October 14, 2024 at 06:23PM Researchers reported that a sophisticated cyberattacker, likely a nation-state actor, exploited three zero-day vulnerabilities in Ivanti’s Cloud Service Appliance to infiltrate networks. This involved command and SQL injection flaws, enabling them to maintain access and potentially execute advanced techniques like DNS tunneling and deploying rootkits. Organizations must apply patches urgently. … Read more
October 14, 2024 at 08:36AM Over 86,000 Fortinet instances remain vulnerable to a critical flaw (CVE-2024-23113) actively exploited since last week, mainly in Asia. The vulnerability, with a high severity rating, affects various Fortinet products and requires urgent updates or mitigations as recommended by Fortinet to ensure security against potential exploits. ### Meeting Takeaways: Fortinet … Read more
October 10, 2024 at 09:39AM The US CISA has added vulnerabilities in Fortinet and Ivanti products to its Known Exploited Vulnerabilities catalog. Fortinet’s critical CVE-2024-23113 affects multiple products, allowing remote code execution. Ivanti faces issues with CVE-2024-9379 and CVE-2024-9380 related to its Cloud Services Application, prompting security recommendations for users. ### Meeting Takeaways **1. Fortinet … Read more
October 10, 2024 at 02:06AM CISA has added a critical vulnerability (CVE-2024-23113) impacting Fortinet products to its KEV catalog, requiring federal agencies to apply mitigations by October 30, 2024. Meanwhile, Palo Alto Networks disclosed multiple high-risk flaws in Expedition and Cisco patched a critical command execution vulnerability in Nexus Dashboard Fabric Controller. ### Meeting Takeaways … Read more
September 13, 2024 at 03:56PM Fortinet confirms data compromise by hacker “Fortibitch” leaking 440GB of data via BreachForums. The breach impacted less than 0.3% of its customers worldwide. CloudSEK observed leaked customer, financial, and HR data. Incident highlights cloud data exposure risks. Experts suggest rethinking cloud security with multifactor authentication, monitoring, and encryption. The incident … Read more
September 13, 2024 at 05:03AM Fortinet confirmed a data breach after a hacker leaked 440 Gb of data allegedly obtained from an Azure Sharepoint instance. The hacker, named ‘Fortibitch,’ released information on accessing an AWS S3 bucket storing the data. However, Fortinet clarified that less than 0.3% of customer data was compromised, and no evidence … Read more