September 9, 2024 at 05:52PM Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims’ networks, impacting Gen 5, Gen 6, and Gen 7 firewalls. The vulnerability initially affected the firewalls’ management access interface, but was later found to also impact the SSLVPN feature and exploited in attacks. Mitigation measures … Read more
September 6, 2024 at 01:27PM SonicWall disclosed an actively exploited security flaw in SonicOS, urging immediate patching. The vulnerability (CVE-2024-40766) affects management access and SSLVPN, with potential unauthorized access and firewall crashes. Temporary solutions include restricting firewall management and implementing multi-factor authentication. The flaw’s exploitation in the wild has led to urgent patch recommendations for … Read more
September 6, 2024 at 09:18AM SonicWall warns customers of a potential exploit in a recently patched SonicOS vulnerability (CVE-2024-40766). The vulnerability impacts Gen 5, Gen 6, and Gen 7 firewalls, allowing unauthorized access and possible crashes. They advise immediate patching and password updates to mitigate risks. There are no reports of exploitation yet. Based on … Read more
July 10, 2024 at 10:33AM Veeam Backup & Replication software contains a patched security flaw being exploited by the ransomware group EstateRansomware. The threat actors used a dormant account to gain initial access, pivoting laterally through the SSL VPN service. They deployed a persistent backdoor to evade detection and carried out attacks, including disabling Windows … Read more
May 16, 2024 at 03:08PM The Norwegian NCSC advises replacing SSLVPN/WebVPN with more secure options due to repeated vulnerabilities exploitation in network devices. The transition deadline is 2025, with critical infrastructure entities expected to switch by the end of 2024. The recommended alternative is IPsec with IKEv2, aiming to decrease the attack surface for secure … Read more
March 8, 2024 at 03:42PM Around 150,000 Fortinet FortiOS and FortiProxy systems worldwide are vulnerable to CVE-2024-21762, enabling code execution without authentication. The Cyber Defense Agency confirmed active exploitation of the flaw, with the majority of vulnerable devices in the United States. Fortunately, a simple Python script is available to check for vulnerability. It looks … Read more
February 16, 2024 at 06:57AM The US security agency CISA has added CVE-2020-3259, a vulnerability affecting Cisco ASA and FTD products, to its Known Exploited Vulnerabilities catalog. It allows remote attackers to access sensitive information. CISA urges organizations to address it promptly after evidence suggesting exploitation by the Akira ransomware group emerged. Cisco is advised … Read more
February 9, 2024 at 04:09PM Fortinet has released critical patches for a remote code execution vulnerability, tracked as CVE-2024-21762, in FortiOS impacting versions 6.0, 6.2, 6.4, 7.0, 7.2, and 7.4. FortiOS 7.6 is unaffected. Fortinet advises migrating from version 6.0. Disabling SSL VPN is a workaround, but does not fully mitigate the vulnerability. The Chinese … Read more
February 9, 2024 at 04:03PM CISA confirmed active exploitation of a critical RCE bug in Fortinet’s FortiOS. Vulnerable admins can disable SSL VPN to mitigate risk. CISA added the CVE-2022-48618 to its Known Exploited Vulnerabilities Catalog, mandating federal agencies secure FortiOS devices. Fortinet confusingly denied, then admitted RCE vulnerabilities, prompting urgent device security due to … Read more
February 9, 2024 at 09:38AM Summary: Fortinet faced a series of security vulnerabilities impacting FortiOS, including a critical SSL VPN issue. Users were urged to upgrade to patched versions, with specific guidelines for affected FortiOS versions. Fortinet’s delayed and confusing response to vulnerability disclosures drew criticism. Additionally, an unusual incident involving a toothbrush DDoS attack … Read more