New Ransomware Group Exploiting Veeam Backup Software Vulnerability

July 10, 2024 at 10:33AM Veeam Backup & Replication software contains a patched security flaw being exploited by the ransomware group EstateRansomware. The threat actors used a dormant account to gain initial access, pivoting laterally through the SSL VPN service. They deployed a persistent backdoor to evade detection and carried out attacks, including disabling Windows … Read more

Norway recommends replacing SSL VPN to prevent breaches

May 16, 2024 at 03:08PM The Norwegian NCSC advises replacing SSLVPN/WebVPN with more secure options due to repeated vulnerabilities exploitation in network devices. The transition deadline is 2025, with critical infrastructure entities expected to switch by the end of 2024. The recommended alternative is IPsec with IKEv2, aiming to decrease the attack surface for secure … Read more

Critical Fortinet flaw may impact 150,000 exposed devices

March 8, 2024 at 03:42PM Around 150,000 Fortinet FortiOS and FortiProxy systems worldwide are vulnerable to CVE-2024-21762, enabling code execution without authentication. The Cyber Defense Agency confirmed active exploitation of the flaw, with the majority of vulnerable devices in the United States. Fortunately, a simple Python script is available to check for vulnerability. It looks … Read more

CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks

February 16, 2024 at 06:57AM The US security agency CISA has added CVE-2020-3259, a vulnerability affecting Cisco ASA and FTD products, to its Known Exploited Vulnerabilities catalog. It allows remote attackers to access sensitive information. CISA urges organizations to address it promptly after evidence suggesting exploitation by the Akira ransomware group emerged. Cisco is advised … Read more

Fortinet Warns of New FortiOS Zero-Day

February 9, 2024 at 04:09PM Fortinet has released critical patches for a remote code execution vulnerability, tracked as CVE-2024-21762, in FortiOS impacting versions 6.0, 6.2, 6.4, 7.0, 7.2, and 7.4. FortiOS 7.6 is unaffected. Fortinet advises migrating from version 6.0. Disabling SSL VPN is a workaround, but does not fully mitigate the vulnerability. The Chinese … Read more

New Fortinet RCE bug is actively exploited, CISA confirms

February 9, 2024 at 04:03PM CISA confirmed active exploitation of a critical RCE bug in Fortinet’s FortiOS. Vulnerable admins can disable SSL VPN to mitigate risk. CISA added the CVE-2022-48618 to its Known Exploited Vulnerabilities Catalog, mandating federal agencies secure FortiOS devices. Fortinet confusingly denied, then admitted RCE vulnerabilities, prompting urgent device security due to … Read more

Fortinet’s week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim

February 9, 2024 at 09:38AM Summary: Fortinet faced a series of security vulnerabilities impacting FortiOS, including a critical SSL VPN issue. Users were urged to upgrade to patched versions, with specific guidelines for affected FortiOS versions. Fortinet’s delayed and confusing response to vulnerability disclosures drew criticism. Additionally, an unusual incident involving a toothbrush DDoS attack … Read more

New Fortinet RCE flaw in SSL VPN likely exploited in attacks

February 8, 2024 at 06:14PM Fortinet warns of a critical remote code execution vulnerability (CVE-2024-21762/FG-IR-24-015) in FortiOS SSL VPN, with a 9.6 severity rating. Unpatched versions affected. Recommended upgrades provided. Those unable to patch can mitigate by disabling SSL VPN. Potential exploitation by threat actors. Urgent device updates advised due to high severity and possible … Read more