Security News > 2024 > November > Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
2024-11-16 06:25
A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA,
News URL
https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html
Related news
- Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer (source)
- Fortinet VPN design flaw hides successful brute-force attacks (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine (source)