Security News > 2025 > January > Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 48,000+ internet-facing Fortinet firewalls still open to attack Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too many vulnerable devices are still accessible from the Internet and open to attack: over 48,000, according to data from the Shadowserver Foundation. Ransomware attackers are “vishing” organizations via Microsoft Teams The “email … More → The post Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams appeared first on Help Net Security.
News URL
Related news
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- New Microsoft 365 outage impacts Teams, causes call failures (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- New kids on the ransomware block channel Lockbit to raid Fortinet firewalls (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Who's calling? The threat of AI-powered vishing attacks (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- Old Fortinet flaws under attack with new method its patch didn't prevent (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-01-14 | CVE-2024-55591 | Unspecified vulnerability in Fortinet Fortios and Fortiproxy An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. | 9.8 |