Security News

The U.S. government is warning that Advanced Persistent Threat actors are exploiting vulnerabilities in Fortinet FortiOS in ongoing attacks targeting commercial, government, and technology services networks. The warning, issued in a joint advisory by FBI and the Cybersecurity and Infrastructure Security Agency, follows the recent release of security patches covering serious security flaws in Fortinet's flagship FortiOS product.

UPDATE. The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company's SSL VPN products. The bug tracked as CVE-2018-13379 is a path-traversal issue in Fortinet FortiOS, where the SSL VPN web portal allows an unauthenticated attacker to download system files via specially crafted HTTP resource requests.

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency warn of advanced persistent threat actors targeting Fortinet FortiOS servers using multiple exploits. In the Joint Cybersecurity Advisory published today, the agencies warn admins and users that the state-sponsored hacking groups are "Likely" exploiting Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.

Linksys and Fortinet announced a strategic alliance with the intent to further secure and optimize the performance and management of home networks in today's work from home environment. Together, Fortinet, Linksys, and FIT will offer connectivity and security and unparalleled quality of service to organizations that need to provide seamless and secure connectivity for their employees to efficiently work from home.

Ordr announced that the company has expanded its partnership with Fortinet to deliver integrated solution to address the security challenges posed by widespread IoT and unmanaged devices. As the number of connected devices on corporate networks-from critical business infrastructure such as IP-enable physical security devices to consumer devices such as smart speakers-has grown exponentially, they have become lucrative targets for attack.

The vulnerabilities range from Remote Code Execution to SQL Injection, to Denial of Service and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall products. Multiple advisories published by FortiGuard Labs this month and in January 2021 mention various critical vulnerabilities that Fortinet has been patching in their products.

Several potentially serious vulnerabilities discovered in Fortinet's FortiWeb web application firewall could expose corporate networks to attacks, according to the researcher who found them. Fortinet this week informed customers about the availability of patches for a total of four vulnerabilities affecting its FortiWeb product.

A hacker has now leaked the credentials for almost 50,000 vulnerable Fortinet VPNs. Over the weekend a hacker had posted a list of one-line exploits for CVE-2018-13379 to steal VPN credentials from these devices, as reported by BleepingComputer. The exploitation of critical FortiOS vulnerability CVE-2018-13379 lets an attacker access the sensitive "Sslvpn websession" files from Fortinet VPNs. These files contain session-related information, but most importantly, may reveal plain text usernames and passwords of Fortinet VPN users.

A hacker has posted a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices. The vulnerability being referred to here is CVE-2018-13379, a path traversal flaw impacting a large number of unpatched Fortinet FortiOS SSL VPN devices.

The U.S. Cybersecurity and Infrastructure Security Agency has warned that government networks have been targeted in attacks exploiting the Zerologon vulnerability in combination with flaws affecting Fortinet and MobileIron products. "This recent malicious activity has often, but not exclusively, been directed at federal and state, local, tribal, and territorial government networks. Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks," CISA said in an advisory written with contributions from the FBI. It added, "CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised."