Search cyberveille.decio.ch

Found 6 bookmarks

Custom sorting

Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024

It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wild. This must be the first time real-world attackers have reversed a patch, and reproduced a vulnerability, before some dastardly researchers released a detection artefact generator tool of their own. /s At watchTowr's core, we're all about identifying and validating ways into organisations - sometimes through vulnerabilities in network border appliances - without requiring such luxuries as credentials or asset lists.

#watchtowr #EN #2024 #Fortinet #FortiGate #CVE-2024-23113 #PoC #vulnerabilty #analysis

·labs.watchtowr.com·Oct 14, 2024

Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024

Patch or Peril: A Veeam vulnerability incident

Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences. Initial access via FortiGate Firewall SSL VPN using a dormant account Deployed persistent backdoor (“svchost.exe”) on the failover server, and conducted lateral movement via RDP. Exploitation attempts of CVE-2023-27532 was followed by activation of xp_cmdshell and rogue user account creation. Threat actors made use of NetScan, AdFind, and various tools provided by NirSoft to conduct network discovery, enumeration, and credential harvesting. * Windows Defender was permanently disabled using DC.exe, followed by ransomware deployment and execution with PsExec.exe.

#group-ib #EN #2024 #Veeam #vulnerability #incident #ransomware #FortiGate #NirSoft

·group-ib.com·Jul 12, 2024

Patch or Peril: A Veeam vulnerability incident

Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762

Early this February, Fortinet released an advisory for an "out-of-bounds write vulnerability" that could lead to remote code execution. The issue affected the SSL VPN component of their FortiGate network appliance and was potentially already being exploited in the wild. In this post we detail the steps we took to identify the patched vulnerability and produce a working exploit.

#assetnote #EN #2024 #exploitation #patch-diff #FortiGate #RCE #CVE-2024-21762

·assetnote.io·Mar 20, 2024

Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762

CVE-2024-21762 Vulnerability Scanner for FortiGate…

Discover vulnerable FortiGate firewalls with the Bishop Fox CVE-2024-21762 vulnerability scanner. Learn more here!

#Bishop-Fox #bishopfox #EN #2024 #CVE-2024-21762 #FortiGate

·bishopfox.com·Mar 5, 2024

CVE-2024-21762 Vulnerability Scanner for FortiGate…

Chinese spies hacked Dutch defence network last year - intelligence agencies

Chinese state-backed cyber spies gained access to a Dutch military network last year, Dutch intelligence agencies said on Tuesday, calling it part of a trend of Chinese political espionage against the Netherlands and its allies.

#reuters #EN #2024 #Fortigate #NL #Netherlands #China #malware #spy

·reuters.com·Feb 7, 2024

Chinese spies hacked Dutch defence network last year - intelligence agencies

Chinese hackers infect Dutch armed forces network with malware

A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.

#bleepingcomputer #EN #2024 #Army #China #COATHANGER #Cyber-espionage #Defense #Fortigate #Fortinet #Malware #Netherlands

·bleepingcomputer.com·Feb 6, 2024

Chinese hackers infect Dutch armed forces network with malware