Search cyberveille.decio.ch

Found 55 bookmarks

Custom sorting

CVE-2025-32756: Fortinet RCE Exploited in the Wild

On May 13, 2025, FortiGuard Labs published an advisory detailing CVE-2025-32756, which affects a variety of Fortinet products: FortiCamera FortiMail FortiNDR FortiRecorder FortiVoice In their advisory, FortiGuard Labs states that Fortinet has observed this issue being exploited in the wild. The next day, May 14, the vulnerability was added to the CISA KEV catalog. The vulnerability is described in the advisory as a stack-based buffer overflow in the administrative API that can lead to unauthenticated remote code execution. Given that it’s being exploited in the wild, we figured we’d take a closer look. If you’d rather run the test instead of reading this write-up, coverage is already available in NodeZero.

#horizon3 #EN #CVE-2025-32756 #Fortinet #RCE #vulnerability

·horizon3.ai·Jun 2, 2025

CVE-2025-32756: Fortinet RCE Exploited in the Wild

New Rust Botnet "RustoBot" is Routed via Routers

FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices. Learn more about this malware targeting these devices.

#fortinet #EN #2025 #TOTOLINK #Botnet #Rust #Routers #RustoBot #malware

·fortinet.com·Apr 23, 2025

New Rust Botnet "RustoBot" is Routed via Routers

Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit

A threat actor claims to offer a zero-day exploit for an unauthenticated remote code execution vulnerability in Fortinet firewalls.

#securityweek #EN #2025 #Threat-Actor #Selling #Fortinet #Firewall #Zero-Day #Exploit #darkweb

·securityweek.com·Apr 20, 2025

Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit

Analysis of Threat Actor Activity

Fortinet diligently balances our commitment to the security of our customers and our culture of responsible transparency and commits to sharing information with that goal in mind. While efforts by threat actors to exploit known vulnerabilities are not new, recent Fortinet investigations have discovered a post exploitation technique used by a threat actor. This blog offers analysis of that finding to help our customers make informed decisions.

#fortinet #EN #2025 #CVE-2022-42475 #exploit #vulnerabilities #CVE-2023-27997 #CVE-2024-21762

·fortinet.com·Apr 13, 2025

Analysis of Threat Actor Activity

New Ransomware Operator Exploits Fortinet Vulnerability Duo

Between late January and early March, Forescout Research – Vedere Labs identified a series of intrusions based on two Fortinet vulnerabilities. It began with the exploitation of Fortigate firewall appliances — culminating in the deployment of a newly discovered ransomware strain we have dubbed SuperBlack.

#forescout #EN #2025 #Fortinet #vulnerabilities #SuperBlack #ransomware

·forescout.com·Mar 14, 2025

New Ransomware Operator Exploits Fortinet Vulnerability Duo

Fortinet discloses second firewall auth bypass patched in January

Fortinet has disclosed a second authentication bypass vulnerability that was fixed as part of a January 2025 update for FortiOS and FortiProxy devices.

#bleepingcomputer #Actively-Exploited #Authentication-Bypass #Fortinet #FortiOS #FortiProxy #Zero-Day

·bleepingcomputer.com·Feb 12, 2025

Fortinet discloses second firewall auth bypass patched in January

Analysis of Threat Actor Data Postin

This blog analysis regarding a recent threat actor posting, which claims to offer compromised configuration and VPN credentials from FortiGate devices, provides factual information to help our customers better understand the situation and make informed decisions.

#fortinet #EN #analysis #Exposure #config.conf #CVE-2022-40684

·https·Jan 17, 2025

Analysis of Threat Actor Data Postin

Botnets Continue to Target Aging D-Link Vulnerabilities

FortiGuard Labs recently noticed that attackers still use and deliver two different botnets via D-Link exposing a HNAP interface weakness. Learn more.

#fortinet #EN #2024 #D-Link #botnet #HNAP #CAPSAICIN #FICORA

·fortinet.com·Dec 27, 2024

Botnets Continue to Target Aging D-Link Vulnerabilities

FortiClient VPN Logging Blind Spot Revealed

Security research that presents a method to automatically validate credentials against Fortinet VPN servers by uncovering an exploit that attackers can use to compromise countless organizations.

#pentera #EN #research #Fortinet #VPN #Logging #Blind #Spot #brute-force

·pentera.io·Nov 21, 2024

FortiClient VPN Logging Blind Spot Revealed

Threat Campaign Spreads Winos4.0 Through Game Application

FortiGuard Labs reveals a threat actor spreads Winos4.0, infiltrating gaming apps and targeting the education sector. Learn more.

#fortinet #EN #2024 #Campaign #Spreads #Winos4.0 #Game #Application

·fortinet.com·Nov 11, 2024

Threat Campaign Spreads Winos4.0 Through Game Application

New Campaign Uses Remcos RAT to Exploit Victims

See how threat actors have abused Remcos to collect sensitive information from victims and remotely control their computers to perform further malicious acts.

#Fortinet #EN #2024 #research #Remcos #RAT

·fortinet.com·Nov 8, 2024

New Campaign Uses Remcos RAT to Exploit Victims

Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks

On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution. The vulnerability arises from a missing authentication for a critical function [CWE-306] in the FortiManager fgfmd daemon that allows a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The vulnerability carries a CVSS v3 score of 9.8.

#rapid7 #EN #2024 #Fortinet #FortiManager #CVE-2024-47575 #Zero-Day

·rapid7.com·Oct 23, 2024

Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks

Fortinet releases patches for undisclosed critical FortiManager vulnerability - Help Net Security

Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited.

#helpnetsecurity #EN #2024 #FortiManager #Fortinet #exploited

·helpnetsecurity.com·Oct 22, 2024

Fortinet releases patches for undisclosed critical FortiManager vulnerability - Help Net Security

Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA

A case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). This incident is a prime example of how threat actors chain zero-day vulnerabilities to gain initial access to a victim’s network. Learn more.

#fortinet #EN #2024 #Ivanti #Cloud #Services #Appliance #CSA #CVE-2024-8190

·fortinet.com·Oct 21, 2024

Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA

Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024

It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wild. This must be the first time real-world attackers have reversed a patch, and reproduced a vulnerability, before some dastardly researchers released a detection artefact generator tool of their own. /s At watchTowr's core, we're all about identifying and validating ways into organisations - sometimes through vulnerabilities in network border appliances - without requiring such luxuries as credentials or asset lists.

#watchtowr #EN #2024 #Fortinet #FortiGate #CVE-2024-23113 #PoC #vulnerabilty #analysis

·labs.watchtowr.com·Oct 14, 2024

Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024

Fortinet suffers third-party data breach affecting Asia-Pacific customers - Cyber Daily

International cyber security giant Fortinet has disclosed that it has suffered a data breach.

#cyberdaily #EN #2024 #Fortinet #Data-Breach

·cyberdaily.au·Sep 12, 2024

Fortinet suffers third-party data breach affecting Asia-Pacific customers - Cyber Daily

Exploiting CVE-2024-21412: A Stealer Campaign Unleashed

FortiGuard Labs has observed a stealer campaign spreading multiple files that exploit CVE-2024-21412 to download malicious executable files. Read more.

#fortinet #EN #2024 #CVE-2024-21412 #Stealer #Campaign #IoCs

·fortinet.com·Jul 24, 2024

Exploiting CVE-2024-21412: A Stealer Campaign Unleashed

Multiple flaws in Fortinet FortiOS fixed

Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution security issue.

#securityaffairs #EN #2024 #Multiple #flaws #Fortinet #FortiOS #CVE-2024-23110

·securityaffairs.com·Jun 14, 2024

Multiple flaws in Fortinet FortiOS fixed

Menace Unleashed: Excel File Deploys Cobalt Strike at Ukraine | Fortinet Blog

FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. Learn more.

#fortinet #EN #2024 #excel #FortiGuard-Labs-Threat-Research #ukraine #Cobalt-Strike

·fortinet.com·Jun 9, 2024

Menace Unleashed: Excel File Deploys Cobalt Strike at Ukraine | Fortinet Blog

New “Goldoon” Botnet Targeting D-Link Devices

FortiGuard Labs discovered the new botnet “Goldoon” targeting D-Link devices through related vulnerability CVE-2015-2051.

#fortinet #EN #2024 #Research #FortiGuard #Threat #botnet #Labs #Goldoon #D-Link #CVE-2015-2051

·fortinet.com·May 3, 2024

New “Goldoon” Botnet Targeting D-Link Devices

Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability

If you use FortiClientLinux, update immediately. Critical vulnerability could let attackers run code on your system. Patch now, get the details here.

#thehackernews #EN #2024 #FortiClientLinux #Fortinet #CVE-2023-45590

·thehackernews.com·Apr 11, 2024

Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability

Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.

#bleepingcomputer #EN #2024 #Actively-Exploited #Exploit #Fortinet #PoC #Proof-of-Concept #RCE #Remote-Code-Execution #SQL-Injection #CVE-2023-48788

·bleepingcomputer.com·Mar 21, 2024

Exploit released for Fortinet RCE bug used in attacks, patch now

Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors

Cyble analyzes the increasing incidences of vulnerabilities in Fortinet, highlighting the impact they have on Critical Infrastructure.

#cyble #EN #2024 #analysis #Fortinet #exposed

·cyble.com·Feb 16, 2024

Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.

#bleepingcomputer #EN #204 #Fortinet #FortiSIEM #Remote-Code-Execution #Vulnerability

·bleepingcomputer.com·Feb 8, 2024

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Chinese hackers infect Dutch armed forces network with malware

A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.

#bleepingcomputer #EN #2024 #Army #China #COATHANGER #Cyber-espionage #Defense #Fortigate #Fortinet #Malware #Netherlands

·bleepingcomputer.com·Feb 6, 2024

Chinese hackers infect Dutch armed forces network with malware

Info Stealing Packages Hidden in PyPI

An info-stealing PyPI malware author was identified discreetly uploading malicious packages.

#FortiGuard-Labs-Threat-Research #fortinet #2024 #EN #PyPI #malware #Supply-chain-attack

·fortinet.com·Jan 23, 2024

Info Stealing Packages Hidden in PyPI

Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs

FortiGuard Labs cover the attack phases of three new PyPI packages that bear a resemblance to the culturestreak PyPI package discovered earlier this year. Learn more.

#fortinet #EN #2023 #FortiGuard-Labs-Threat-Research #Supply-chain-attack #PyPI #Packages #CoinMiner

·fortinet.com·Jan 5, 2024

Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs

Building an Exploit for FortiGate Vulnerability…

Learn how Bishop Fox built a POC exploit for the pre-authentication remote code injection vulnerability in the Fortinet SSL VPN published by Lexfo.

#bishopfox #EN #2023 #PoC #Fortinet #SSL #VPN #CVE-2023-27997 #exploit

·bishopfox.com·Nov 22, 2023

Building an Exploit for FortiGate Vulnerability…

IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits | FortiGuard Labs

FortiGuard Labs unmasks IZ1H9 and explores the aggressive exploits in the Mirai-Based DDoS Campaign

#fortinet #EN #2023 #mirai #IZ1H9 #ealink #Zyxel #devices #TP-Link #Archer #Korenix #Jetwave #TOTOLINK

·fortinet.com·Oct 11, 2023

IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits | FortiGuard Labs

Threat Actors Add .zip Domains to Their Phishing Arsenals

In the evolving cybersecurity landscape, understanding the phishing threat has become more critical than ever. Read into a new threat resulting from the addition of a new Top-Level Domain (TLD), '.ZIP'.

#fortinet #EN #2023 #.zip #Threat-Trends #phishing #TLD

·fortinet.com·Jul 20, 2023

Threat Actors Add .zip Domains to Their Phishing Arsenals