Tag

Fortinet

All articles tagged with #fortinet

FortiBleed Breach Exposes 86K FortiGate Devices in Global Credential Campaign
security21 days ago

FortiBleed Breach Exposes 86K FortiGate Devices in Global Credential Campaign

CISA warns Fortinet customers about FortiBleed, a global credential-stuffing and brute-force campaign targeting internet-facing FortiGate firewalls and VPN gateways, with 86,644 devices compromised as of June 19, 2026. The attack, attributed to Russian-speaking actors, proceeds in two steps: scanning for exposed Fortinet endpoints, then using leaked or organization credentials to gain access, before passively harvesting more credentials. Sectors most affected include telecom, government, and education, with the U.K. NCSC calling it a worldwide campaign; many admins’ passwords remain SHA-256-hashed from older FortiGate versions, though PBKDF2 hashing is used in newer FortiOS releases. Fortinet maintains the incident data likely comes from prior breaches and brute-forcing, not a current advisory. CISA recommends terminating active sessions, resetting passwords on internet-facing systems, enforcing PBKDF2, applying strong password policies, enabling phishing-resistant MFA, reviewing logs, and reducing attack surfaces to mitigate risk.

Fortinet breach leaks thousands of network credentials, impacting global enterprises
technology23 days ago

Fortinet breach leaks thousands of network credentials, impacting global enterprises

Security researchers say a broad breach of Fortinet firewalls exposed plaintext credentials for about 74,000 devices across 194 countries, enabling attackers to access centralized authentication systems and move laterally into networks of major organizations including Oracle, Lenovo, FedEx, and a Turkish NATO contractor; investigators note many compromised devices remained online and the attackers reportedly used a GPU-based password-cracking operation, underscoring the risk across multiple industries.

Active Fortinet SQL Flaw Targets FortiClient EMS, CISA Warns
cyber-security-news2 months ago

Active Fortinet SQL Flaw Targets FortiClient EMS, CISA Warns

CISA added CVE-2026-21643, a critical unauthenticated SQL injection in Fortinet FortiClient EMS, to the Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. The flaw enables remote code execution without authentication, risking full database compromise on affected FortiClient EMS deployments. Fortinet has released patches; federal agencies must patch by April 16, 2026, and private-sector admins are urged to patch within three days, monitor for unusual HTTP requests targeting EMS, and take the server offline if patching isn’t possible.

CISA Adds Six Actively Exploited Vulnerabilities to KEV Across Fortinet, Microsoft, and Adobe
security2 months ago

CISA Adds Six Actively Exploited Vulnerabilities to KEV Across Fortinet, Microsoft, and Adobe

CISA added six vulnerabilities to its Known Exploited Vulnerabilities catalog due to active exploitation: CVE-2026-21643 (Fortinet FortiClient EMS SQL injection), CVE-2020-9715 (Adobe Acrobat Reader use-after-free), CVE-2023-36424 (Windows CLFS out-of-bounds read), CVE-2023-21529 (Exchange Server deserialization leading to remote code execution), CVE-2025-60710 (Windows Task Scheduler local privilege escalation), and CVE-2012-1854 (VBA insecure library loading enabling remote code execution). Defused Cyber reported exploitation of CVE-21643 since March 24, 2026; Storm-1175 has weaponized CVE-2023-21529 to deliver Medusa ransomware; CVE-2012-1854 had targeted-attack activity in 2012. No public exploitation yet for the other three. FCEB agencies must patch by April 27, 2026, with FortiClient EMS fixes due by April 16, 2026.

Fortinet patches critical FortiSIEM flaw enabling unauthenticated remote code execution
security5 months ago

Fortinet patches critical FortiSIEM flaw enabling unauthenticated remote code execution

Fortinet released patches for FortiSIEM to fix CVE-2025-64155, an unauthenticated OS command injection that could let an attacker execute code via crafted requests to the phMonitor service on port 7900, potentially enabling a reverse shell and root-level control. The flaw affects multiple FortiSIEM versions; users should upgrade to fixed releases or restrict access to port 7900 as a workaround. The advisory also patches a separate FortiFone vulnerability (CVE-2025-47855).

Critical FortiOS/FortiSwitchManager flaw enables remote code execution
cybersecurity5 months ago

Critical FortiOS/FortiSwitchManager flaw enables remote code execution

Fortinet disclosed a critical heap-based buffer overflow vulnerability in the cw_acd daemon affecting FortiOS and FortiSwitchManager that allows remote, unauthenticated attackers to execute arbitrary code by sending specially crafted requests. Fortinet has issued advisories and patches across multiple FortiOS branches, FortiSASE, and FortiSwitchManager, and urges immediate upgrades to mitigate risk of full-system compromise (no CVE assigned yet). In the meantime, mitigations include disabling fabric access on interfaces and blocking CAPWAP-CONTROL traffic (UDP ports 5246–5249) via local-in policies, along with monitoring cw_acd activity and segmenting management interfaces.

Fortinet SSL VPN and FortiGate vulnerabilities under active attack
security6 months ago

Fortinet SSL VPN and FortiGate vulnerabilities under active attack

Fortinet has issued a warning about active exploitation of a five-year-old vulnerability in FortiOS SSL VPN (CVE-2020-12812) that allows attackers to bypass two-factor authentication under certain configurations, especially involving LDAP integration and case-sensitive username matching. Organizations are advised to update their systems or disable username sensitivity to mitigate the risk, and to contact support if they suspect exploitation.

Top Stock Movers to Watch Today: Eli Lilly, Fortinet, Airbnb, and More
finance11 months ago

Top Stock Movers to Watch Today: Eli Lilly, Fortinet, Airbnb, and More

Stocks declined following Trump's tariffs and higher-than-expected jobless claims, with notable movements including Eli Lilly dropping 14% after weight-loss pill data, Fortinet falling 25% despite strong earnings, and Sunrun soaring 32% on robust earnings. Other significant changes involved AppLovin, Airbnb, Peloton, Vistra, DraftKings, Duolingo, Lyft, and Zillow, reflecting mixed earnings results and outlooks amid economic uncertainties.

Winos4.0 Malware Targets Windows Gamers via Game Apps
cybersecurity1 year ago

Winos4.0 Malware Targets Windows Gamers via Game Apps

Cybercriminals are exploiting gaming applications to distribute Winos4.0, a malicious software framework that allows full control over infected Windows machines. This malware, derived from Gh0strat, is similar to Cobalt Strike and Sliver, and is used in campaigns like Silver Fox, linked to Chinese state actors. The attack involves multiple stages, starting with a gaming-related lure and progressing through DLL injections and C2 communications, ultimately establishing a persistent backdoor for data theft and system control. Fortinet advises downloading software only from trusted sources to avoid such threats.

"Fortinet Addresses Critical Vulnerabilities Across FortiClientLinux and Other Products"
cybersecurity2 years ago

"Fortinet Addresses Critical Vulnerabilities Across FortiClientLinux and Other Products"

Fortinet has released critical security patches to address a vulnerability in FortiClientLinux that could allow arbitrary code execution. The vulnerability, tracked as CVE-2023-45590, affects specific versions of FortiClientLinux and is attributed to an "Improper Control of Generation of Code" flaw. Additionally, Fortinet's April 2024 security patches also resolve issues with FortiClientMac installer and FortiOS/FortiProxy, emphasizing the importance of keeping systems up-to-date to mitigate potential threats.

"Fortinet FortiOS Bug CVE-2024-21762 Affects 150,000 Internet-Facing Devices"
cybersecurity2 years ago

"Fortinet FortiOS Bug CVE-2024-21762 Affects 150,000 Internet-Facing Devices"

A critical vulnerability, CVE-2024-21762, in Fortinet FortiOS SSL VPN could potentially impact 150,000 exposed devices, with the majority located in the United States. The vulnerability, which allows for remote code execution, has been actively exploited in attacks in the wild. Fortinet has recommended disabling SSL VPN as a workaround and has provided a list of impacted versions and available solutions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, and researchers continue to monitor the situation.

"Fortinet Flaw Exposes 150,000 Devices to Critical Vulnerability"
cybersecurity2 years ago

"Fortinet Flaw Exposes 150,000 Devices to Critical Vulnerability"

Approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows code execution without authentication. The vulnerability is actively being exploited by attackers, with over 24,000 vulnerable devices in the United States alone. Companies are advised to check their SSL VPN systems for vulnerability and take necessary mitigation steps to protect their networks.

"Fortinet's Ongoing Battle: Exploited RCE Flaws and Urgent Patching"
cybersecurity2 years ago

"Fortinet's Ongoing Battle: Exploited RCE Flaws and Urgent Patching"

CISA confirms active exploitation of a critical remote code execution (RCE) bug (CVE-2024-21762) in Fortinet's FortiOS operating system, urging immediate patching or SSL VPN disabling to mitigate risks. Fortinet's confusing disclosure process regarding other RCE vulnerabilities (CVE-2024-23108 and CVE-2024-23109) in FortiSIEM was clarified, emphasizing the need to secure all Fortinet devices due to the high likelihood of exploitation by malicious actors for cyber espionage and ransomware attacks.

"Fortinet's Critical Flaws: Urgent Patching Needed Amid Ongoing Exploitation"
technology2 years ago

"Fortinet's Critical Flaws: Urgent Patching Needed Amid Ongoing Exploitation"

Fortinet faced a tumultuous week with the disclosure of critical security vulnerabilities in its FortiOS, including an SSL VPN flaw that allows for remote code execution. The company also faced backlash for a confusing double bug disclosure and a disputed claim about toothbrushes being used in a DDoS attack. Fortinet's delayed and conflicting responses to these issues have drawn criticism, while security researchers urge users to patch vulnerable VPNs and upgrade to fixed releases.