On Wednesday, the company confirmed that the attackers exploited FG-IR-18-384 / CVE-2018-13379: a path traversal weakness in Fortinet’s FortiOS that was discovered in 2018 and which has been repeatedly, persistently exploited since then.
FORTINET SUPPORT ACCOUNT PATCH
We strongly urge customers to implement both the patch upgrade and password reset as soon as possible.” A Creaky Old Bug Was Exploited Since May 2019, Fortinet has continuously communicated with customers urging the implementation of mitigations, including corporate blog posts in August 2019, July 2020, April 2021 and June 2021 For more information, please refer to our latest blog and PSIRT advisory.
FORTINET SUPPORT ACCOUNT UPDATE
The credentials were obtained from systems that have not yet implemented the patch update provided in May 2019. Fortinet is aware that a malicious actor has disclosed on a dark web forum, SSL-VPN credentials to access FortiGate SSL-VPN devices. “The security of our customers is our first priority. A spokesperson’s reply reiterated the statement put out on Wednesday: UPDATE: Threatpost reached out to Fortinet for clarification on how many devices were compromised. The geographical distribution of the Fortinet VPN SSL list. As the chart below shows, there are 22,500 victimized entities located in 74 countries, with 2,959 of them being located in the US. BleepingComputer didn’t test the credentials but said that all of the IP addresses check out as Fortinet VPN servers.Īccording to analysis done by Advanced Intel, the IP addresses are for devices worldwide.
The news outlet has analyzed the file and reported that it contains VPN credentials for 498,908 users over 12,856 devices. On Wednesday, BleepingComputer reported that it’s been in touch with a threat actor who leaked a list of nearly half a million Fortinet VPN credentials, allegedly scraped from exploitable devices last summer. Or then again, maybe the number is far greater.
Lesson learned and apologies to our readers.Ĭredentials pilfered from 87,000 unpatched Fortinet SSL-VPNs have been posted online, the company has confirmed. UPDATE: Subsequent reporting and disclosures show “Groove” was a hoax intended to lure media outlets into reporting on fake potential threats against U.S.
0 kommentar(er)
