SecurityAffairs: Fortinet fixed a critical flaw in FortiOS and FortiProxy https://securityaffairs.com/148395/hacking/fortinet-fortios-fortiproxy-critical-bug-2.html #informationsecuritynews #ITInformationSecurity #PierluigiPaganini #SecurityAffairs #CVE-2023-33308 #BreakingNews #SecurityNews #hackingnews #Security #Fortinet #Hacking #FortiOS

SecurityOnline: CVE-2023-33308: Fortinet Patches Critical RCE Vulnerability in FortiOS/FortiProxy https://securityonline.info/cve-2023-33308-fortinet-patches-critical-rce-vulnerability-in-fortios-fortiproxy/ #CVE-2023-28001 #CVE-2023-33308 #Vulnerability #FortiProxy #FortiOS

"For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release. If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading."

https://www.fortinet.com/blog/psirt-blogs/analysis-of-cve-2023-27997-and-clarifications-on-volt-typhoon-campaign #Fortinet #SysAdmin #FortiOS #CVE #Security

https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-rce-flaw-in-fortigate-ssl-vpn-devices-patch-now/amp/ #sysadmin #fortinet #fortios #cve

Gli exploit su Fortinet FortiOS sono stati utilizzati per colpire delle organizzazioni governative

Dei #threatactors non meglio identificati hanno utilizzato i nuovi #exploit per sfruttare la #vulnerabilità #zeroday di #FortiOS che è stata corretta all’inizio di questo mese. Gli attacchi prendono di mira grandi organizzazioni governative in tutto il mondo.

Il 7 marzo, #Fortinet ha rilasciato #aggiornamenti di sicurezza per affrontare una #vulnerabilità critica identificata come CVE-2022-41328. Tale #bug di sicurezza ha consentito agli aggressori di eseguire in codice remoto non autorizzato su un #sistema bersaglio.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://www.redhotcyber.com/post/gli-exploit-su-fortinet-fortios-sono-stati-utilizzati-per-colpire-delle-organizzazioni-governative/

Advanced actor targets #Fortinet #FortiOS in attacks on govt entities
https://securityaffairs.com/143458/hacking/attacks-fortinet-fortios.html
#securityaffairs #hacking #malware

#Schwachstellen in #FortiOS, FortiProxy und #Veeam, #Emotet wieder aktiv, #Cyberangriffe auf Karlsruhe, Rastatt, Hospital Clínic Barcelona, und Rheinmetall, Festnahme von zwei #Ransomware Mitgliedern und #Iran startet #Cyberspionage-Kampagne gegen Frauen.

https://www.lastbreach.de/blog/die-weekly-hacker-news-230313

Happy Monday folks, I hope you had a restful weekend and managed to take a breather from all things cyber! Time to get back into it though, so let me give you hand - catch up on the week’s infosec news with the latest issue of our newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf

#Emotet are back and are using…OneNote lures? ISO disk images? Malvertising? Nah – they’re sticking with tier tried and true TTPs – their Red Dawn maldoc template from last year; macro-enabled documents as lures, and null-byte padding to evade automated scanners.

We’ve highlighted a report on the Xenomorph #Android Banking Trojan, which added support for targeting accounts of over 400 banks; automated bypassing of MFA-protected app logins, and a Session Token stealer module. With capabilities like these becoming the norm, is it time to take a closer look at the threat Mobile Malware could pose to enterprise networks?

North Korean hackers have demonstrated yet again that they’re tracking and integrating the latest techniques, and investing in malware development. A recent campaign saw eight new pieces of malware distributed throughout the kill chain, leveraging #Microsoft #InTune to deliver payloads and an in-memory dropper to abuse the #BYOVD technique and evade EDR solutions.

A joint investigation by #Mandiant and #SonicWall has unearthed a two-year campaign by Chinese actors, enabled through exploitation of unpatched SMA100 appliances and delivery of tailored payloads. A critical vulnerability reported by #Fortinet this week helps reinforce the point that perimeter devices need to be patched with urgency, as it’s a well-documented target for Chinese-affiliated actors.

#HiatusRAT is a novel malware targeting #DrayTek routers, sniffing network traffic and proxying C2 traffic to forward-deployed implants. TTPs employed in recent #BatLoader and #Qakbot campaigns are also worth taking note of, as is #GoBruteforcer, a new malware family targeting specific web server applications to brute force logins and deploy an IRC bot for C2.

Those in Vulnerability Management should take particular note of the #Veeam vulnerability, which appears trivial to exploit and actually delivers plaintext credentials to the attacker. CISA have also taken note of nearly 40k exploit attempts of a 2 year old code-exec-as-root vulnerability in the #VMWare Cloud Foundation product in the last two months, so make sure you’re patched against it.

#Redteam members have some excellent reading to look forward to, looking at HTTP request smuggling to harvest AD credentials and persisting with a MitM Exchange server, as well as a detailed post that examines #CobaltStrike’s reflective loading capability;

The #blueteam has some great tradecraft tips from @inversecos on #Azure DFIR, as well as tools to help scan websites for malicious objects, and to combat the new #Stealc #infostealer and well-established Raccoon Stealer.

Catch all this and much more in this week's newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #newsletter #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #DarkWeb #mdm #dprk #FortiOS #FortiProxy

Fortinet: un nuovo difetto critico su FortiOS e FortiProxy potrebbe fornire ai malintenzionati l’accesso remoto

Il 7 marzo 2023,# Fortinet ha rilasciato 15 nuovi avvisi #PSIRT relativi alle #vulnerabilità nei suoi prodotti.

Tra tutti gli avvisi, ce nè uno di severtity bassa, otto medi, cinque alti e uno con valutazione critica. Questi avvisi riguardano #FortiOS, FortiAnalyzer, FortiManager, FortiPortal, FortiSwitch, #FortiNAC, #FortiProxy, FortiRecorder, FortiSOAR e #FortiWeb.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://www.redhotcyber.com/post/fortinet-un-nuovo-difetto-critico-su-fortios-e-fortiproxy-potrebbe-fornire-ai-malintenzionati-laccesso-remoto/

A critical flaw affects #Fortinet #FortiOS and #FortiProxy, patch it now!
https://securityaffairs.com/143227/security/fortinet-fortios-fortiproxy-critical-bug.html
#securityaffairs #hacking

❗​Critical (9.3 CVSS) CVE dropped for #FortiOS today. I recommend applying mitigations and updating your #FortiGate firewalls ASAP.

FortiGuard PSIRT: https://www.fortiguard.com/psirt/FG-IR-23-001

Best Practices that mitigate this vuln:

• Don't expose your admin interfaces to the internet
• Use non-standard ports for your admin access (not 80/443)
• Configure a Local In policy to limit IP addresses that can reach the admin interface (preferably to a set of jump hosts or Privileged Access Workstations)

New #Fortinet disclosure of Critical rating. CVE-2023-25610 affects various versions of #FortiOS. Source: https://www.fortiguard.com/psirt/FG-IR-22-477

Affected Products

FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS 6.2 all versions

FortiProxy version 7.2.0 through 7.2.1
FortiProxy version 7.0.0 through 7.0.7
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions

#InfoSec #CVE

New #Fortinet disclosure of Critical rating. CVE-2023-25610 affects various versions of #FortiOS. Source: https://www.fortiguard.com/psirt/FG-IR-22-477

Just noticed the new #Fortinet #FortiOS updates/advisories less than an hour before the end of the day when I'm supposed to be off tomorrow and Monday. I'm not taking any chances with my time and am going to patch quickly. By my count so far, 2 vulns rated High, 5 rated Medium, 1 Low

FortiOS 7.2.4 with a neat default behavior change:
"For new firewall policies with a deny action, set match-vip is enabled by default. When upgrading from a previous version, existing policy settings for match-vip are preserved." #fortigate #fortios #fortinet

#BoldMove : retour sur la réminiscence d’une vulnérabilité #0day sous #FortiOS et des VPNs #Fortinet !

https://blog.sosordi.net/2023/02/boldmove-retour-sur-la-reminiscence-dune-vulnerabilite-0-day-sous-fortios-et-des-vpns-fortinet.html

#securite #data #vieprivee #VPN

If you missed this: #cybersecurity #malware #Linux #Windows

Report: Cyberespionage threat actor exploits CVE-2022-42475 #FortiOS vulnerability https://www.techrepublic.com/article/mandiant-report-boldmove/

FortiOS SSL-VPN: la vulnerabilità 0-day sfruttata dagli hacker cinesi

Lo scorso autunno, gli hacker governativi cinesi hanno utilizzato una #vulnerabilità in #FortiOS #SSLVPN come #attacco #0day contro le agenzie #governative europee e contro un fornitore di servizi gestiti (#MSP) senza nome in Africa.

Gli specialisti di #Mandiant hanno affermato che gli aggressori hanno sfruttato la #vulnerabilità CVE-2022-42475 (un di heap buffer overflow in FortiOS #sslvpnd) che consente l’#esecuzione di #codice in modalità remota su dispositivi vulnerabili senza #autenticazione.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://www.redhotcyber.com/post/fortios-ssl-vpn-la-vulnerabilita-0-day-sfruttata-dagli-hacker-cinesi/

My collection of #infosec resources and links I have found insightful and shared during week #03 of 2023.

Includes, but not only:

• Exploits released for two #Samsung Galaxy App Store vulnerabilities
• Crims steal data on 40 million T-Mobile US customers
• #PayPal accounts breached in large-scale credential stuffing attack
• Suspected Chinese Threat Actors Exploiting #FortiOS Vulnerability (CVE-2022–42475)
• #Ukraine links data-wiping attack on news agency to Russian hackers
• #MailChimp discloses new breach after employees got hacked
• #Git patches two critical remote code execution security flaws
• How AI chatbot #ChatGPT changes the #phishing game
• #Norton LifeLock Password Manager Accounts Compromised

#cybersecurity #security

https://0x58.medium.com/my-shared-links-week-03-2023-3ec32f59dc85

Government networks under attack by unknown hackers exploiting Fortinet FortiOS SSL-VPN zero-day vulnerability:
https://youtu.be/WWYiqOjQCg8
#cybersecurity #hacking #Fortinet #FortiOS #SSLVPN #zerodayvulnerability"