CISA Mandates Urgent Patch for Actively Exploited Critical Fortinet Vulnerabilities
US government agencies have until July 19 to patch two critical Fortinet vulnerabilities
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
US government agencies have until July 19 to patch two critical Fortinet vulnerabilities
CISA on Thursday ordered government agencies to prioritize patching two actively exploited vulnerabilities in the Fortinet FortiSandbox threat detection platform. [...]
CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet's FortiWeb web application firewall, which was exploited in zero-day attacks. [...]
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner
No word on when or if the issue will be fixed Chinese government-linked snoops are exploiting a zero-day bug in Fortinet's Windows VPN client to steal credentials and other information, according to memory forensics outfit Volexity.…
U.S. Federal Government Gives Agencies Three Weeks to Patch or MitigateFortinet disclosed an actively exploited vulnerability in its centralized management platform following more than a week of online chatter that edge device manufacturer products have been under renewed attack. Cybersecurity researcher Kevin Beaumont christened the vulnerability "FortiJump."
Hackers May Have Reverse-Engineered February PatchHackers may have circumvented a months-old patch for Fortinet gateway devices leading to a warning from the U.S. federal government over its active exploitation. Some security researchers say a February patch may not have fully squashed a flaw.
Also: Catching Up With Spain's Most Dangerous HackerThis week, the FCC OK'd cybersecurity labeling, DarkGate exploited Google, Fortinet patched a bug, cyberattacks hit the French government and employment agencies, Google restricted Gemini AI chatbot and paid bug bounties, Microsoft had Patch Tuesday, Marine Max was attacked, and Alcasec moved on.
Users urged to apply updates to FortiOS SSL-VPN after attackers may have leveraged a recently discovered vulnerability in attacks against government, manufacturing, and critical infrastructure organizations.
Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been "exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors
Fortinet says a critical FortiOS SSL VPN vulnerability that was patched last week "may have been exploited" in attacks impacting government, manufacturing, and critical infrastructure organizations. [...]
An unnamed government entity associated with the United Arab Emirates (U.A.E.) was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange
A suspected Chinese hacking group has been linked to a series of attacks on government organizations exploiting a Fortinet zero-day vulnerability (CVE-2022-41328) to deploy malware. [...]
Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption
Unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss. [...]
Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware. [...]
A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa
A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations
Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets. [...]