15K Fortinet Device Configs Leaked to the Dark Web
The stolen firewall data is thorough but more than 2 years old now, meaning that most organizations following even basic security practices face minimal risk, hopefully.
Discover the latest Fortinet cybersecurity insights, updates, and solutions. Protect your information with cutting-edge Fortinet security news and trends.
Search across headline titles and summaries.
Background for this topic.
Fortinet is a cybersecurity vendor best known for FortiGate, a network firewall platform running FortiOS. FortiGate appliances, virtual machines, and cloud deployments provide traffic filtering, VPN access, intrusion prevention, and network segmentation; related products manage devices, collect security telemetry, or protect endpoints. FortiGuard Labs supplies threat intelligence and detection updates used across parts of this ecosystem.
Fortinet matters to security teams because its devices commonly sit at network boundaries and may expose administrative interfaces or SSL-VPN services to the internet. Vulnerabilities in FortiOS or supporting products can therefore create a path to authentication bypass, unauthorized access, or interception of remote connections when affected configurations are present. Practitioners should track Fortinet advisories, promptly apply firmware and signature updates, restrict management access, use multifactor authentication where supported, and monitor device logs and configuration changes. During an incident, preserve firewall and VPN telemetry and review connected systems rather than treating the appliance as an isolated asset.
The stolen firewall data is thorough but more than 2 years old now, meaning that most organizations following even basic security practices face minimal risk, hopefully.
Competition hots up with Ivanti over who can have the worst start to a year Fortinet has confirmed that previous analyses of records leaked by the Belsen Group are indeed genuine FortiGate configs stolen during a zero-day raid in 2022.…
Actively Targeted Zero Day Patched; Warning Issued After Device Configurations LeakFortinet has released patches to fix a zero-day vulnerability being actively exploited by attackers. Separately, researchers are warning customers to review their infrastructure after attackers leaked configuration details - including firewall rules and plaintext VPN passwords - for 15,000 devices.
The leak likely comes from a zero-day exploit affecting Fortinet’s products
A new report from Fortinet reveals increased adoption of multi-cloud strategies and hybrid implementations combining on-premises and public cloud infrastructure
The security provider published mitigation measures to prevent exploitation
An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication.
Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...]
Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet
Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg Miscreants running a "mass exploitation campaign" against Fortinet firewalls, which peaked in December, may be using an unpatched zero-day vulnerability to compromise the equipment, according to security researchers who say they've observed the intrusions.…