InfoSecBulletin Cybersecurity for mankind
Fortinet customers must apply the latest updates, as almost 50,000 management interfaces remain vulnerable to the latest zero-day exploit.
The Shadowserver Foundation reports that 48,457 Fortinet devices remain publicly exposed and unpatched for CVE-2024-55591, despite urgent warnings in the last week.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
The situation hasn’t improved. Shadowserver started tracking exposed devices on January 16, two days after the zero-day CVE identifier was released, and found nearly 52,000 vulnerable instances.
Asia has the highest number of vulnerable firewalls accessible online, totaling 20,687, followed by North America with 12,866 and Europe with 7,401.
The register said, Last week Arctic Wolf Labs’ lead threat intelligence researcher Stefan Hostetler said exploits have been widespread, opportunistic, and date back to December.
He added that once they’ve pwned their target, attackers appear to be stealing credentials and using them to worm their way through the victim’s network with admin privileges. The rest of the details are still being gathered, but – needless to say – an intruder with admin access is not a welcome addition to the network.
“What we can say is that ransomware is not off the table,” Hostetler said, citing similar tactics used in the past by the likes of Akira and Fog.
Fortinet’s advisory provides details on upgrading to a safe version of FortiOS and FortiProxy or implementing a temporary workaround.
Recommended actions include:
Upgrade Firmware: Update to FortiOS 7.0.17 or newer and FortiProxy 7.2.13 or newer.
Restrict Access: Disable HTTP/HTTPS administrative interfaces or limit access to trusted IP addresses using local-in policies.
Monitor Networks: Review indicators of compromise (IoCs), such as unauthorized account creation or changes to firewall configurations.
Source: theregister, cybersecuritynews, the Shadowserver Foundation
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
