Fortinet Releases Security Updates for Multiple Products

Fortinet has released security updates for various products, including OS and FortiProxy, to fix vulnerabilities that could allow a cyber threat actor to take control of a system.

CISA encourages users and administrators to take the following steps for enhanced security:

• Cyber Attack
• Data Breach
• Vulnerabilities

B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum

By infosecbulletin / Saturday , February 22 2025

On February 19, 2025, the illegal marketplace B1ack's Stash released over 1 million unique stolen credit and debit card details...

Read More

• Cyber Attack

Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks

By infosecbulletin / Saturday , February 22 2025

Cisco Talos reported that  Salt Typhoon, also known as FamousSparrow and GhostEmperor, has been spying on U.S. telecommunication providers using...

Read More

• Cyber Attack

AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets

By infosecbulletin / Thursday , February 20 2025

A free tool is now available to scan public GitHub repositories for exposed AWS credentials. Security engineer Anmol Singh Yadav created...

Read More

• Cyber Attack

Check Point Flaw Used to Deploy ShadowPad and Ransomware

By infosecbulletin / Thursday , February 20 2025

An unknown threat cluster has targeted European healthcare organizations, deploying PlugX and ShadowPad. In some cases, these intrusions resulted in...

Read More

• Uncategorized

CVE-2024-12284
Citrix Issues Security Update for NetScaler Console

By infosecbulletin / Thursday , February 20 2025

Citrix has issued security updates for a serious vulnerability in the NetScaler Console and NetScaler Agent that could allow privilege...

Read More

• Alert
• Cyber Attack

CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries

By infosecbulletin / Thursday , February 20 2025

The FBI and CISA reported on Wednesday that the ransomware group Ghost has been exploiting software and firmware vulnerabilities as...

Read More

• Alert
• Vulnerabilities

Hacker chains multiple vulns to attack Palo Alto Firewall

By infosecbulletin / Thursday , February 20 2025

Palo Alto Networks has issued urgent warnings about threat actors to exploit vulnerabilities in PAN-OS, the operating system powering its...

Read More

• Uncategorized

150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

By infosecbulletin / Tuesday , February 18 2025

Indian government and educational websites, along with reputable financial brands, have experienced SEO poisoning, causing user traffic to be redirected...

Read More

• Alert
• Vulnerabilities

CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

By infosecbulletin / Tuesday , February 18 2025

The Cyber Threat Intelligence Unit of BGD e-GOV CIRT has found 600 vulnerable PRTG instances in Bangladesh, affected by the...

Read More

• Hot Topic

Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru

By infosecbulletin / Monday , February 17 2025

Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages to the tune of Rs...

Read More

FR-IR-23-345 FortiClientMac – Lack of configuration file validation:

An external control of file name or path vulnerability [CWE-73] in FortiClientMac’s installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

FG-IR-23-493 FortiOS & FortiProxy – Administrator cookie leakage

FG-IR-23-087 FortiClient Linux – Remote Code Execution due to dangerous nodejs configuration:

An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] in FortiClientLinux may allow
an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.