Saturday , February 1 2025

Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks

infosecbulletin Tuesday , June 13 2023 Data Breach, Hot Topic, International

Fortinet on Monday warned customers that a recently patched vulnerability, tracked as CVE-2023-27997, could be a zero-day flaw that has been exploited in limited attacks.

The vulnerability, which is a critical heap-based buffer overflow in the SSL-VPN module, can allow a remote hacker to execute arbitrary code or commands using specifically crafted requests.

Indian tech giant Tata Tech hit by ransomware attack

By infosecbulletin / Saturday , February 1 2025
Tata Technologies reported a ransomware incident affecting some IT services, but it did not disrupt client deliveries, according to a...
Read More
Indian tech giant Tata Tech hit by ransomware attack

Vulnarabilitties found in Cisco webex and VMware Aria operation

By infosecbulletin / Friday , January 31 2025
A serious cybersecurity flaw in Cisco Webex Chat has been discovered, allowing unauthorized attackers to access the chat histories of...
Read More
Vulnarabilitties found in Cisco webex and VMware Aria operation

Microsoft to boost M365 bounty program rewards Up to $27,000

By infosecbulletin / Friday , January 31 2025
Microsoft has announced a major expansion of its Microsoft 365 Bounty Program. The program now covers new Viva products for...
Read More
Microsoft to boost M365 bounty program rewards Up to $27,000

DeepSeek reveils over 1 million chat records; Italy Bans DeepSeek

By infosecbulletin / Friday , January 31 2025
Chinese AI startup DeepSeek has exposed two databases with sensitive user and operational information from its DeepSeek-R1 LLM model. Unsecured...
Read More
DeepSeek reveils over 1 million chat records; Italy Bans DeepSeek

Microsoft brings DeepSeeK to Azure AI Foundry and GitHub

By infosecbulletin / Thursday , January 30 2025
Microsoft has added DeepSeek’s R1 AI model to its Azure AI Foundry platform and GitHub. This lets customers easily integrate...
Read More
Microsoft brings DeepSeeK to Azure AI Foundry and GitHub

Hackers leverage Google’s subdomains, phone number to attack victims

By infosecbulletin / Thursday , January 30 2025
Scammers called a victim using Google's official support number and sent an email from an official subdomain. It's unclear how...
Read More
Hackers leverage Google’s subdomains, phone number to attack victims

DeepSeek Sensitive data exposed To Web: Wiz report

By infosecbulletin / Thursday , January 30 2025
New York-based cybersecurity firm Wiz has discovered sensitive data from the Chinese AI startup DeepSeek that was accidentally exposed on...
Read More
DeepSeek Sensitive data exposed To Web: Wiz report

“FirePass” starts its operation in Bangladesh officially

By infosecbulletin / Wednesday , January 29 2025
FirePass, a fire prevention and suppression system is officially started its operation in Bangladesh. Smart Data brings the world class...
Read More
“FirePass” starts its operation in Bangladesh officially

PoC Exploit Released for TP-Link Router XSS Vuln

By infosecbulletin / Wednesday , January 29 2025
A newly found XSS vulnerability, CVE-2024-57514, in the TP-Link Archer A20 v3 Router has raised security concerns for users. CVE-2024-57514 is...
Read More
PoC Exploit Released for TP-Link Router XSS Vuln

CVE-2024-40891
Zyxel CPE Zero-Day Exploited in the Wild

By infosecbulletin / Wednesday , January 29 2025
Security researchers have alerted about ongoing exploitation attempts of a newly found zero-day command injection vulnerability in Zyxel CPE Series...
Read More
CVE-2024-40891 Zyxel CPE Zero-Day Exploited in the Wild

ALSO READ:

Microsoft Warns of AitM Phishing Attacks Against Financial Organizations

Fortinet confirmed that the vulnerability was reported to the company by researchers Charles Fol and Dany Bach from French cybersecurity firm Lexfo. The company also confirmed that the vulnerability has been patched in the latest FortiOS and FortiProxy updates.

However, Fortinet said that it is possible that the vulnerability has already been exploited by attackers in limited cases. The company is working with customers to monitor the situation and is urging customers to upgrade to the latest firmware as soon as possible.

The vulnerability is not believed to be related to the Volt Typhoon campaign, which was detailed by Microsoft in May. The Volt Typhoon campaign is a Chinese state-sponsored operation that has been targeting critical infrastructure organizations in the US territory of Guam. Microsoft said that the hackers exploited internet-exposed Fortinet FortiGuard firewalls for initial access. Fortinet believes that the Volt Typhoon campaign has exploited CVE-2022-40684, a security hole that has been widely exploited for initial access since at least the fall of 2022.

Fortinet customers are advised to upgrade to the latest firmware as soon as possible to protect themselves from this vulnerability. The latest firmware can be found on Fortinet’s website.

In addition to upgrading their firmware, Fortinet customers should also implement other security measures to protect themselves from attack, such as using strong passwords, enabling multi-factor authentication, and keeping their software up to date.

Source: FortiGuard labs

Check Also

OWASP

OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025

OWASP has released its updated list of the top 10 vulnerabilities in smart contracts for …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin