Fortinet Archives – The Best Antivirus Software for 2022

Posts Tagged ‘Fortinet’

Sort

Critical Bug in VMware Products Is Used to Install Miners and Ransomware

Fortinet experts warn that hackers are still exploiting the critical bug in VMware Workspace ONE Access (CVE-2022-22954), thus spreading ransomware and cryptocurrency miners.

We also wrote that Some Versions of VMware Carbon Black Cause BSODs on Windows.

Let me remind you that the CVE-2022-22954 vulnerability is associated with remote arbitrary code execution and affects VMware Workspace ONE Access. The bug scored 9.8 out of 10 on the CVSS vulnerability rating scale, and VMware discovered and fixed the issue on April 6 this year. However, the attackers reversed this fix and within 48 hours created an exploit, which was then used to compromise yet unpatched servers.

In [...]

PoC Exploit for Critical Vulnerability in Fortinet Products Appeared

A PoC exploit has been published for the critical vulnerability CVE-2022-40684 in Fortinet products, which affects FortiGate firewalls, FortiProxy web proxy, and FortiSwitch Manager. This bug is rated 9.6 points out of 10 on the CVSS scale and allows a complete authentication bypass.

Let me remind you that we also wrote that Hackers leaked credentials of 500,000 Fortinet VPN accounts to the public.

Fortinet developers reported a critical vulnerability in their products earlier this week, and released patches for a dangerous problem that was already under attack at that time.

Authentication bypass using alternative path or channel [CWE-88] in FortiOS and FortiProxy allows [...]

Hackers leaked credentials of 500,000 Fortinet VPN accounts to the public

Researchers report that a Fortinet VPN credential list of nearly 500,000 usernames and passwords is being distributed on hacker forums.

These credentials were allegedly copied from vulnerable devices last summer. The attackers say that the vulnerability used to collect information has already been fixed, but many of the credentials are still valid.

Bleeping Computer writes that the list of credentials was released free of charge by hacker Orange, who is the administrator of the recently launched hack forum RAMP and a former operator of Babuk.

Previously, due to disagreements between members of the hack group Bubuk, Orange separated from the team to found RAMP, [...]

US authorities warned of attacks by APT groups through vulnerabilities in Fortinet FortiOS VPN

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have warned that highly skilled hackers can exploit vulnerabilities in Fortinet FortiOS VPN in an attempt to target medium and large businesses.

Fortinet — is an American company that specializes in the development and promotion of software, solutions and services in the field of information security.

In the Joint Cybersecurity Advisory (CSA) published, the agencies warn admins and users that the state-sponsored hacking groups are “likely” exploiting Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.

“APT groups can use these vulnerabilities and other [...]

CyberArk Labs Experts Identified Bugs in Popular Antivirus Products

CyberArk Labs specialists published a report revealing a number of bugs in popular antivirus products from leading industry brands. According to this report, high privileges of antivirus software make it more vulnerable.

As a result, security solutions can be used for file manipulation attacks, and malware can gain elevated rights in the system.

Errors of this kind have been found in products from Kaspersky, McAfee, Symantec, Fortinet, Check Point, Trend Micro, Avira, and Microsoft Defender.

Currently, developers have already fixed all the problems, and the identifiers assigned to them can be seen below (Avast and F-Secure solutions are still awaiting CVE [...]

	8.4
	8.5
	8.3
	7.8
	7.1
	7.8

8.4

8.5

8.3

7.8

7.1

7.8