Attacker leaked thousands of Fortinet VPN accounts
By MYBRANDBOOK
Fortinet has warned that 87,000 credentials for FortiGate SSL VPN devices have been released online. The company said that it is aware of the disclosure and, after investigating the incident, has concluded that the credentials were obtained through the exploitation of CVE-2018-13379. It is a known security vulnerability affecting the FortiOS SSL VPN web tunnel software portal. According to BleepingComputer, a threat actor known as Orange – the administrator of the newly launched RAMP hacking forum and a previous operator of the Babuk ransomware operation – was behind the leak of Fortinet credentials.
According to analysis done by Advanced Intel, the IP addresses are for devices worldwide. As the chart below shows, there are 22,500 victimized entities located in 74 countries, with 2,959 of them being located in the US.
Using the leaked VPN credentials, attackers can perform data exfiltration, install malware and launch ransomware attacks.
The bug, which recently made it to the Cybersecurity and Infrastructure Security Agency’s (CISA’s) list of the top 30 most-exploited flaws, lets an unauthenticated attacker use specially crafted HTTP resource requests in order to download system files under the SSL VPN web portal.
Fortinet fixed the glitch in a May 2019 update (and has since then repeatedly urged customers to upgrade their devices to FortiOS 5.4.13, 5.6.14, 6.0.11, or 6.2.8 and above). But even if security teams patched their VPNs, if they didn’t also reset the devices’ passwords at the same time, the VPNs still might be vulnerable.
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Paytm brings UPI Lite Wallet for low-value transactions
Paytm’s parent company One97 Communications (OCL) is emphasizing upon UP...
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
RELIANCE JIO INFOCOMM LTD.
QUICK HEAL TECHNOLOGIES PVT. Ltd.
SECUREYE SERVICES PVT. LTD.
FINOLEX INDUSTRIES LTD.
Technology Icons Of India 2023: Kulmeet Bawa
Kulmeet Bawa resides as President & Managing Director, SAP Indian subc...
Technology Icons Of India 2023: Sunil Vachani
Sunil Vachani is the founder and chairman of India-listed Dixon Techno...
Technology Icons Of India 2023: Amit Chadha
. An influential leader in the engineering services industry for over ...
RailTel connecting every corner of India
RailTel is an ICT provider and one of the largest neutral telecom infr...
C-DAC keeps India ahead in IT & Electronics R&D space
Centre for Development of Advanced Computing (C-DAC) is the premier R&...
ECIL continues to keep India ahead in the growth of Information Technology and Electronics
ECIL played a very significant role in the training and growth of high...
BEETEL TELETECH LTD.
: Beetel is one of the oldest and most reputed brands in the Industry,...
TEXONIC INSTRUMENTS
Texonic has carved a niche for itself in the Technology Distribution i...
WPG C&C COMPUTERS & PERIPHERALS PVT. LTD.
WPG C&C Computers & Peripherals (India) was incorporated in 2008 and ...