Attacker leaked thousands of Fortinet VPN accounts
By MYBRANDBOOK
Fortinet has warned that 87,000 credentials for FortiGate SSL VPN devices have been released online. The company said that it is aware of the disclosure and, after investigating the incident, has concluded that the credentials were obtained through the exploitation of CVE-2018-13379. It is a known security vulnerability affecting the FortiOS SSL VPN web tunnel software portal. According to BleepingComputer, a threat actor known as Orange – the administrator of the newly launched RAMP hacking forum and a previous operator of the Babuk ransomware operation – was behind the leak of Fortinet credentials.
According to analysis done by Advanced Intel, the IP addresses are for devices worldwide. As the chart below shows, there are 22,500 victimized entities located in 74 countries, with 2,959 of them being located in the US.
Using the leaked VPN credentials, attackers can perform data exfiltration, install malware and launch ransomware attacks.
The bug, which recently made it to the Cybersecurity and Infrastructure Security Agency’s (CISA’s) list of the top 30 most-exploited flaws, lets an unauthenticated attacker use specially crafted HTTP resource requests in order to download system files under the SSL VPN web portal.
Fortinet fixed the glitch in a May 2019 update (and has since then repeatedly urged customers to upgrade their devices to FortiOS 5.4.13, 5.6.14, 6.0.11, or 6.2.8 and above). But even if security teams patched their VPNs, if they didn’t also reset the devices’ passwords at the same time, the VPNs still might be vulnerable.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
ICONS OF INDIA : RAJIV MEMANI
As Chair of the EY Global Emerging Markets Committee, Rajiv connects e...
Icons Of India : Anil Agarwal
Anil Agarwal, the Founder and Chairman of Vedanta Resources Ltd., is r...
ICONS OF INDIA : RITESH AGARWAL
Ritesh Agarwal is an Indian billionaire entrepreneur and the founder a...
NPCI - National Payments Corporation of India
NPCI is an umbrella organization for operating retail payments and set...
C-DOT - Center of Development of Telematics
India’s premier research and development center focused on telecommu...
IOCL - Indian Oil Corporation Ltd.
IOCL is India’s largest oil refining and marketing company ...
Indian Tech Talent Excelling The Tech World - Dheeraj Pandey, CEO, DevRev
Dheeraj Pandey, Co-founder and CEO at DevRev , has a remarkable journe...
Indian Tech Talent Excelling The Tech World - AJAY BANGA, President - World Bank
Ajay Banga is an Indian-born American business executive who currently...
Indian Tech Talent Excelling The Tech World - PADMASREE WARRIOR, Founder, President & CEO - Fable
Padmasree Warrior, the Founder, President, and CEO of Fable, is revolu...