#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

Fortinet | Breaking Cybersecurity News | The Hacker News

Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware

Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware

Oct 21, 2022
A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. "The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency," Fortinet FortiGuard Labs researcher Cara Lin  said  in a Thursday report. The issue, tracked as CVE-2022-22954 (CVSS score: 9.8), concerns a remote code execution vulnerability that stems from a case of server-side template injection. Although the shortcoming was addressed by the virtualization services provider in April 2022, it has since come under active exploitation in the wild. Fortinet said it observed in August 2022 attacks that sought to weaponize the flaw to deploy the  Mirai botnet  on Linux devices as well as the RAR1Ransom and  GuardMiner , a variant of the XMRig Monero miner. The Mirai sample is retrieved fr
PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks

PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks

Oct 14, 2022
A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager, making it imperative that users move quickly to apply the patches. "FortiOS exposes a management web portal that allows a user to configure the system," Horizon3.ai researcher James Horseman  said . "Additionally, a user can SSH into the system which exposes a locked down CLI interface." The issue, tracked as  CVE-2022-40684  (CVSS score: 9.6), concerns an  authentication bypass  vulnerability that could allow a remote attacker to perform malicious operations on the administrative interface via specially crafted HTTP(S) requests. A successful exploitation of the shortcoming is tantamount to granting complete access "to do just about anything" on the affected system, including altering network configurations, adding malicious users, and intercepting network traffic. That said,
Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug

Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug

Oct 11, 2022
Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild. Tracked as  CVE-2022-40684  (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could allow a remote attacker to perform unauthorized operations on the administrative interface via specially crafted HTTP(S) requests. "Fortinet is aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following indicator of compromise in the device's logs: user='Local_Process_Access,'" the company  noted  in an advisory. The list of impacted devices is below - FortiOS version 7.2.0 through 7.2.1 FortiOS version 7.0.0 through 7.0.6 FortiProxy version 7.2.0 FortiProxy version 7.0.0 through 7.0.6 FortiSwitchManager version 7.2.0, and FortiSwitchManager version 7.0.0 Updates hav
Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy

Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy

Oct 07, 2022
Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as CVE-2022-40684 (CVSS score: 9.6), the critical flaw relates to an authentication bypass vulnerability that may permit an unauthenticated adversary to carry out arbitrary operations on the administrative interface via a specially crafted HTTP(S) request. The issue impacts the following versions, and has been addressed in FortiOS versions  7.0.7  and  7.2.2 , and FortiProxy versions 7.0.7 and 7.2.1 released this week: FortiOS - From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1 FortiProxy - From 7.0.0 to 7.0.6 and 7.2.0 "Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade," the company  cautioned  in an alert shared by a security researcher w
Hackers Exploiting Follina Bug to Deploy Rozena Backdoor

Hackers Exploiting Follina Bug to Deploy Rozena Backdoor

Jul 09, 2022
A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin  said  in a report this week. Tracked as  CVE-2022-30190 , the now-patched Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability has come under heavy exploitation in recent weeks ever since it came to light in late May 2022. The starting point for the latest attack chain observed by Fortinet is a weaponized  Office document  that, when opened, connects to a  Discord CDN URL  to retrieve an HTML file (" index.htm ") that, in turn, invokes the diagnostic utility using a PowerShell command to download next-stage payloads from the same CDN attachment space. This includes the Rozena implant ("Word
Cisco and Fortinet Release Security Patches for Multiple Products

Cisco and Fortinet Release Security Patches for Multiple Products

Jul 06, 2022
Cisco on Wednesday rolled out patches for  10 security flaws  spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks. The issues, tracked as  CVE-2022-20812 and CVE-2022-20813 , affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and "could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device," the company  said  in an advisory. CVE-2022-20812 (CVSS score: 9.0), which concerns a case of arbitrary file overwrite in the cluster database API, requires the authenticated, remote attacker to have Administrator read-write privileges on the application so as to be able to mount path traversal attacks as a root user. "This vulnerability is due to insufficient input validation of user-supplied command arguments," the company said. "An attacker could exploit this vulnerability by authenticati
Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers

Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers

Apr 04, 2022
A variant of the Mirai botnet called Beastmode has been observed adopting newly disclosed vulnerabilities in TOTOLINK routers between February and March 2022 to infect unpatched devices and expand its reach potentially. "The Beastmode (aka B3astmode) Mirai-based DDoS campaign has aggressively updated its arsenal of exploits," Fortinet's FortiGuard Labs Research team  said . "Five new exploits were added within a month, with three targeting various models of TOTOLINK routers." The list of exploited vulnerabilities in TOTOLINK routers is as follows - CVE-2022-26210  (CVSS score: 9.8) - A command injection vulnerability that could be exploited to gain arbitrary code execution CVE-2022-26186  (CVSS score: 9.8) - A command injection vulnerability affecting TOTOLINK N600R and A7100RU routers, and CVE-2022-25075 to CVE-2022-25084  (CVSS scores: 9.8) - A command injection vulnerability impacting multiple TOTOLINK routers, leading to code execution The other e
Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF

Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF

Aug 18, 2021
Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page," cybersecurity firm Rapid7  said  in an advisory published Tuesday. "This vulnerability appears to be related to  CVE-2021-22123 , which was addressed in  FG-IR-20-120 ." Rapid7 said it discovered and reported the issue in June 2021. Fortinet is expected to release a patch at the end of August with version Fortiweb 6.4.1. The command injection flaw is yet to be assigned a CVE identifier, but it has a severity rating of 8.7 on the CVSS scoring system. Successful exploitation of the vulnerability can allow auth
Fortnite Flaws Allowed Hackers to Takeover Gamers' Accounts

Fortnite Flaws Allowed Hackers to Takeover Gamers' Accounts

Jan 16, 2019
Check Point researchers have discovered multiple security vulnerabilities in Fortnite, a massively popular online battle game, one of which could have allowed remote attackers to completely takeover player accounts just by tricking users into clicking an unsuspectable link. The reported Fortnite flaws include a SQL injection, cross-site scripting (XSS) bug, a web application firewall bypass issue, and most importantly an OAuth account takeover vulnerability. Full account takeover could be a nightmare, especially for players of such a hugely popular online game that has been played by 80 million users worldwide, and when a good Fortnite account has been sold on eBay for over $50,000. The Fortnite game lets its players log in to their accounts using third-party Single Sign-On (SSO) providers, such as Facebook, Google, Xbox, and PlayStation accounts. According to the researchers, the combination of cross-site scripting (XSS) flaw and a malicious redirect issue on the Epic Games&
Leaked Exploits are Legit and Belong to NSA: Cisco, Fortinet and Snowden Docs Confirm

Leaked Exploits are Legit and Belong to NSA: Cisco, Fortinet and Snowden Docs Confirm

Aug 20, 2016
Last week, a group calling itself " The Shadow Brokers " published what it said was a set of NSA "cyber weapons," including some working exploits for the Internet's most crucial network infrastructure, apparently stolen from the agency's Equation Group in 2013. Well, talking about the authenticity of those exploits, The Intercept published Friday a new set of documents from the Edward Snowden archive, which confirms that the files leaked by the Shadow Brokers contain authentic NSA software and hacking tools used to secretly infect computers worldwide. As I previously mentioned , the leaked documents revealed how the NSA was systematically spying on customers of big technology companies like Cisco, Fortinet, and Juniper for at least a decade. Hacking tools from The Shadow Brokers leak named ExtraBacon, EpicBanana, and JetPlow, contain exploits that can compromise Cisco firewall products including devices from the Adaptive Security Appliance (ASA) li
Rodpicom Botnet spreading via Skype and MSN Messenger

Rodpicom Botnet spreading via Skype and MSN Messenger

Feb 10, 2013
Malwares are getting updated during the age of social networking. FortiGuard Labs researchers have discovered a new malware called ' Rodpicom Botnet ' that spreads via messaging applications such as Skype and MSN Messenger. Dubbed W32/Rodpicom.A - Rodpicom Botnet sends a message to the victim with a link to a malicious site that leads to downloadable content. When the user clicks the link, the attack downloads another strain of malware, known as Dorkbot . Once the target machine is infected, it checks to see if the victim is using any messaging applications such as Skype or MSN Messenger.  It is revealed that, the malware employs new stealth tactics, including an exception handling technique that generates its own error to dodge analysis and relies on an anti-emulator that attacks the heuristic-scanning capabilities in antivirus software and enables its code to jump around several hundred times. The malware is enough smart to checks the language of the installed operating
More Resources

Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.