#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Web Proxy | Breaking Cybersecurity News | The Hacker News

Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy

Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy

Oct 07, 2022
Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as CVE-2022-40684 (CVSS score: 9.6), the critical flaw relates to an authentication bypass vulnerability that may permit an unauthenticated adversary to carry out arbitrary operations on the administrative interface via a specially crafted HTTP(S) request. The issue impacts the following versions, and has been addressed in FortiOS versions  7.0.7  and  7.2.2 , and FortiProxy versions 7.0.7 and 7.2.1 released this week: FortiOS - From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1 FortiProxy - From 7.0.0 to 7.0.6 and 7.2.0 "Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade," the company  cautioned  in an alert shared by a security researcher w
Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns

Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns

Sep 01, 2021
Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to  repurpose and weaponize legitimate platforms  to their advantage. "Malware is currently leveraging these platforms to monetize the internet bandwidth of victims, similar to how malicious cryptocurrency mining attempts to monetize the CPU cycles of infected systems," researchers from Cisco Talos  said  in a Tuesday analysis. "In many cases, these applications are featured in multi-stage, multi-payload malware attacks that provide adversaries with multiple monetization methods." Proxyware, also called internet-sharing applications, are legitimate services that allow users to carve out a percentage of their internet bandwidth for other devices, often for a fee, through a client application offered by the provider, enabling other customers to access the internet using
Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

Apr 15, 2024Active Directory / Attack Surface
To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access. This approach to  privileged identity management  aims to mitigate the risks associated with prolonged high-level access by granting privileges temporarily and only when necessary, rather than providing users with continuous high-level privileges. By adopting this strategy, organizations can enhance security, minimize the window of opportunity for potential attackers and ensure that users access privileged resources only when necessary.  What is JIT and why is it important?   JIT privileged access provisioning  involves granting privileged access to users on a temporary basis, aligning with the concept of least privilege. This principle provides users with only the minimum level of access required to perform their tasks, and only for the amount of time required to do so. One of the key advantages of JIT provisioning
Cybersecurity Resources