SolarWinds Cyber Attack: Unprecedented Scale and Ongoing Impact
Download the PDF or Read the whole article online here,
A hacker has posted a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices.
Present on the list of vulnerable targets are domains belonging to high street banks and government organizations from around the world.
Researchers find thousands of targets
The vulnerability being referred to here is CVE-2018-13379, a path traversal flaw impacting a large number of unpatched Fortinet FortiOS SSL VPN devices.
Banks, finance, and govt organizations vulnerable
As observed by BleepingComputer, out of the 50,000 domains, over four dozen belonged to reputable banking, finance, and governmental organizations.
Fortinet has issued a statement with regards to this vulnerability:
"The security of our customers is our first priority. In May 2019 Fortinet issued a PSIRT advisory regarding an SSL vulnerability that was resolved, and have also communicated directly with customers and again via corporate blog posts in August 2019 and July 2020 strongly recommending an upgrade," a Fortinet spokesperson told BleepingComputer.
"In the last week, we have communicated with all customers notifying them again of the vulnerability and steps to mitigate. While we cannot confirm that the attack vectors for this group took place via this vulnerability, we continue to urge customers to implement the upgrade and mitigations. To get more information, please visit our updated blog and immediately refer to the May 2019 [PSIRT] advisory," concluded Fortinet.
Your Security is our Priority
Your friendly Support Team
Speak to us about all your computer needs
This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.