Oddbean

Chinese hackers exploit Fortinet VPN zero-day to steal credentials Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client that steal credentials. The zero-day allows the threat actors to dump the credentials from memory after the user authenticated with the VPN device Volexity researchers report that they discovered this flaw earlier this summer and reported it to Fortinet, but the issue remains unfixed, and no CVE has been assigned to it. See more: https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-fortinet-vpn-zero-day-to-steal-credentials/ #cybersecurity #zeroday nostr:nevent1qqsdvzfg7t662qc2lwcs82r27t6vh0q6jquek88ertgyv29pfzs225gpz4mhxue69uhkummnw3ezummcw3ezuer9wchsygqkl5n0qqz57es4r34a0yj7mm6ptpss8tce63zlj0mx7h3ykdzz0gpsgqqqqqqslu9mu2