Oddbean new post about | logout
zCat | 6 days ago (raw) | export | reply | flag 
 watchTowr Finds New Zero-Day Vulnerability in Fortinet Products

Attack surface management provider watchTowr claims to have found a new zero-day vulnerability in cybersecurity provider Fortinet’s products.

This flaw would allow a managed FortiGate device to elevate privileges and seize control of the FortiManager instance.

This vulnerability, which carries a common vulnerability severity score (CVSS) of 9.8, is actively exploited in the wild, sometimes together with CVE-2024-23113.

It allows threat actors to use a compromised FortiManager device to execute arbitrary code or commands against other FortiManager devices. 

See more: https://www.infosecurity-magazine.com/news/watchtowr-new-vulnerability/

#cybersecurity #fortinet
zCat | 6 days ago (raw) | root | parent | reply | flag 
 Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA.

Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA, DEEPPOST, and LightSpy.

"DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices," security researchers Callum Roxan, Charlie Gardner, and Paul Rascagneres said Friday.

The malware first came to light earlier this week, when BlackBerry detailed the Windows-based surveillance framework as used by the China-linked APT41 threat actor to harvest data from WhatsApp, Telegram, Signal, WeChat, LINE, QQ, Skype, Microsoft Outlook, DingDing, Feishu, KeePass, as well as application passwords, web browser information, Wi-Fi hotspots, and installed software.

See more: https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html

nostr:nevent1qqs97rpez3s0sjds4et5twsr344sqtazj8hn7hce4l9xfmaa0nfylaspzpmhxue69uhkummnw3ezumt0d5hsygqkl5n0qqz57es4r34a0yj7mm6ptpss8tce63zlj0mx7h3ykdzz0gpsgqqqqqqsrly7l4
zCat | 3 days ago (raw) | root | parent | reply | flag 
 Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report

The recently detailed DeepData malware framework was caught exploiting a zero-day vulnerability in the Fortinet VPN client for Windows to steal credentials, cybersecurity firm Volexity reports.

DeepData is a surveillance framework that relies on multiple plugins to target sensitive information stored in browsers, communication applications, and password managers, and which can record audio using the system’s microphone.

According to BlackBerry, both DeepData and the LightSpy iOS malware have been used by China-lined advanced persistent threat (APT) actor APT41 to spy on journalists, politicians, and political activists in Southeast Asia.

On Friday, Volexity revealed that DeepData was seen targeting Fortinet’s Windows VPN client to extract usernames, passwords, and other information from the process’ memory, by exploiting a zero-day vulnerability.

See more: https://www.securityweek.com/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report/

#cybersecurity #malware #zeroday

nostr:nevent1qqs97rpez3s0sjds4et5twsr344sqtazj8hn7hce4l9xfmaa0nfylasppemhxue69uhkummn9ekx7mp0qgspdlfx7qq9fanp28rt67f9ahh5zkrpqwh3n4z9lylkda0zfv6yy7srqsqqqqqpg3m0h0