Critical vulnerabilities at Fortinet

B2B Cyber ​​Security ShortNews

Share post

The Federal Office for Information Security (BSI) warns of a security gap in several versions of the Fortinet operating system FortiOS, which is used in the manufacturer's firewalls.

The vulnerability allows unauthenticated external attackers to execute code and commands via crafted HTTP requests. According to the Common Vulnerability Scoring System (CVSS), the vulnerability received a rating of “critical” with a score of 9,8. The US security authority CISA, like the BSI, has issued a warning and states that the security vulnerability in FortiOS is already being actively attacked by hackers.

Fortinet has now released a patch. Users who cannot update their systems immediately should disable SSL VPN features on the devices. Regardless of the manufacturer, firewalls are generally attractive targets for cyber attacks due to their importance as essential IT protection measures.

More at BSI.Bund.de

 


About the Federal Office for Information Security (BSI)

The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.


 

Matching articles on the topic

Bitterfeld: Ransomware attack cost 2,5 million euros

The cyber attack with ransomware on the district of Bitterfeld three years ago shows the uncomfortable truth: it took years to ➡ Read more

New ransomware variant Fog discovered

Not much is known about the threat actors of the new ransomware variant called Fog. So far, only US organizations have been affected ➡ Read more

Europol: Almost 600 criminal Cobalt Strike servers shut down

Old and unlicensed versions of Cobalt Strike, the legitimate testing tool used by pentesters and red teams, are in the hands of ➡ Read more

Kinsing malware – millions of attacks daily

Since 2019, Kinsing malware, which particularly attacks cloud-native infrastructures, has been on the rise. A new study presents attack techniques and tactics of the ➡ Read more

Complex IT security: 450 end devices – 3 IT employees

Many companies use several security solutions at the same time. This leads to a high level of complexity. In an international survey, Malwarebytes asked 50 companies ➡ Read more

Microsoft sends customers warning email that looks like spam

After the attack by Midnight Blizzard in January, Microsoft warned its customers in June by sending an explanatory email. Unfortunately, ➡ Read more

Telegram: 361 million user data leaked

Cybercriminals have published millions of email addresses as well as usernames and passwords of online accounts in channels of the messenger service Telegram, according to the operator ➡ Read more

EU ATM malware attacks ATMs

ATMs are a popular target for cybercriminals. The new EU ATM malware is targeting European ATMs. Criminals can ➡ Read more