Attackers actively exploiting VMware flaw that CISA deemed as posing “unacceptable risk” in May
Multiple campaigns are using CVE-2022-22954 to drop ransomware, coin miners and Mirai [299 words]. What: Multiple malicious campaigns are actively targeting a previously disclosed and now patched remote code execution vulnerability in VMware Workspace ONE Access and Identity Manager (CVE-2022-22954). Researchers from Fortinet’s FortiGuard Labs on Thursday said they had observed threat actors exploiting the […]
Read MoreMore than 29K+ Fortinet systems in US have admin login screen exposed to the Internet—and two other updates on CVE-2022-40684
Here’s the latest on the authentication bypass flaw (CVE-2022-40684) in FortiOS, FortiProxy, and FortiSwitchManager [300 words] As of October 13, 2022, there were 24,924 servers in the US and 196,668 units globally, that exposed the attack surface of the vulnerability— the login screen for Fortinet administrators—to the Internet. The number includes versions of Fortinet technology […]
Read MoreUpdate: Attackers actively exploiting recently disclosed authentication bypass vulnerability in FortiOS, FortiProxy and FortiSwitchManager
Key takeaway: Adversaries can exploit the vulnerability remotely to gain full control of affected systems [297 words]. What: Attackers have begun actively exploiting a critical authentication bypass vulnerability (CVE-2022-40684) that Fortinet privately disclosed last week in its FortiOS, FortiProxy and FortiSwitchManager technologies. The vulnerability allows a remote, unauthenticated attacker to gain full administrative control of […]
Read MoreFortinet warns of critical severity remotely executable authentication bypass vulnerability
Key takeaway: Fortinet products are a popular attacker target. Update now if you have affected versions of FortiOS and FortiProxy in your environment. If you cannot patch immediately disable Internet facing HTTPS Admin till you can.[296 words] What: A critical authentication bypass vulnerability (CVE-2022-40684) exists in the following FortiOS and FortiProxy versions. FortiOS: From 7.0.0 […]
Read More