MarkusJun 12, 2023

I'm both glad and annoyed I'm don't have to manage systems.
On one hand, I don't have to deal with the Barracuda and Fortinet problems. On the other hand, I watch as everything we use turns out to have major vulnerabilities, and have no reassurances it will fixed anytime soon.

#fortinet #FortinetVPN #barracuda #barracudanetworks #esg #vpn #sysadmin #vulnerability

Jesse CailJun 12, 2023

Sorry for anyone running FortiGates, but you may have some unforseen work ahead of you. #FortinetVPN #vulnerability #cybersecurity

https://www.thestack.technology/fortinet-vulnerability-vpn-cve-2023-27997/

MFA no protection against new Fortinet bug CVE-2023-27997

"It is a pre-auth RCE [and] has been proven to be exploitable in a consistent manner; we found it during a Red Team engagement and have exploited it remotely..."

The Stack
Joe SłowikDec 12, 2022
#fortinet #fortinetvpn
ITSEC NewsNov 2, 2021
The ‘Groove’ Ransomware Gang Was a Hoax - A number of publications in September warned about the emergence of “Groove,” a ne... https://krebsonsecurity.com/2021/11/the-groove-ransomware-gang-was-a-hoax/ #neer-do-wellnews #alittlesunshine #catalincimpanu #grooveransom #blackmatter #fortinetvpn #boriselcin #flashpoint #tomhoffman #rampforum #therecord #coveware #intel471 #mcafee #babuk #xss
The ‘Groove’ Ransomware Gang Was a Hoax – Krebs on Security

dispatchNov 2, 2021
The ‘Groove’ Ransomware Gang Was a Hoax https://krebsonsecurity.com/2021/11/the-groove-ransomware-gang-was-a-hoax/ #Ne'er-Do-WellNews #ALittleSunshine #CatalinCimpanu #Grooveransom #BlackMatter #FortinetVPN #Boriselcin #Flashpoint #TomHoffman #RAMPforum #TheRecord #Coveware #Intel471 #mcafee #Babuk #XSS
The ‘Groove’ Ransomware Gang Was a Hoax – Krebs on Security

heise online (inoffiziell)Nov 26, 2020
Angreifer könnten über Credential-Stuffing-Attacken die Kontrolle über VPN-Systeme von Fortinet erlangen.
Jetzt Passwörter ändern! Liste mit 50.000 Log-in-Daten für Fortinet-VPNs geleakt
Jetzt Passwörter ändern! Liste mit 50.000 Log-in-Daten für Fortinet-VPNs geleakt

Angreifer könnten über Credential-Stuffing-Attacken die Kontrolle über VPN-Systeme von Fortinet erlangen.