Brian ClarkNov 15, 2024

I keep trying to make the hashtag #FortiNOT happen. Stop buying their products folks!

From: @GossiTheDog
https://cyberplace.social/@GossiTheDog/113483673211675864

Kevin Beaumont (@[email protected])

FortiJump Higher details are out. Even with the patch installed, apparently you can get RCE on FortiManager using a FortiGate it manages. https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/

Cyberplace
Brian ClarkOct 24, 2024
@screaminggoat if I had any of these systems in my environment I’d be working 24x7 to replace them #fortiNOT
ArmamixOct 23, 2024
This image never goes unused for long. #fortinot
Brian ClarkOct 22, 2024

#FortiNOT

From: @dangoodin
https://infosec.exchange/@dangoodin/113353626360411822

Dan Goodin (@[email protected])

Some truly radical opacity from everybody's favorite maker of network security software https://arstechnica.com/security/2024/10/fortinet-stays-mum-on-critical-0-day-reportedly-under-active-exploitation/

Infosec Exchange
Brian ClarkOct 15, 2024

@screaminggoat #FortiNOT

I’m trying hard to make that hashtag happen 🙂

Brian ClarkOct 15, 2024

#FortiNOT

From: @GossiTheDog
https://cyberplace.social/@GossiTheDog/113307720748822638

Kevin Beaumont (@[email protected])

lol at this Watchtowr write up - it’s on the money. Vulns from 1998. Wait until they see the new FortiManager zero day, I wanna see their write up. https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/

Cyberplace
Show threadBrian ClarkOct 9, 2024
@BleepingComputer #FortiNOT
NewkSep 13, 2024

#Fortinot’s walls were shut real tight,
Till 440 gigs took off in flight.
Data's gone, now who’s to blame?
Their firewall’s customers must be insane.

#infosec #fortinet

Brian ClarkFeb 9, 2024

No one should be buying Fortinet gear right now. Make it painful enough for them so they have to improve their products #FortiNOT #cybersecurity

From: @simontsui
https://infosec.exchange/@simontsui/111902215196225910

Simon (@[email protected])

Why you should care about CVE-2024-21762: **Fortinet** vulnerabilities have historically been targeted by People’s Republic of China (PRC) state-sponsored cyber actors. On 19 January 2023, Mandiant [reported](https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw) the exploitation of FortiOS SSL VPN vulnerability [CVE-2022-42475](https://nvd.nist.gov/vuln/detail/CVE-2022-42475) as a zero-day by suspected Chinese threat actors. Mandiant published a [subsequent blog post](https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem) on 16 March 2023 detailing the exploitation of another FortiOS zero-day [CVE-2022-41328](https://nvd.nist.gov/vuln/detail/CVE-2022-41328) by the Chinese threat actor UNC3886. CISA, FBI and NSA assess that PRC state-sponsored cyber actors are seeking to position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. CISA’s [joint cybersecurity advisory](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a) on 07 February 2024 states that Chinese Advanced Persistent Threat (APT) Volt Typhoon likely obtained initial access by exploiting CVE-2022-42475 in a network perimeter FortiGate 300D firewall that was not patched. Fortinet also provided [case studies](https://www.fortinet.com/blog/psirt-blogs/importance-of-patching-an-analysis-of-the-exploitation-of-n-day-vulnerabilities) of Volt Typhoon targeting of manufacturing, consulting, local government, and internet service provider sectors, and post-exploitation activity described as Living Off the Land (LotL) techniques. #Fortinet #FortiOS #zeroday #activeexploitation #eitw #CVE_2024_21762 #vulnerability #securityadvisory

Infosec Exchange
Brian ClarkFeb 9, 2024
@simontsui hopefully someone starts a #FortiNOT campaign. No one should be buying their products right now.