Splunk UseCase for detecting attacks against FortiGate firewalls:
https://how2itsec.blogspot.com/2025/06/splunk-usecase-for-attacks-against.html
fthy
@fthy@mastodon.green
- 62 Followers
- 18 Following
- 197 Posts
CISA guidance for SIEM - with details about with which logs to start, from your AD, EDR, OS, Virtualization, Azure, AWS, GCP, Hardening, etc.. Really useful 👍
https://www.cisa.gov/resources-tools/resources/guidance-siem-and-soar-implementation
Tip: Test Azure backups & region failover. There is a known issue —> after an Azure region failover, the backups can become corrupted. That means in the event of a disaster affecting an Azure region, you may have no usable backup, putting you in a doubly bad situation. Azure Backup doesn't show this — it keeps reporting that the backups are "green" or healthy. It's only when you try to restore them that it fails (error). (1/2)
https://www.fortiguard.com/psirt/FG-IR-24-435
Fortinet FortiSwitches (not FortiGate) without hardening using trusthosts/acls —> check logs, harden/set trusthosts and patch
There is a rumor about a new FortiGate vulnerability exploited in the wild from internet/external interfaces. FortiOS >=7.2.11 & >=7.4.7 is not affected.
Does anyone know something about that?
I have created a Windows Persistence Map (Mitre Att&ck TA0003). Here is version v0.1: https://how2itsec.blogspot.com/2025/03/windows-persistence-map-v01.html
VMCI heap-overflow vulnerability (CVE-2025-22224) CVSSv3 9.3 —> VM Escape to ESXi Host
@GossiTheDog Yes, maybe Microsoft issue MO1020913 is related.
Many different mobile devices connected to Microsoft365, outlook.com, hotmail, live.com and other mail-domains of Microsoft had a token/cookie-reset from server-side in the past approx 36hours.
@Microsoft - What happend?