Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Malicious hackers are using a newly discovered vulnerability in Fortinet firewalls to breach corporate and corporate networks, security researchers report.
one The advisory was issued Tuesdaysecurity products maker Fortinet has confirmed that a critical-rated vulnerability in FortiGate firewalls, tracked as CVE-2024-55591, is “exploited in nature”.
Fortinet has made the patches available, but security researchers have warned that hackers have been exploiting the vulnerability en masse since the zero-day — that is, before Fortinet became aware of the vulnerability and made fixes available — since December.
This is the latest example of hackers exploiting a vulnerability in a popular corporate security product designed to protect corporate networks from intruders. News of the Fortinet bug spread days after it was discovered attackers exploit a separate zero-day flaw in Ivanti VPN servers allows access to customers’ networks.
“Arctic Wolf” cyber security company reported on this blog post Last week, its researchers observed a recent “mass exploit” campaign affecting Fortinet FortiGate firewall appliances with management interfaces exposed to the public Internet.
Stefan Hostetler, lead threat intelligence researcher at Arctic Wolf, confirmed to TechCrunch that this observed exploit is related to the newly confirmed CVE-2024-55591 vulnerability in Fortinet firewalls.
Hostetler told TechCrunch that Arctic Wolf “observed a cluster of intrusions affecting dozens of Fortinet devices,” but notes that this is only “a limited sample compared to the actual number of devices affected.”
“The evidence points to an effort to exploit a large number of devices in a narrow period of time,” Hostetler said.
When contacted by TechCrunch, Fortinet spokeswoman Tiffany Curci declined to say how many Fortinet customers were compromised by the hacking campaign, but said the company is “actively communicating with customers.”
It is also unclear who is behind the attacks on Fortinet firewalls, but cyber security researcher Kevin Beaumont He writes in Mastodon The vulnerability was “exploited by a ransomware operator.”
Hostetler said ransomware attacks exploiting the bug were “not on the table,” noting that in a previous investigation, Arctic Fox “observed affiliates of ransomware groups like Akira and Fog using the same network providers to establish VPN connections.”
In short statement on Tuesday, US cybersecurity agency CISA urged Fortinet customers to update affected devices.
In September Fortinet disclosed the breach Extorting customer data after accessing a “limited number of files” stored on a third-party shared cloud drive owned by the attacker’s organization.
