Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Security researchers say malicious hackers have exploited a newly discovered vulnerability in Fortinet firewalls to break into corporate and enterprise networks.
in a The advisory was released on TuesdaySecurity products maker Fortinet has confirmed that a critical-rated vulnerability in its FortiGate firewall, tracked as CVE-2024-55591, is “being exploited in the wild.”
Fortinet has made patches available, but security researchers have warned that hackers have been widely exploiting the vulnerability as a zero-day — meaning before Fortinet became aware of the vulnerability and made fixes available — since December.
It’s the latest example of hackers exploiting a vulnerability in a popular enterprise security product designed to protect corporate networks from intruders. News of the Fortinet bug lands days after it was released Attackers are exploiting a separate zero-day flaw in the Ivanti VPN server which allows customers to access the network.
Cybersecurity company Arctic Wolf reported this information Blog post Last week its researchers observed a recent “mass exploit” campaign affecting Fortinet FortiGate firewall devices whose management interfaces are exposed to the public Internet.
Stefan Hostetler, lead threat intelligence researcher at Arctic Wolf, confirmed to TechCrunch that this observed exploit is linked to the newly confirmed CVE-2024-55591 vulnerability in the Fortinet firewall.
Hostetler told TechCrunch that Arctic Wolf “observed a cluster of intrusions affecting about ten Fortinet devices” but notes that this represents only a “limited sample of the total number of devices potentially affected.”
“Evidence points to efforts to exploit a large number of devices in a narrow time frame,” added Hostetler.
When reached by TechCrunch, Fortinet spokeswoman Tiffany Kersey declined to say how many Fortinet customers have been compromised as a result of the hacking campaign, but said the company is “actively communicating with customers.”
It is also unclear who is behind the attack on the Fortinet firewall, but cyber security researcher Kevin Beaumont Written by Mastodon That vulnerability is “under exploitation by a ransomware operator.”
Hostetler said ransomware attacks exploiting the bug are “not off the table,” noting that in previous research, Arctic Fox “used some of the same network providers to establish VPN connections. Observed affiliates of ransomware groups such as Akira and Fogg.”
In A brief statement On Tuesday, the US Cybersecurity CISA urged Fortinet customers to update any affected devices.
In September, Fortinet disclosed a breach Customer data was implicated after an attacker accessed a “limited number of files” stored on a third-party shared cloud drive belonging to an organization.
