CyberSecurity news
FlagThis
@www.bleepingcomputer.com
//
References :
Share:
References :
- www.bleepingcomputer.com: Fortinet warns of new critical FortiManager flaw used in zero-day attacks
- cyberplace.social: Fortinet FortiManager Vulnerability Exploited
- securityaffairs.com: U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog
- techhub.social: Fortinet discloses a critical FortiManager API flaw being exploited in 0-day attacks to steal sensitive files, after warning customers privately over a week ago (Lawrence Abrams/BleepingComputer)
- malware.news: FortiManager Zero-Day ‘FortiJump’ Is Now Publicly Addressed (CVE-2024-47575)
- socradar.io: FortiManager Zero-Day ‘FortiJump’ Is Now Publicly Addressed (CVE-2024-47575)
- securityaffairs.com: Mandiant report on FortiJump vulnerability exploitation
- securityonline.info: New Threat Group UNC5820 Targets FortiManager Zero-Day CVE-2024-47575 in Global Cyberattack
- www.cisa.gov: CISA's list of known exploited vulnerabilities
- gbhackers.com: Cisco ASA Devices Vulnerable to SSH Remote Command Injection Flaw
- securityonline.info: CVE-2024-20329 (CVSS 9.9): Critical Cisco ASA SSH Flaw Allows for Complete System Takeover
- securityonline.info: Active Exploits Target Cisco ASA and FTD VPNs: Urgent Update Needed (CVE-2024-20481)
- securityaffairs.com: Cisco patched vulnerabilities in ASA, FMC, and FTD products, including one actively exploited in a large-scale brute-force attack campaign.
- malware.news: Mandiant reports on FortiJump exploitation
- social.skynetcloud.site: FortiJump Flaw Exploited
- blog.lumen.com: Lumen details how to mitigate against the threat of Volt Typhoon.
- hackread.com: HackRead details the tactics of Salt Typhoon, who are targeting US ISPs.
- www.cisa.gov: The landscape of global cyber threats continues to evolve, with sophisticated, state-sponsored campaigns from China gaining attention and including network appliances and devices as targets.
- malware.news: The landscape of global cyber threats continues to evolve, with sophisticated, state-sponsored campaigns from China gaining attention and including network appliances and devices as targets.
- www.microsoft.com: Microsoft reveals Volt Typhoon targeting US infrastructure
- cyble.com: CISA has added Fortinet’s FortiManager to its known Exploited Vulnerabilities (KEV) catalog.
- www.fortiguard.com: Fortinet published a security advisory about the FortiJump vulnerability.
- eclypsium.com: This blog discusses the tactics of Velvet Ant APT group targeting Cisco NX-OS and F5 Load balancers
- vulncheck.com: Flax Typhoon Botnet
- robfreeman.com: Rob Freeman blog post about China hacking US telecom infrastructure.
- hackread.com: UNC5820 Exploits FortiManager Zero-Day Vulnerability (CVE-2024-47575)
Classification:
- HashTags: #APT #CyberEspionage #CriticalInfrastructure
- Company: Fortinet
- Target: ISPs
- Attacker: China
- Product: FortiManager
- Feature: VPN
- Malware: Volt Typhoon
- Type: Espionage
- Severity: Major