Fortinet says attackers exploiting the zero-day in the wild are creating randomly generated admin or local users on compromised devices and are adding them to existing SSL VPN user groups or to ...

Fortinet has released patches to fix a zero-day vulnerability being actively exploited by attackers. Separately, researchers ...

Fortinet has confirmed the existence of a critical ... naming scheme and adding those users to existing user groups with SSL VPN access. In some cases, they hijacked existing accounts or reset ...

The firm said the data dump included FortiGate usernames, passwords (some in plain text ... Impacted organizations are going to need to change local SSL VPN passwords, admin passwords etc,” Beaumont ...

SSL VPN authentication through those accounts, and various other configuration changes.” Fortinet’s advisory for CVE-2024-55591 includes indicators of compromise (IOCs) and notes that the ...

Fortinet has confirmed that previous analyses ... despite Shodan showing almost two thousand devices with management interfaces or SSL VPN exposed." Only one victim was identified in Russia ...

Fortinet has published details of a new critical authentication ... set up a new user group or adding newly created local users to an existing SSL VPN user group, and make firewall policy changes, ...

Threat actors also created new SSL VPN portals where the user accounts were added directly ... Artic Wolf Labs notified Fortinet about the activity observed in this campaign on December 12, 2024.

CVE-2024-55591 is an authentication bypass vulnerability in FortiOS and FortiProxy. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted request to a ...

Fortinet states that attackers create randomly generated administrators or local users on compromised devices. These users are then added to existing SSL VPN user groups or newly created groups, and ...