Zero-Day Exploit to Hijack Firewalls Warned of by Fortinet
A serious security flaw has been discovered in FortiOS and FortiProxy, affecting several versions of Fortinet's firewall software. This vulnerability, known as CVE-2024-55591, allows hackers to bypass authentication and gain remote access with super-admin privileges. Attackers are exploiting this flaw to create unauthorized admin accounts, alter firewall settings, and establish hidden connections to company networks through SSL VPNs.
Read MoreWe are very excited to share some exciting news we’ve been working on for a while: as of December 30, Cyber Defense Institute will officially transition to a new name, Orion Secure. While our name and visual identity may be changing, we want to assure you that what you know and love about our personalized services remains exactly the same.
Read MoreSonicWall VPN Firewall VPNS Exposed to Critical Flaws
Over 25,000 SonicWall SSLVPN devices are vulnerable to serious security flaws, according to a recent analysis by cybersecurity firm Bishop Fox. These devices, used to provide secure remote access for businesses, are exposed to the internet and are targeted by attackers, including ransomware groups. Many of the vulnerable devices are running outdated or unsupported firmware, with around 20,000 using software versions that the company no longer supports.
Read MoreProgress Kemp Loadmaster and VMWare Under Exploitation
Two major security vulnerabilities, now patched, are being actively exploited by cybercriminals. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical flaw (CVE-2024-1212) in the Progress Kemp LoadMaster, a device used for load balancing. This vulnerability allows attackers to remotely execute commands on the system through its management interface, potentially giving them full access. Although it was patched in February 2024, CISA has now added it to its list of actively exploited vulnerabilities, urging quick remediation, especially by government agencies.
Read More