A vulnerability has been discovered in FortiOS, FortiProxy and FortiSwitchManager, which could allow for authentication bypass on administrative interface. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. operation systemsFortiProxy is a secure web proxy that protects employees against internet-borne attacks by incorporating multiple detection techniques. FortiSwitch Manager is an on-premise management platform for the FortiSwitch product.
All Articles (2242)
Sort by
Last week, we reported an alleged cyber-attack on Italian automaker Ferrari. Well, high end automaker has confirmed the leak of some internal documents but did not say how it happened. On 10 October, RansomEXX, a ransomware-as-a-service operator, claimed to have breached Ferrari, though the company said it is investigating how the leak occurred. Italy’s Red Hot Cyber reported that internal documents, including repair manuals, datasheets, etc., sizing up to 6.99 gigabytes, were leaked. Ransom
Activity Summary - Week Ending on 14 October 2022:
- Red Sky Alliance identified 26,570 connections from new IP’s checking in with our Sinkholes
- Netskope IAD hit 56x
- Analysts identified 556 new IP addresses participating in various Botnets
- Bisamware and Chile Locker
- njRat, a.k.a. Bladabindi
- Emotet 2022
- Singtel
- Pinnacle Hack
- Ukraine War
- Optus Part II
Link to full report: IR-22-288-001_weekly288.pdf
There has been a very disturbing trend of criminal hackers targeting healthcare providers and directly at hospitals. The NHS system in the UK was recently attacked, numerous healthcare and hospitals in the US and now in Australia. What was once a “white collar crime” of only attacking financial institutions, these cyber-attacks are compromising the health and safety of people around the globe. Health insurer Medibank Private says it has been hit by a cyber-attack.
Key points:
It is A
As recently exposed by cyber threat investigators, software supply chain attacks have gained popularity with cybercriminals. Once exclusively used by cyberespionage threat actors, these attacks have become attractive for average cyber criminals, who see this threat as a way to compromise hundreds or thousands of computers with one operation. This explains why the software supply chain attack threat more than tripled in 2021 when compared to 2020, researchers report.[1]
A software supply chain a
Adaptive security is a cybersecurity model with four phases, prediction, prevention, detection, and response. The process was developed in response to the decentralization of IT ecosystems to accommodate hybrid working environments and the porting of systems to the cloud.
The perimeter that once defined a network no longer exists. Organizations are leveraging cloud technology and shifting towards hybrid work environments. The de-centralization of IT ecosystems is becoming increasingly difficu
Our friends at FortiGuard Labs have observed an increasing number of campaigns targeting either side of the ongoing Russian-Ukrainian conflict. These may be a cyber element to the conflict or simply opportunistic threat actors taking advantage of the war to further their malicious objectives. Recently, researchers encountered a malicious Excel document masquerading as a tool to calculate salaries for Ukrainian military personnel. The shared practical report discusses the technical details of
Last week, a high-ranking tech executive was arrested in Michigan on data theft suspicion at the behest of Los Angeles CA county district attorney. Konnech Corporation CEO Eugene Yu was arrested on suspicion of storing election workers’ data on servers in China. Konnech develops PollChief, a payroll, communication, training, and logistics management system for election workers that the Los Angeles county leverages under contract during elections. “Under its $2.9 million, five-year contract wi
Some of the largest airports in the US have been targeted for cyber-attacks; as recent as 10 October, by an attacker group within the Russian Federation. It’s important to note that the airport operations IT systems targeted did not handle air traffic control, internal airline communications and coordination or transportation security. "It's an inconvenience," the source said. The attacks have resulted in targeted "denial of public access" to public-facing web domains that report airport wait
The International Association of Ports & Harbors (IAPH) has recently published its summary report “Closing the Gaps," highlighting key actions in digitalization, decarbonization and resilience the maritime sector.”[1] IAPH defines and identifies the principal gaps in port and port-related infrastructure on a global scale. These gaps were identified in terms of efficiency, connectivity and accessibility, digitalization, decarbonization, shipping costs and regulatory environment.
The report serv
Activity Summary - Week Ending on 7 October 2022:
- Red Sky Alliance identified 24,201 connections from new IP’s checking in with our Sinkholes
- Pptechnology Limited in Romania hit 485x
- Analysts identified 1,163 new IP addresses participating in various Botnets
- Royal Ransomware
- Phishing Microsoft
- US National Elections
- Vice Society
- New Zealand Attack
- Ferrari Issues
Link to full report: IR-22-281-001_weekly281.pdf
US cybersecurity, law enforcement and intelligence officials revealed on Tuesday that sophisticated hackers infiltrated a likely US military contractor and maintained “persistent, long-term” access to their system. The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI released a detailed, joint advisory containing the notification, explaining that in November 2021 CISA responded to a report of malicious activity on an anonymous “Defense Indu
Financial messaging system SWIFT (Society for Worldwide Interbank Financial Telecommunications) has laid out its blueprint for a global central bank digital currency (CBDC) network following an 8-month experiment on different technologies and currencies. The trial, which involved France and Germany's national central banks as well as global lenders like HSBC, Standard Chartered and UBS, looked at how CBDCs could be used internationally and even converted into fiat money if needed. Around 90% o
Fortinet researchers recently found some malicious Microsoft Office documents that attempted to leverage legitimate websites, MediaFire and Blogger, to execute a shell script and then dropped two malware variants of Agent Tesla and njRat. Agent Tesla is a well-known spyware, first discovered in 2014, which can steal personal data from web browsers, mail clients, and FTP servers, collect screenshots and videos, and capture clipboard data. njRat (also known as Bladabindi) is a remote agent Troja
A cyberattack campaign, potentially bent on cyber espionage, is highlighting the increasingly sophisticated nature of cyber threats targeting defense contractors in the US and elsewhere. The covert campaign, which researchers detected and are tracking as STEEP#MAVERICK, has hit multiple weapons contractors in Europe in recent months, including potentially a supplier to the US F-35 Lightning II fighter aircraft program.
What makes the campaign noteworthy, according to investigators, is the overa
The amount of computing power we can now squeeze into the smallest of devices is somewhat remarkable compared with what was achievable a decade ago. Looking back even five or so years and a consumer desktop system that was the best in its class would be deemed outdated if put into a smartphone of today’s standards. This is made possible simply because chip makers can increase the number of transistors on a chip significantly every year as developments in chip research advance.[1]
Back in 1965,
Agent 007 would never put up with this type of attack. MI5’s website was down for part of 30 September after a possible cyber-attack. The UK’s security service public site was briefly unavailable for intermittent periods in the morning but is now back online, with the incident resolved.[1] Quick action by the new cyber “agents.”
Pro-Russian hackers allegedly attacked MI5’s public website, briefly causing it to go offline as the Ukrainian conflict continued to escalate. A group called Anonymo
Due to the energy and cost-of-living crisis, the cost of charging an electric vehicle is now almost as much as the equivalent cost for petrol/gasoline. In the UK, the cost of charging at a Pay-As-You-Go rapid charger has increased 42% since May, according to RAC reports (UK’s Report on Motoring) this past week.[1] This means drivers now pay 18p per mile to drive their electric vehicle, compared to 19p for petrol (gas) cars.[2]
The motoring group said the average price for using the chargers h
Activity Summary - Week Ending on 30 September 2022:
- Red Sky Alliance identified 31,149 connections from new IP’s checking in with our Sinkholes
- Hetzner in Bavaria Germany hit 28x
- Analysts identified 3,298 new IP addresses participating in various Botnets
- dotCMS Issues
- Meta to the Rescue
- Noberus, aka: BlackCat ALPHV
- Optus
- Industroyer
Link to full report: IR-22-274-001_weekly274.pdf
This past week, the Australian telecoms company Optus is coming under fire for a breach of customer data. Optus’ initial press release regarding this breach went out on 21 September 2022, informing customers that services were not affected and that they were investigating a possible breach [1]. Optus has subsequently release further updates, including informing customers that they will be contacted if their data was compromised. In addition, Optus will be offering the Equifax Protect servi
