Fortinet disclosed a critical vulnerability affecting FortiClient EMS products in March 2024. This vulnerability, categorized as an SQL injection, poses a significant cybersecurity threat. Above all, it has the potential to allow remote attackers to execute arbitrary commands on administrative workstations. Fortinet SQLi Vulnerability Causes Remote Code Execution As I mentioned, the vulnerability is classified… Continue reading Fortinet RCE Vulnerability Affects FortiClient EMS Servers
Tag: Fortinet
New Fortinet VPN RCE Flaw Discovered, Patch ASAP
Fortinet has issued a warning about a recently discovered critical vulnerability in its FortiOS SSL VPN system that could be actively exploited by attackers. The vulnerability in Fortinet network security solutions poses a significant threat to organizations. It allows unauthenticated attackers to gain remote code execution (RCE) capabilities through maliciously crafted requests. Fortinet VPN RCE… Continue reading New Fortinet VPN RCE Flaw Discovered, Patch ASAP
Fortinet Fixes RCE Flaws in FortiOS and FortiProxy
Fortinet, a well-known vendor of corporate-grade security solutions, issued an urgent patch that fixes critical vulnerabilities in two products. FortiOS and FortiProxy SSL-VPN were reportedly vulnerable to remote code execution vulnerabilities – it is common to see them graded with CVSS 8-9/10. What is Fortinet and its products? Fortinet is a developer of a very… Continue reading Fortinet Fixes RCE Flaws in FortiOS and FortiProxy
GoTrim Malware Hacks WordPress Sites
Fortinet specialists have discovered a new GoTrim malware written in Go that scans the Internet for WordPress sites and brute-forces them by guessing the administrator password. Such attacks can lead to the deployment of malware, the introduction of scripts on websites to steal bank cards, the placement of phishing pages, and other attack scenarios that… Continue reading GoTrim Malware Hacks WordPress Sites
Open-Source Cryptor Cryptonite Became a Wiper due to a Bug
Fortinet researchers studied the recently appeared open-source cryptor Cryptonite, distributed for free on GitHub. It turned out that the creator of the malware made a mistake in the code, and the malware did not encrypt, but destroyed the data of the victims. Let me remind you that we also wrote about FBI Says Cuba Ransomware… Continue reading Open-Source Cryptor Cryptonite Became a Wiper due to a Bug
Mirai Botnet RapperBot Conducts DDoS Attacks on Game Servers
The researchers warned that the RapperBot Mirai botnet has resumed activity, and now the updated malware is used for DDoS attacks on game servers, although the exact goals of the botnet are unknown. Let me remind you that we also wrote that Google revealed the most powerful DDoS attack in history, and also that MooBot… Continue reading Mirai Botnet RapperBot Conducts DDoS Attacks on Game Servers