Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO) authentication flaw after customers reported suspicious logins on devices supposedly fully up to date.
In a new advisory, Fortinet said it had identified a fresh attack path being used to abuse SAML-based SSO in FortiOS, even on systems that had already applied the vendor’s earlier fix. The disclosure follows reports earlier this week that FortiGate firewalls were quietly reconfigured via compromised SSO accounts, with attackers altering firewall settings, creating backdoor admin users, and exfiltrating configuration files.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- DDoS Attacks Get Bigger, Smarter and More Diverse
July 17, 2018
DDoS attacks are relentless. New techniques, new targets and a new class of attackers continue to reinvigorate one of the internet’s oldest nemeses. Distributed denial of service attacks, bent on taking websites offline by overwhelming domains or specific application infrastructure with massive traffic flows, continue to pose a major challenge to businesses of all stripes. Being ...
- Investigation reveals elaborate technology terror web
July 16, 2018
In late December 2015 a uniformed Pentagon spokesman, Colonel Steve Warren, made a video announcement about “Operation Inherent Resolve”, the US military’s campaign against the so-called Islamic State (IS) group in Iraq and Syria. The spokesman gave details about 10 senior IS figures who had been targeted and killed, many in drone strikes, over the course ...
- Two Zero-Day Exploits Found After Someone Uploaded ‘Unarmed’ PoC to VirusTotal
July 2, 2018
Security researchers at Microsoft have unveiled details of two critical and important zero-day vulnerabilities that had recently been discovered after someone uploaded a malicious PDF file to VirusTotal, and get patched before being used in the wild. In late March, researchers at ESET found a malicious PDF file on VirusTotal, which they shared with the security team ...
- RAMpage Attack Explained – Exploiting RowHammer On Android Again!
June 29, 2018
A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices. Dubbed RAMpage, the new technique (CVE-2018-9442) could re-enable an unprivileged Android app running on the victim’s device to take advantage from the previously ...
- Researchers warn SCADA systems are still hopelessly insecure
June 18, 2018
BSides Industrial control systems could be exposed not just to remote hackers, but to local attacks and physical manipulation as well. A presentation at last week’s BSides conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop processes or production lines. Read more… Source: The ...
- Chinese Hackers Carried Out Country-Level Watering Hole Attack
June 14, 2018
Cybersecurity researchers have uncovered an espionage campaign that has targeted a national data center of an unnamed central Asian country in order to conduct watering hole attacks. The campaign is believed to be active covertly since fall 2017 but was spotted in March by security researchers from Kaspersky Labs, who have attributed these attacks to a ...