Kevin Beaumont<p>Don’t worry everybody, <a href="https://cyberplace.social/tags/FortiJump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiJump</span></a> is back for Christmas… this time set in space! The patch didn’t fix the variants.</p>
Recent searches
No recent searches
Search options
Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
244active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#fortijump
0 posts · 0 participants · 0 posts today
Paul Shread<p>A little late for Halloween but just as scary: Nearly 1 million Fortinet and SonicWall devices with actively exploited vulnerabilities are exposed on the internet. <br><a href="https://masto.ai/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://masto.ai/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://masto.ai/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> <a href="https://masto.ai/tags/FortiJump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiJump</span></a> <a href="https://masto.ai/tags/FortiManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiManager</span></a> <a href="https://masto.ai/tags/SonicWall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SonicWall</span></a> <a href="https://masto.ai/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://masto.ai/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://masto.ai/tags/Cyberattacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cyberattacks</span></a> <a href="https://masto.ai/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://masto.ai/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerabilities</span></a> </p><p><a href="https://thecyberexpress.com/vulnerable-fortinet-sonicwall-devices-exposed/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thecyberexpress.com/vulnerable</span><span class="invisible">-fortinet-sonicwall-devices-exposed/</span></a></p>
Kevin Beaumont<p>I think this got lost in the mix - the <a href="https://cyberplace.social/tags/FortiJump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiJump</span></a> threat actress wasn’t just exploiting FortiManager. </p><p>Both FortiGate (the firewall product) and FortiManager (the central manager product) use FGFM on port 541. </p><p>The threat actress had different exploits for both products - the February FortiGate CVE and the new FortiManager CVE.</p><p>One recommended mitigation in FortiManager is you lock FGFM to allowed IPs of your FortiGates. If you pop the FortiGate first you can reach the FortiManager by design.</p>
Kevin Beaumont<p>Germany’s BSI advisory about <a href="https://cyberplace.social/tags/FortiJump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiJump</span></a> contains a fifth IP address, more to come. <a href="https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-282848-10Ub2.pdf?__blob=publicationFile&v=3" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bsi.bund.de/SharedDocs/Cybersi</span><span class="invisible">cherheitswarnungen/DE/2024/2024-282848-10Ub2.pdf?__blob=publicationFile&v=3</span></a></p>
Kevin Beaumont<p><a href="https://cyberplace.social/tags/FortiJump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiJump</span></a> activity moves back to June 2024 <a href="https://www.bleepingcomputer.com/news/security/mandiant-says-new-fortinet-fortimanager-flaw-has-been-exploited-since-june/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/mandiant-says-new-fortinet-fortimanager-flaw-has-been-exploited-since-june/</span></a></p>
Kevin Beaumont<p><a href="https://cyberplace.social/tags/FortiJump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiJump</span></a> has been added to CISA KEV list. <a href="https://mastodon.social/@cisakevtracker/113358041133854343" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@cisakevtracke</span><span class="invisible">r/113358041133854343</span></a></p>
Kevin Beaumont<p>FortiNet have now gone public about FortiJump, aka CVE-2024-47575 <a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-423" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">fortiguard.fortinet.com/psirt/</span><span class="invisible">FG-IR-24-423</span></a> </p><p>Not in the advisory but exploitation stems to at least September, and it's being used to enter downstream networks.</p><p><a href="https://cyberplace.social/tags/FortiJump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiJump</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload