9.8
CVSSv3

CVE-2018-13379

Published: 04/06/2019 Updated: 03/06/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 529
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated malicious user to download system files via special crafted HTTP resource requests.

Most Upvoted Vulmon Research Post

Fortinet FortiOS Path Traversal Retrieving plaintext credentials: https://localhost/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fortinet fortios

Exploits

# Exploit Title: FortiOS Leak file - Reading login/passwords in clear text # Google Dork: intext:"Please Login" inurl:"/remote/login" # Date: 17/08/2019 # Exploit Author: Carlos E Vieira # Vendor Homepage: wwwfortinetcom/ # Software Link: wwwfortinetcom/products/fortigate/fortioshtml # Version: This vulnerability affect ( For ...
# Exploit Title: FortiOS Leak file - Reading login/passwords in clear text # Google Dork: intext:"Please Login" inurl:"/remote/login" # Date: 17/08/2019 # Exploit Author: Carlos E Vieira # Vendor Homepage: wwwfortinetcom/ # Software Link: wwwfortinetcom/products/fortigate/fortioshtml # Version: This vulnerability affect ( For ...

Mailing Lists

This Metasploit module exploits FortiOS versions 563 through 567 and 600 through 604 to leverage a credential disclosure vulnerability by reading the /dev/cmdb/sslvpn_websession file ...
FortiOS versions 563 through 567 and 600 through 604 suffer from a credential disclosure vulnerability ...

Github Repositories

CVE-2018-13379 Script for Nmap NSE.

cve2018-13379-nmap-script CVE-2018-13379 Script for Nmap NSE An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 600 to 604, 563 to 567 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests

CVE-2018-13379-FortinetVPN An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 600 to 604, 563 to 567 and 546 to 5412 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests

Legadro-Forti-Scanner It is updated Forti Vpn Scanner of (CVE-2018-13379) (FG-IR-18-384) for Windows Automatic scan for vuln of: /remote/fgt_lang?lang=//////////////dev/cmdb/sslvpn_websession Fixed bugs such as stuck on dead Forti IP and saving results in folder: output as a ip:porthtml How to use: legadro-forti-scannerexe ipstxt ipstxt must be in format like this:

CVE-2018-13379

CVE-2018-13379 CVE-2018-13379 blogorangetw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpnhtml fortiguardcom/psirt/FG-IR-18-384 The below versions of FortiOS were vulnerable FortiOS 563 to 567 FortiOS 600 to 604 ONLY if the SSL VPN service (web-mode or tunnel-mode) is enabled

Small Archive of leaked materials that i found interesting and that can be used for Research and analysis purposes (Malwares, Leaks & Links, More To add soon)

Vault6 Telegram channel : tme/Vault6 SunBurst : FireEye Tools Supernova_webshell_backdoor APT_Dropper SunBurst_FalsePositives Sunburst_APT_Backdoor APTs Android Malware Collection : Anubis Source Dendroid Source APT-C-23 FrozenCell (Egypt) 🇪🇬 APT33 | APT34 | APT 39 Shamoonn (Islamic Republic of Iran) 🇮🇷 Leaks : Readmetxt (Mega/Torrent Linksf

A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.

Fortiscan (CVE-2018-13379) (FG-IR-18-384) Exploitation Tool, You can use this tool to check the vulnerability in your FortiGate SSL-VPN This vulnerability affects the following versions: • FortiOS 60 - 600 to 604 • FortiOS 56 - 563 to 567 • FortiOS 54 - 546 to 5412 wwwfortinetcom/blog/business-and-technology/fortios-ssl-vulnerability

CVE-2018-13379 Exploit

FortiOS-Credentials-Disclosure CVE-2018-13379 Exploit Usage : python CVE-2018-13379py listtxt

Fortinet FortiOS路径遍历漏洞 (CVE-2018-13379)批量检测脚本

使用方法&免责声明 该脚本为Fortinet FortiOS路径遍历漏洞 (CVE-2018-13379)批量检测脚本。 使用方法:Python CVE-2018-13379py urltxt 漏洞地址输出在vultxt中 影响版本: Fortinet FortiOS 563 - 567、600 - 604 版本中的SSL VPN 受此漏洞影响。 漏洞源于该系统未能正确地过滤资源或文件路径中的

CVE-2018-13379 CVE-2018-13379 Module for Router Scan Project How To Use prepare pip3 install time,threading,ipcalc,requests usage python3 exppy -f [listtxt] Copyright some part of this repository that send tcp response is partly forked from milo2012/CVE-2018-13379 with some changes for APIs of Route

Fortigate CVE-2018-13379 - Tool to search for vulnerable Fortigate hosts in Rapid7 Project Sonar data anonymously through The Tor network.

At Doom Fortigate ================= =============== =============== ======== ======== \\ \\ // \\ // \\ \\ \\// // || _____ || || _____ || || _____ || || \/ || || || || || || || || || || || || || || || || || || || || || || || ||

FortiFuck-Checker Tool written in Bash script to check CVE-2018-13379 Usage: -h Get this help message -t Insert a valid IP Address to check IP:port -l Provide a path to a file containing a list of IPs, one per line IP:port -c Provide a country name if you're interested in a specific country's IPs -o Output filename

FG-IR-18-384 (CVE-2018-13379) Exploitation Tool Exploit allowing for the recovery of cleartext credentials This tool is provided for testing purposes only Only run it against infrastructure for which you have recieved permission to test Headnod to those who discovered the exploit, more information by the researcher can be found here: blogorangetw/2019/08/attacking-

Extract Useful info from SSL VPN Directory Traversal Vulnerability (FG-IR-18-384)

FG-IR-18-384 (CVE-2018-13379) Exploitation Tool Exploit allowing for the recovery of cleartext credentials This tool is provided for testing purposes only Only run it against infrastructure for which you have recieved permission to test Headnod to those who discovered the exploit, more information by the researcher can be found here: blogorangetw/2019/08/attacking-

CVE-2018-13379-FortinetVPN An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 600 to 604, 563 to 567 and 546 to 5412 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests

FortiVuln

CVE-2018-13379-Fortinet FortiVuln

Conti-Ransomware RELATED IOCs, MITIGATION STEPS AND REFERENCE LINKS Common Vulnerabilities and Exposures : Firewall Vulnerabilities CVE-2018-13379, CVE-2018-13374, gather foothold using Cobalt strike IOCs (Indicators of compromise) BazarLoader-- 642276992|443 1613515592|443 16135147110|443 642276560|443 Loader download-- millscruelgcom 459511133|80 Cobalt Strike

Cring-Ransomware RELATED IOCs, MITIGATION STEPS AND REFERENCE LINKS **Common Vulnerabilities and Exposures (CVE) ** (CVE-2018-13379 )Fortinet FortiOS, (CVE-2010-2861)-Adobe ColdFusion flaw IOCs(Indicators of compromise) SHA-256 f7d270ca0f2b4d21830787431f881cd004b2eb102cc3048c6b4d69cb775511c8 e687308cd4184e17c33fa9e44686e7d6a4d73adf65f7fb3cac9c4ad765b4ffdf 771a680f9a09a7a73ac267

Dorks for Google, Shodan and BinaryEdge

Dorks are cool Dorks for Google, Shodan and BinaryEdge Only for use on bug bounty programs or in cordination with a legal security assesment I am in no way responsible for the usage of these search queries Be responsible thanks - wwwbugcrowdcom/resource/what-is-responsible-disclosure/ This repository is "under construction" feel free to make pull requests

A curated list of my functional exploits...

Public-Exploits A curated list of my functional exploits About Public exploits (re)writed for learning purpose or pentesting / red teaming assessments Contents Centreon Centreon Web CVE-2015-1560, CVE-2015-1561 | Centreon Web Time-Based Blind SQLi to RCE Fortinet Fortigate CVE-2018-13379 | Fortigate SSL-VPN Credentials Stealer CVE-2018-13382 | Fortigate SSL-VPN

REvil Ransomware Realated IOCs , Mitigation steps and References Common Vulnerabilities and Exposures: CVE-2018-13379, CVE-2019-2725, CVE-2019-11510, CVE-2021-30116 IOCs 18[]223[]199[]234 161[]35[]239[]148 193[]204[]114[]232 dsagovbd/documents/magazine-document_89046_2021-02-28pdf wwwtrendmicrocom/vinfo/us/security/news/ransomware-spotlight/ransomw

A curated list of my functional exploits...

Public-Exploits A curated list of my functional exploits About Public exploits (re)writed for learning purpose or pentesting / red teaming assessments Contents Centreon Centreon Web CVE-2015-1560, CVE-2015-1561 | Centreon Web Time-Based Blind SQLi to RCE Fortinet Fortigate CVE-2018-13379 | Fortigate SSL-VPN Credentials Stealer CVE-2018-13382 | Fortigate SSL-VPN

Fortigate VPN: CVE-2018-13379: Pre-auth arbitrary file reading En el año 2019 se notificaron de vulnerabilidades a los productos de la empresa Fortinet, reportados por los investigadores niph_ y ramoliks los cuales fueron los CVE: CVE-2018-13379: Pre-auth arbitrary file reading CVE-2018-13380: Pre-auth XSS CVE-2018-13381: Pre-auth heap overflow CVE-2018-13382: The magic

Scan log files for suspicious strings

little-log-scan - Scan log files for suspicious strings Small tool that scans log files for suspicious strings Intended for webserver logs, but usable with any text-based log file Lines are read from standard input, and any matches are written to standard output Usage Through npx: npx little-log-scan [options] Through npm: npm install little-log-scan && np

Welcome to Goby Goby is a new generation network security assessment tool It can efficiently and practically scan vulnerabilities while sorting out the most complete attack surface information for a target enterprise Goby can also quickly penetrate the company intranet based on a company's vulnerabilities exposed to the Internet We strive for Goby to become a more vita

Attack surface mapping

Welcome to Goby Goby is a new generation network security assessment tool It can efficiently and practically scan vulnerabilities while sorting out the most complete attack surface information for a target enterprise Goby can also quickly penetrate the company intranet based on a company's vulnerabilities exposed to the Internet We strive for Goby to become a more vita

Resources for Security Matters talk 2022

Security Matters 2022 Resource List Overview Collection of resources for defending against current threat lanscape trends and improving security knowledge Table of Contents Security Matters 2022 Resource List Overview If you only do 10 things, here is what you should do Common Attack Tools Most Common Attack Tool List Defenses Supply Chain Attacks Well Known Supply Chain

微信收藏的文章

微信收藏文章列表 [0x00实验室]-2023-6-16-Webshell绕过360主动防御执行命令md [3072]-2021-9-1-shellcode分析技巧md [360威胁情报中心]-2021-8-16-APT-C-54(Gamaredon)近期技战术总结md [360威胁情报中心]-2023-2-14-APT-C-56(透明部落)伪装简历攻击活动分析md [360漏洞云]-2021-8-13-漏洞复现 Fortinet FortiPortal 远程代

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防

红方人员作战执行手册

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防

myscan 被动扫描

myscan myscan是参考awvs的poc目录架构,pocsuite3、sqlmap等代码框架,以及搜集互联网上大量的poc,由python3开发而成的被动扫描工具。 此项目源自个人开发项目,结合个人对web渗透,常见漏洞原理和检测的代码实现,通用poc的搜集,被动扫描器设计,以及信息搜集等思考实践。 法律免责声明

database of pocassist(漏洞库)

pocassist database 介绍 本项目为 pocassist 的 sqlite 数据库文件。 poc 更新日志 2021-7-9 漏洞类型 漏洞编号 漏洞名称 任意文件读取 poc-10318 ShopXO download 任意文件读取漏洞 CNVD-2021-15822 SQL 注入 poc-10317 泛微OA V8 SQL注入漏洞 命令执行 poc-10316 H3C IMC dynamiccontentpropertiesxhtm 远程命令执行 任意

主流供应商的一些攻击性漏洞汇总

主流供应商的一些攻击性漏洞汇总 网络安全专家 @Alexander Knorr 在推特上分享的一些有关于供应商的一些 CVE 严重漏洞,详情,仅列出了 CVE 编号,无相关漏洞详情。所以在分享的图片基础上进行新增了漏洞 Title,官方公告,漏洞分析,利用代码,概念证明以及新增或删减了多个CVE等,另外

Nuclei Templates Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests or Github issue and grow the list Resources Templates Documentation Contr

Nuclei Templates Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests or Github issue and grow the list Resources Templates Documentation Contr

更新于 2023-11-27 08:36:01 近15天release更新记录 更新时间 项目名称 版本 更新内容 2023-11-26 10:48:00 gshark v124 ## Fixed * 修复 task 表初始化的问题 * 增加 nginx 配置全文 2023-11-26 04:28:12 PEASS-ng 20231126-a1ab960a 2023-11-26 00:56:40 dalfox v291 ## Changelog * 7458557 fixed typo * 000d2dc chore: update contributors [skip

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 961 CVE-2022-0847-

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 422 2023-11-15T09:54:51Z qq-tim-elevation githubcom/vi3t1/qq-tim-elevation CVE-2

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 422 2023-11-15T09:54:51Z qq-tim-elevation githubcom/vi3t1/qq-tim-elevation CVE-2

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 988 CVE-2022-0847-

2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总

欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka:OSINT工具,将来自shodan、censys等服务的数据集中在一处

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 975 CVE-2022-0847-

在公网收集的gobypoc+部分自己加的poc

Goby_POC POC 数量1319 更新时间 2023/7/29 00:31:11 在公网收集的gobypoc+部分自己加的poc 360 TianQing ccid SQL injectable 360 TianQing database information disclosure 3ware default password vulnerability 74CMS Resumephp Boolean SQLI 74CMS SQLi with Plus ajax common 74CMS SQLi with Plus weixin AceNet AceReporter Report component Arbitrary file download ACME mini

TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 422 202

Kenzer Templates [1289] TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2017-5638 jaeles jaeles\cvescan\critical\CVE-2017-5638yaml CVE-2017-6360 jaeles jaeles\cvescan\critical\CVE-2017-6360yaml CVE-2017-6361 jaeles jaeles\cvescan\critical\CVE-2017-6361yaml CVE-2017-9841 jaeles jaeles\cvescan\critical\CVE-2017-9841yaml CVE-2018-16763 jaeles jaeles\

安全类各家文库大乱斗

SecBooks 各大文库公众号文章收集,部分文库使用gitbook部署;部分公众号使用杂散文章为主。 使用插件 "hide-element", "back-to-top-button", "-lunr", "-search", "search-pro", "splitter" #目录自动生成插件(book sm) npm install -g gitbook-summ

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

essential templates for kenzer [DEPRECATED]

Kenzer Templates [5170] [DEPRECATED] TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2013-2251 freaker freaker/exploits/CVE-2013-2251/exploitsh CVE-2017-6360 freaker freaker/exploits/CVE-2017-6360/exploitsh CVE-2017-6361 freaker freaker/exploits/CVE-2017-6361/exploitsh CVE-2017-7921 freaker freaker/exploits/CVE-2017-7921/exploitsh CVE-2018-11784 f

Recent Articles

Ransomware: How Attackers are Breaching Corporate Networks
Symantec Threat Intelligence Blog • Karthikeyan C Kasiviswanathan Vishal Kamble • 28 Apr 2023

Latest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.

Posted: 28 Apr, 20228 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinRansomware: How Attackers are Breaching Corporate NetworksLatest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.Targeted ransomware attacks continue to be one of the most critical cyber risks facing organizations of all sizes. The tactics used by ransomware attackers are continually evolving, but by identifying the most freq...

The Threat Landscape in 2021
Symantec Threat Intelligence Blog • Threat Hunter Team • 19 Jan 2023

Symantec takes a look at the cyber security trends that shaped the year

Posted: 19 Jan, 20226 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinThe Threat Landscape in 2021Symantec takes a look at the cyber security trends that shaped the yearFrom the evolving ransomware ecosystem to attacks against critical infrastructure, Symantec looks back over the cyber-security trends that shaped 2021.

A new whitepaper from Symantec, a division of Broadcom Software, takes a look back at the some of t...

Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns
Threatpost • Lisa Vaas • 17 Nov 2021

A state-backed Iranian threat actor has been using multiple CVEs – including both serious Fortinet vulnerabilities for months and a Microsoft Exchange ProxyShell weakness for weeks – looking to gain a foothold within networks before moving laterally and launching BitLocker ransomware and other nastiness.
A joint advisory published by CISA on Wednesday was meant to highlight the ongoing, malicious cyber assault, which has been tracked by the FBI, the U.S. Cybersecurity and Infrastructur...

Emails, chat logs, more leaked online from far-right militia linked to US Capitol riot
The Register • Iain Thomson in San Francisco • 28 Sep 2021

Get our weekly newsletter Plus: Other infosec news from this month

In brief Emails, chat logs, membership records, donor lists and other files siphoned from a far-right anti-government self-styled militia were leaked online on Monday, it appears.
Some 5GB of data belonging to the Oath Keepers ‒ at least four of whom have been indicted for and admitted their role in the January 6 storming of the US capitol – was passed to the DDoSecrets Collective and shared online. The membership list contains accounts with 160 US government and military email address...

Thousands of Fortinet VPN Account Credentials Leaked
Threatpost • Lisa Vaas • 09 Sep 2021

Credentials pilfered from 87,000 unpatched Fortinet SSL-VPNs have been posted online, the company has confirmed.
Or then again, maybe the number is far greater. On Wednesday, BleepingComputer reported that it’s been in touch with a threat actor who leaked a list of nearly half a million Fortinet VPN credentials, allegedly scraped from exploitable devices last summer.
The news outlet has analyzed the file and reported that it contains VPN credentials for 498,908 users over 12,856 de...

Patch now? Why enterprise exploits are still partying like it's 1999
The Register • Davey Winder • 08 Sep 2021

Get our weekly newsletter Am I only dreaming, or is this burning an Eternal Blue?

Some vulnerabilities remain unreported for the longest time. The 12-year-old Dell SupportAssist remote code execution (RCE) flaw – which was finally unearthed earlier this year – would be one example.
Others, however, have not only been long since reported and had patches released, but continue to pose a threat to enterprises. A joint advisory from the National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA), published in late July, liste...

Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks
Threatpost • Elizabeth Montalbano • 08 Apr 2021

Threat actors are exploiting a Fortinet vulnerability flagged by the feds last week that delivers a new ransomware strain, dubbed Cring, that is targeting industrial enterprises across Europe.
Researchers say the attackers are exploiting an unpatched path-reversal flaw, tracked as CVE-2018-13379, in Fortinet’s FortiOS. The goal is to gain access to victims enterprise networks and ultimately deliver ransomware, according to a report by Kaspersky researchers published this week.
“...

'Anomalous surge in DNS queries' knocked Microsoft's cloud off the web last week
The Register • Iain Thomson in San Francisco • 06 Apr 2021

Plus: Top universities hit by data-stealing extortionists

in Brief It was a tsunami of DNS queries that ultimately took out a host of Microsoft services, from Xbox Live to Teams, for some netizens about an hour on April Fools' Day, Redmond has said.
Or as the Windows giant put it, the outage was the result of "an anomalous surge in DNS queries from across the globe targeting a set of domains hosted on Azure." In a postmortem examination of the downtime, Microsoft said the flood of requests triggered a programming flaw in its infrastructure that h...

FBI: APTs Actively Exploiting Fortinet VPN Security Holes
Threatpost • Tara Seals • 02 Apr 2021

The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat (APT) nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products.
According to an alert issued Friday by the FBI and CISA, cyberattackers are scanning devices on ports 4443, 8443 and 10443, looking for unpatched Fortinet security implementations. Specifically, APTs are ...

Attackers chain Windows, VPN flaws to target US government agencies
welivesecurity • 13 Oct 2020

Threat actors have been chaining vulnerabilities in Windows and Virtual Private Network (VPN) services to target various government agencies, critical infrastructure and election organizations, according to a warning by the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI). The technique, which involves exploiting several flaws over the course of a single attack to infiltrate an organization’s network, is part of the gangs’ ram...

Election Systems Under Attack via Microsoft Zerologon Exploits
Threatpost • Lindsey O'Donnell • 13 Oct 2020

U.S. government officials have warned that advanced persistent threat actors (APTs) are now leveraging Microsoft’s severe privilege-escalation flaw, dubbed “Zerologon,” to target elections support systems.
Days after Microsoft sounded the alarm that an Iranian nation-state actor was actively exploiting the flaw (CVE-2020-1472), the Cybersecurity Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint advisory warning of further attacks.

The seven deadly sins letting hackers hijack America's govt networks: These unpatched bugs leave systems open
The Register • Shaun Nichols in San Francisco • 12 Oct 2020

'Unauthorized access to elections support systems' detected tho 'no evidence to date that integrity of elections data has been compromised' Big US election coming up, security is vital and, oh look... a federal agency just got completely pwned for real

If you're wondering which bugs in particular miscreants are exploiting to break into, or attempt to break into, US government networks, wonder no more. And then make sure you've patched them.
Uncle Sam's Dept of Homeland Security has this month identified at least six possible routes into the nation's computer systems, and the method used to gain total control over the machines once inside. Those six vulnerabilities are...
...plus CVE-2020-1472, aka ZeroLogon, in Microsoft Windows, w...

Hackers Look to Steal COVID-19 Vaccine Research
Threatpost • Tara Seals • 16 Jul 2020

Threat actor known as APT29 has been hard at work attempting to pilfer COVID-19 vaccine research from academic and pharmaceutical research institutions in various countries around the world, including the U.S.
That’s according to a joint alert from the U.S. Department of Homeland Security (DHS), the U.K.’s National Cyber Security Centre (NCSC) and Canada’s Communications Security Establishment (CSE),  issued Thursday.
The 14-page advisory details the recent activity of Russi...

APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn
Threatpost • Elizabeth Montalbano • 08 Oct 2019

State-sponsored advanced persistent threat (APT) groups are using flaws in outdated VPN technologies from Palo Alto Networks, Fortinet and Pulse Secure to carry out cyber attacks on targets in the United States and overseas, warned U.S. and U.K. officials.
The National Security Agency (NSA) issued a Cybersecurity Advisory Monday about the threats and offered mitigation suggestions, warning that multiple APT actors have weaponized three critical vulnerabilities first published in August–C...

Russia stole US defense data from IT systems, says CISA
The Register • Simon Sharwood, APAC Editor • 01 Jan 1970

Get our weekly newsletter Clearly no need for leet zero-day hax when you can spearphish and exploit months-old vulnerabilities

A two-year campaign by state-sponsored Russian entities to siphon information from US defense contractors worked, it is claimed.
Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday said Moscow's cyber-snoops have obtained "significant insight into US weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology."
The Agency added that the intruders made off with sensi...

The Register

If you're wondering which bugs in particular miscreants are exploiting to break into, or attempt to break into, US government networks, wonder no more. And then make sure you've patched them.
Uncle Sam's Dept of Homeland Security has this month identified at least six possible routes into the nation's computer systems, and the method used to gain total control over the machines once inside. Those six vulnerabilities are...
...plus CVE-2020-1472, aka ZeroLogon, in Microsoft Windows, w...

LockBit victims in the US alone paid over $90m in ransoms since 2020
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections

Seven nations today issued an alert, plus protection tips, about LockBit, the prolific ransomware-as-a-service gang.
The group's affiliates remains a global scourge, costing US victims alone more than $90 million from roughly 1,700 attacks since 2020, we're told.
The joint security advisory — issued by the US Cybersecurity and Infrastructure Security Agency (CISA), FBI, Multi-State Information Sharing and Analysis Center (MS-ISAC), and cybersecurity authorities in Australia, Canada...

Five Eyes nations reveal 2021's fifteen most-exploited flaws
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Malicious cyber actors go after 2021's biggest misses, spend less time on the classics

Security flaws in Log4j, Microsoft Exchange, and Atlassian's workspace collaboration software were among the bugs most frequently exploited by "malicious cyber actors" in 2021 , according to a joint advisory by the Five Eyes nations' cybersecurity and law enforcement agencies.
It's worth noting that 11 of the 15 flaws on the list were disclosed in 2021, as previous years' lists often found miscreants exploiting the older vulns for which patches had been available for years.
Of course...

The Register

in Brief It was a tsunami of DNS queries that ultimately took out a host of Microsoft services, from Xbox Live to Teams, for some netizens about an hour on April Fools' Day, Redmond has said.
Or as the Windows giant put it, the outage was the result of "an anomalous surge in DNS queries from across the globe targeting a set of domains hosted on Azure." In a postmortem examination of the downtime, Microsoft said the flood of requests triggered a programming flaw in its infrastructure that h...