CSOonline

Exploit available for critical flaw in FortiClient Server

The proof-of-concept exploit is easy to execute, and could foretell wider targeting of the Fortinet vulnerability by attackers. Security researchers have released technical details and a ...
The Hacker News

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet reports active attacks exploiting CVE-2020-12812, a FortiOS SSL VPN flaw that can bypass two-factor authentication in specific LDAP setups.
Bleeping Computer

New Cring ransomware hits unpatched Fortinet VPN devices

A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies' networks. The Cring operators ...
SlashGear

Fortinet VPN Hacker Leaks 500,000 Users' Passwords

Virtual Private Networks or VPNs have long been used to hide one's actual location and activities on the Internet, either for security purposes or for bypassing region locks. It is one of the standard ...
ZDNet

Hackers mount attacks on Webmin servers, Pulse Secure, and Fortinet VPNs

To nobody's surprise, hacker groups have started exploiting vulnerabilities that have been made public earlier this month, taking advantage of public technical details and demo exploit code to launch ...
Gizmodo

Cybercriminal Gang Just Leaked 500,000 Fortinet VPN Users’ Passwords

A hacker gang has allegedly collected and dumped a large trove of approximately 500,000 login credentials belonging to users of a popular VPN product from cybersecurity firm Fortinet. The threat actor ...
Ars Technica

Fortinet SSL-VPN or Windows VPN

I already setup the Fortigate to do SSL-VPN using Active Directory (LDAP) for authentication. It works great, but requires a Fortinet client installation and some ...
Threat Post

FortiGate VPN Default Config Allows MitM Attacks

The client’s default configuration for SSL-VPN has a certificate issue, researchers said. Default configurations of Fortinet’s FortiGate VPN appliance could open organizations to man-in-the-middle ...
Bleeping Computer

Fortinet delays patching zero-day allowing remote server takeover

Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall (WAF) until the end of August. Successful exploitation can let authenticated ...
Medicine Buffalo

Replace Fortinet VPN client with Cisco AnyConnect for UB VPN

If you’re using the previously available Fortinet FortiClient VPN software to access the UB VPN on a personal device, uninstall it by June 14, 2021 and replace it with Cisco AnyConnect, which you can ...
techtimes

Fortinet VPN Users' Compromised as Hacker Gang Leaks 500,000 Passwords on Dark Web Forum

Fortinet VPN users have recently been compromised as a hacker gang leaked around half a million passwords on a dark web forum. A hacker gang has allegedly been able to collect and dump a massive trove ...