CyberSecurityBoard
Sponsor Register Login

Hackers Allegedly Selling FortiGate 0-Day Exploit Impacting Firewalls

The exploit claims to enable unauthenticated remote code execution (RCE) and full configuration access to FortiOS, allowing attackers to seize control of vulnerable devices without needing credentials. The company has also released advisories detailing indicators of compromise (IOCs) and recommended security measures, such as disabling HTTP/HTTPS administrative interfaces or restricting access via local policies. The forum post observed by ThreatMon boasts extensive capabilities, including access to sensitive configuration files extracted from compromised devices. The exploit appears to target versions of FortiOS vulnerable to authentication bypass flaws, a recurring issue in Fortinet’s products. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. A threat actor has reportedly advertised a zero-day exploit targeting Fortinet’s FortiGate firewalls on a prominent dark web forum. This alarming development raises significant concerns about the security of Fortinet firewalls, widely used in enterprises and government agencies globally. Such data could allow attackers to bypass security measures, infiltrate networks, and potentially launch further attacks. Unauthorized Access: Attackers could gain administrative control over devices, modify configurations, and extract sensitive data. For example, earlier this year, the Belsen Group, a newly identified hacking entity, leaked configuration files for over 15,000 FortiGate firewalls. This latest zero-day exploit underscores the evolving sophistication of cyber threats and the critical need for robust cybersecurity practices across all sectors. More recently, Fortinet disclosed another critical vulnerability (CVE-2024-55591), enabling attackers to gain super-admin privileges through crafted requests. Despite being exploited two years ago, the leaked data remained relevant due to static firewall configurations. This flaw impacted FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12. These incidents highlight a troubling pattern of exploitation targeting Fortinet’s products. Data Breaches: Leaked credentials and configuration files could lead to exposure to confidential information. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. Operational Disruption: Altered firewall policies may disrupt normal network operations or create vulnerabilities for future attacks.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 14 Apr 2025 02:40:10 +0000


Cyber News related to Hackers Allegedly Selling FortiGate 0-Day Exploit Impacting Firewalls

8 Common Types of Firewalls Explained & When to Use Each - The eight types of deployable firewalls include traditional network firewalls, unified threat management, next-generation firewalls, web application firewalls, database firewalls, cloud firewalls, container firewalls, and firewalls-as-a-service. ...
1 year ago Esecurityplanet.com
Hackers Allegedly Selling FortiGate 0-Day Exploit Impacting Firewalls - The exploit claims to enable unauthenticated remote code execution (RCE) and full configuration access to FortiOS, allowing attackers to seize control of vulnerable devices without needing credentials. The company has also released advisories ...
1 day ago Cybersecuritynews.com CVE-2024-55591
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now - Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. Tracked as CVE-2024-3400, this security flaw can let unauthenticated threat actors execute arbitrary code as ...
11 months ago Bleepingcomputer.com CVE-2024-3400 CVE-2024-34000
Research Shows 163% ROI with Palo Alto Networks Software Firewalls - Good news is here for cloud and network security professionals who need proven, cost-effective solutions that substantially reduce downtime and breaches across a range of cloud and virtualized environments. Palo Alto Networks software firewalls not ...
1 year ago Paloaltonetworks.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
10 months ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
1 year ago Bleepingcomputer.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
11 months ago Bleepingcomputer.com CVE-2024-27834
Netherlands reveals Chinese spies attacked its defense dept The Register - Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense, blaming Chinese state-sponsored attackers for the espionage-focused intrusion. Specialists from the Netherlands' Military Intelligence and ...
1 year ago Go.theregister.com CVE-2022-42475
9 Best Next-Generation Firewall Solutions for 2023 - Next-generation firewalls are network security solutions that go beyond the traditional port/protocol inspection by incorporating application-level inspection, intrusion prevention, and external threat intelligence. As the third generation in ...
1 year ago Esecurityplanet.com
What is Firewall as a Service? - A firewall serves as a barrier to unapproved network traffic. A firewall creates a remotely delivered cybersecurity solution licensed on a subscription basis as a Service or FWaaS. Companies can streamline their IT infrastructure using Perimeter81 ...
1 year ago Cybersecuritynews.com
What Is a Host-Based Firewall? Definition & When to Use - Organizations often use host-based firewalls when specific network applications or services require open communication channels that aren't allowed under default firewall settings. To install a host-based firewall across all endpoints, choose your ...
1 year ago Esecurityplanet.com
What Is a Next-Generation Firewall? - A next generation firewall performs deep packet inspection to check the contents of the data flowing through the firewall. Unlike more basic firewalls that only check the header of data packets, NGFWs examine and evaluate the payload data within the ...
1 year ago Esecurityplanet.com
Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
1 year ago Bleepingcomputer.com CVE-2022-42475
Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
1 year ago Bleepingcomputer.com CVE-2022-42475
Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
1 year ago Bleepingcomputer.com CVE-2023-20198 CVE-2023-20273 CVE-2021-1435
Nine 9 tips before putting your Android Smartphone or Apple iPhone for resale - Many Americans are likely considering selling their old smartphones to upgrade to the latest models released by OEMs, featuring innovative features and new operating systems. Before selling your smartphone to a friend or a company, it's crucial to ...
1 year ago Cybersecurity-insiders.com
Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks - Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. The advisory says that when the threat ...
3 days ago Bleepingcomputer.com CVE-2022-42475
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com
Barracuda fixes new ESG zero-day exploited by Chinese hackers - Network and email security firm Barracuda says it remotely patched all active Email Security Gateway appliances on December 21 against a zero-day bug exploited by UNC4841 Chinese hackers. The company deployed a second wave of security updates a day ...
1 year ago Bleepingcomputer.com CVE-2023-7102 CVE-2023-7101
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
1 year ago Bleepingcomputer.com CVE-2023-38831 CVE-2023-40477 APT28
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice - The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. Throughout the contest organized by Trend ...
1 year ago Bleepingcomputer.com
Cisco warns of NX-OS zero-day exploited to deploy custom malware - Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. Cybersecurity firm Sygnia, who reported the incidents to Cisco, linked the attacks to a Chinese state-sponsored ...
9 months ago Bleepingcomputer.com CVE-2024-20399

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)