Fortinet News

The cybersecurity skills gap has remained a top concern for CISOs, contributing to security risks, overworked IT staff, and increasing the opportunities for bad actors to exploit expanded atack surface.

"At the same time, the constantly evolving threat landscape exacerbates the need for skilled professionals as the talent shortage affects more and more organizations each year and leaves them struggling to protect important assets amidst rapid digital innovation.

Fortinet is working to close the skills gap with programs like the NSE Training Institute and its Training Advancement Agenda (TAA) initiative. To help build out a talent pipeline and bring more people into cybersecurity careers, the need for access to training, career pathways and connecting individuals to employers are essential. Fortinet creates opportunities for all, including women, students, veterans, minorities and more, through its training programs and partnerships and continues to make significant progress in working to close the skills gap..."

Fortinet has become aware that a malicious actor has recently disclosed SSL-VPN access information to 87,000 FortiGate SSL-VPN devices

"These credentials were obtained from systems that remained unpatched against FG-IR-18-384 / CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable.

This incident is related to an old vulnerability resolved in May 2019. At that time, Fortinet issued a PSIRT advisory and communicated directly with customers. And because customer security is our top priority, Fortinet subsequently issued multiple corporate blog posts detailing this issue, strongly encouraging customers to upgrade affected devices. In addition to advisories, bulletins, and direct communications, these blogs were published in August 2019, July 2020, April 2021, and again in June 2021..."

On September 7, 2021, Microsoft disclosed an active in-the-wild attack affecting Microsoft Windows.

"This vulnerability, CVE-2020-40444, is a remote code execution vulnerability in MSHTML. It does not currently have a patch, MSHTML is also referred to as Trident, is a legacy proprietary browser engine specific to Internet Explorer and Windows platforms. In-the-wild attacks on targets were observed to be using specially crafted malicious Microsoft Office documents. Like most such attacks, targets have to be compelled or lured to open the malicious document for it to run successfully.

This blog provides information on the vulnerability, how the attack works, and Fortinet product protections in place to address this vulnerability. Additional information can be found in the Threat Signal published by FortiGuard Labs on September 7..."

Applications have increasingly become one of the primary ways organizations deliver key capabilities to their employees, customers, and business partners.

"For business-critical workflows, organizations look to enable access from any device from anywhere that the user can access an internet connection. As fewer line-of-business applications lack a public facing interface, this easy access helps enhance productivity and reduces operational friction. However, many times these mission critical applications that organizations and users rely on are directly exposed to untrusted networks and are increasingly exposed via public facing web applications and APIs, with security implications that must be addressed..."

Dridex is a Trojan malware, also known as Bugat or Cridex, which is capable of stealing sensitive information from infected machines and delivering and executing malicious modules (dll).

"FortiGuard Labs recently captured new phishing email campaigns in the wild that included a specially crafted Excel document attachment. I did a deep research on one of them and discovered that once the malicious Excel document is opened on a victim's machine, it downloads a new variant of Dridex.

In this analysis, I will elaborate how the Excel document downloads Dridex, how this version of Dridex runs on a victim's device, what sensitive information it collects, and how it delivers malicious modules (dll)..."

See all Archived Fortinet News articles See all articles from this issue