Fortinet, a major cybersecurity company, had a week filled with security vulnerabilities, disclosure mishaps, and a toothbrush DDoS attack claim. The week started with the disclosure of two critical security vulnerabilities in FortiSIEM, which were mistakenly linked to a previous advisory and then later confirmed to be new vulnerabilities. The company took more than 73 hours to issue an official response, which was considered unprofessional. In addition to this, a critical security vulnerability in FortiOS, impacting its SSL VPN, was disclosed. This vulnerability allows remote unauthenticated attackers to achieve code execution and is believed to have already been exploited as a zero-day. Fortinet has urged users to patch vulnerable VPNs as soon as possible. The company was also tangled in a toothbrush DDoS attack claim, which turned out to be a hypothetical situation that was misinterpreted by the media. Overall, Fortinet’s week was plagued with security issues and mishandled disclosures.
Fortinet’s week: a forgettable glance
Latest from News
Screen Secrets: Keeping Digital Payments Safe with Threat Intelligence
TLDR: Mastercard acquired threat intelligence company Recorded Future for $2.65 billion, highlighting the importance of cybersecurity in digital payments. Threat intelligence plays a crucial
Fortinet’s data breach confirmed through third-party source
TLDR: Fortinet confirms the compromise of customer data leaked by a hacker named “Fortibitch” Data breach occurred via unauthorized access to a limited number
New CISA report links cyberattacks on critical infrastructure to Russia
TLDR: New joint advisory from CISA, FBI, and NSA ties recent cyber attacks on critical infrastructure to Russian GRU unit known as Unit 29155.
RansomHub boasts Kawasaki hack, threatens release of stolen information
TLDR: Kawasaki Motors Europe recovering from cyberattack by RansomHub ransomware gang RansomHub threatens to leak stolen data if demands aren’t met Kawasaki Motors Europe
Lazarus Group targets Python devs with fake jobs, coding malware
Summary of North Korean Hackers Targeting Python Devs TLDR: North Korean hackers have been targeting Python developers with malware disguised as coding tests for