![]() ![]() The leak of Fortinet VPN SSL credentials was mirrored on the Groove leak website. Orange is now involved in the Groove ransomware operation, which allegedly employs several former Babuk developers. The list of Fortinet credentials was leaked by someone going by the handle 'Orange.' Orange is also the administrator of the newly launched RAMP hacking forum, and a previous operator of the Babuk Ransomware operation.Īfter the announced retirement of the Babuk gang, Orange apparently went his own way and started RAMP. The source, and the websites that leaked the information, make for an interesting story as well. A patch for the vulnerability has been available since May 2019, but this patch has not been applied as widely as necessary. In April, CVE-2018-13379 was mentioned in a joint advisory from the NSA, CISA, and the FBI as one of five vulnerabilities widely used in on-going attacks by the Russian Foreign Intelligence Service (SVR). ![]() Apparently the FortiOS system files also contained login credentials. ![]() The vulnerable SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP requests. The vulnerability in question provides an improper limitation of a pathname to a restricted directory in several Fortinet FortiOS and FortiProxy versions. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Even if the devices have since been patched, if the passwords were not reset, they remain vulnerable. The breach list provides raw access to organizations in 74 countries, including the USA, India, Taiwan, Italy, France, and Israel, with almost 3,000 US entities affected.Īccording to Fortinet the credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. A threat actor has leaked a list of almost 500,000 Fortinet VPN credentials, stolen from 87,000 vulnerable FortiGate SSL-VPN devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |