This article descricbes that credentials from FortiGate succeed but the same credential fails in actual SSL VPN log-in. The credentials for a test user with username ‘testvpn’ and password ‘azbyc’ (already configured at the LDAP’s AD) shows authentication succeeded when done from the FortiGate as follows: FW-1 # dia test authserver ldap MyLdap testvpn azbyc …

This article describes how to implement basic policy for Policy Based NGFW Mode Scope Basic internet policy for PC users (tested on FOS 6.4.8). Solution Fortigate has 2 (two) NGFW mode: Profile Based ( default ) – – not covered for this example. Policy Based. There are 3 (three) components which need to pay attention …

Updated on 2022-11-25: Authorities seize iSpoof in major blow to fraudsters and cybercrime groups Europol and law enforcement agencies from several countries have seized the servers and websites of iSpoof, a service that allowed users to make calls and send SMS messages using spoofed identities. The service launched in December 2020 and advertised itself as …

This article describes that backup logs in plaintext format avoid LZ4 decompression. By default, if the logs are backed up to the FTP server, logs will be encrypted. # execute backup disk alllogs ftp <IP_address> <username> <password> # execute backup disk log ftp <IP_address> <username> <password> <log_type> If it is necessary to upload the logs …

This article describes how to fix the A JavaScript Error Occurred in the Main Process’ after installing the FortiClient software in Windows. Scope FortiClient Software installed in a Windows Machine Solution Step 1: Uninstall the Forticlent Software using the FortiClient remover tool. Follow the steps to Remove the FortiClient Software from the Windows End-point. Reboot …

This article describes how to block Anydesk traffics without UTM configured then you can block it using ISDB. Scope FortiGate. Solution Step 1: Go to Policy & Objects and select Create New. Step 2: Destination -> Internet Service -> filter the name anydesk and select Anydesk-Anydesk. Step 3: Configure other fields and select OK. Step …

This article describes in detail how to renew password for users that is expired on AD using FortiGate and FortiAuthenticator. Scope FortiAuthenticator, FortiGate. Solution It is presumed that SSL-VPN authentication with FortiGate and FortiAuthenticator is working, for password renewal it is mandatory to use MSCHAPv2 on FortiGate and FortiAuthenticator. In order to renew the password, …

Updated on 2022-11-24 Google’s Project Zero found five exploitable vulnerabilities in the ARM Mali GPU driver used in a large number of Android devices, but despite contacting ARM and patching the flaws they remain exploitable as Android phone vendors haven’t pushed the patches downstream. Read more: Mind the Gap RIP the feature that was there …

Updated on 2022-11-24: A really comprehensive Ukraine invasion cyber timeline The National Security Archive at George Washington University has updated its extremely comprehensive timeline (140+ pages so far) of the cyber-related aspects of the war in Ukraine at its Ukraine Cyber Project. It’s not just numbers and dates and also includes brief summaries of articles, …

CyberScoop reports that the Biden administration intends to issue an Executive Order to prohibit the use of spyware that poses security risks to the US, and it’s shaping up nicely. Read more: White House expected to issue executive order reining in spyware The report is based on a letter that CyberScoop obtained that was sent …

Fears that TikTok will be used for PRC influence operations are growing in concert with the app’s influence and success, and they won’t be easy to mitigate. Last week FBI director Christopher Wray told a US House Homeland Security Committee hearing that the FBI had national security concerns about TikTok, including the potential for it …

Updated on 2022-11-22 U.S. government-sponsored news outlet Radio Free Asia suffered a data breach that leaked the SSNs, passport numbers, financial information, and other personal data of 4,000 people. Read more: Personal data of nearly 4,000 people leaked in hack of Radio Free Asia Overview: Radio Free Asia breach US news agency Radio Free Asia …

Updated on 2022-11-22 SEKOIA discovered at least seven threat groups who have been increasingly adopting the new Aurora info-stealer in their activities. Read more: Aurora: a rising stealer flying under the radar Overview: Aurora Sekoia has an analysis of Aurora, a former botnet now turned infostealer advertised on underground hacking forums for as low as …

Updated on 2022-11-23 A crypto-stealing phishing campaign is abusing Microsoft Azure Web Apps service to evade MFA and steal cryptocurrencies from Coinbase, KuCoin, Metamask, and Crypto.com accounts. Read more: Attackers bypass Coinbase and MetaMask 2FA via TeamViewer, fake support chat Overview: 2FA-bypass phishing campaign PIXM researchers said they are tracking a sophisticated phishing campaign that …

Updated on 2022-11-23 Unit 42 connected the Luna Moth/Silent Ransom Group with multiple callback phishing extortion campaigns targeting businesses in various sectors, including retail and legal. Read more: Threat Assessment: Luna Moth Callback Phishing Campaign Updated on 2022-11-22 Unit42 researchers have a report out on Luna Moth (aka Silent Ransom Group), a threat actor that …