Skip to Content

Fortinet FortiOS SSL-VPN Flaw Was Exploited to Infect Government Systems

Fortinet says that an unknown threat actor exploited a critical flaw in its FortiOS SSL-VPN to infect systems at government and government-related organizations. Fortinet released a fix for the heap-based buffer overflow vulnerability (CVE-2022-42475) late last year. FortiOS SSL-VPN version 7.2.8 was released at the end of November; Fortinet published an advisory on December 12. …

Read More about Fortinet FortiOS SSL-VPN Flaw Was Exploited to Infect Government Systems

Flaws in Veeam, Microsoft, Citrix, Fortinet, and Apple Added to KEV Catalog

Updated on 2022-12-15: KEV update CISA has updated its KEV database with six new vulnerabilities that are currently being actively exploited. These include recently disclosed zero-days in Citrix, Fortinet, Windows, and iOS, but also two vulnerabilities patched earlier this year in Veeam backup solutions. Overview: Flaws in Veeam, Microsoft, Citrix, Fortinet, and Apple Added to …

Read More about Flaws in Veeam, Microsoft, Citrix, Fortinet, and Apple Added to KEV Catalog

Citrix and Fortinet patch zero-days exploited in APT and ransomware campaigns

Updated on 2022-12-15: Citrix and Fortinet patch zero-days exploited in APT and ransomware campaigns Citrix and Fortinet, two of today’s largest providers of enterprise networking equipment, have released security updates to patch two zero-day vulnerabilities that were exploited in the wild against their devices. The Fortinet zero-day (CVE-2022-42475) is an unauthenticated RCE that impacts the …

Read More about Citrix and Fortinet patch zero-days exploited in APT and ransomware campaigns
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.