Fortinet published CVSS: Critical advisory FG-IR-22-398 / CVE-2022-42475 on Dec 12, 2022. This blog details our initial investigation into this malware and additional IoCs identified during our ongoing analysis. Read more.
Fortinet recently distributed a PSIRT advisory regarding CVE-2022-40684 that details urgent mitigation guidance. Fortinet strongly urges potentially affected customers to immediately update their FortiOS, FortiProxy, and FortiSwitchManager products.
Read for an update from Fortinet about the Apache Log4j vulnerability, including protections and mitigating issues. It is critical that organizations take immediate action to inventory systems and prioritize remediation.
Read more for an update from Fortinet about Let’s Encrypt certificates as well as how Fortinet is working to improve certificate validation.
Fortinet is aware that a malicious actor has disclosed SSL-VPN credentials to access FortiGate SSL-VPN devices. This incident is related to an old vulnerability resolved in May 2019. We continue to strongly recommend that customers implement the patch upgrade and password reset as soon as possible.
At Fortinet, we are on a constant journey with our customers to best protect and secure their organizations. Read more about Fortinet’s Product Security Incident Response Team (PSIRT) and the Responsible Disclosure Process.
Fortinet has issued a patch and mitigations and is proactively communicating to customers, strongly urging them to immediately update their FortiManager and FortiAnalyzer products. Read more.
Fortinet continues to communicate urging those customers that have not implemented the resolution to immediately implement patches that were made for CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812. Read more.
At Fortinet, we are on a constant journey with our customers to best protect and secure their organizations. Read to learn more about the importance of patching and vulnerability management.
Cybersecurity vendor FireEye reported a breach of their network and data exfiltration which included their internally developed Red Team tools. Read more on how to protect against these tools by potential adversaries.