 |
Post AnJ0zMwlGqwdp44vdg by [email protected] |
 |
More posts by [email protected] |
|
Post #AmxfmWGf7sdzbrGBai by [email protected] |
|
0 likes, 2 repeats |
|
|
|
Hello everybody. If you use FortiManager from FortiNet you should grab the late… |
|
|
|
Post #AmxhI6OOxsHWa1VIAq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Stealth rewrite as patches aren’t available yet. |
|
|
|
Post #Amxj7KHjAm6WOCN5OK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Shouldn't FortiManager the typical kind of software which shou… |
|
|
|
Post #Amy160FTyoGF8Kq8lU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog there are mitigations available, and this is not on the web interf… |
|
|
|
Post #Amy1OSxJzD4ZNa9IvI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Different vuln from earlier this year, but same component, to give scale of unp… |
|
|
|
Post #Amy3t09JL2WevGRfHs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Around 700 to 1100 FortiManagers are internet facing. That should … |
|
|
|
Post #AmyADl8uvU9IBgXgwK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Fortinet? No, #fartinet they are… |
|
|
|
Post #AmyHRcwGvNIGTcBgOW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog at this point, having any kind of fortinet product facing the inte… |
|
|
|
Post #An2nCMu4EhwVZ5lQI4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Does anybody know if the FortiManager zero day situation has a CVE and/or patch… |
|
|
|
Post #An41cxfPlVshdBRddw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog No patch yet. Rumor is that it's going to take them a while. I… |
|
|
|
Post #An4RHDu1JpaAQEZUxs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Still nothing? Seeing some slightly misreported articles stating i… |
|
|
|
Post #An9BvOCboh06TQCFqC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
FortiGate have released one of the six new versions of FortiManager which fix t… |
|
|
|
Post #An9Ep0wNgqQkSBG3FY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog There may or may not be information and remediation documented u… |
|
|
|
Post #An9GX4DkxI4xK4xGfg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
And we have another FortiManager patch out: https://www.reddit.com/r/fortinet/… |
|
|
|
Post #AnAXDaSpG9KFuUGDFA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Fortigate currently having the world's least secret zero day used by China … |
|
|
|
Post #AnAcnsazp4xYLBCtlI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog it seems to be a case of “just when you think things couldn’t … |
|
|
|
Post #AnAfYvfcPQxjOXvpoG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog #fartinet seems to think security by obscurity is a good idea, dro… |
|
|
|
Post #AnEgIM8XdCcl8uxejI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Fortinet's last security blog included a section called "A Call to the… |
|
|
|
Post #AnEmObb5f6dOYTg5Xk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog there is definitely some communication gaps within their organizat… |
|
|
|
Post #AnF8UBVPmSVWMY5YiO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
I should also point out Fortinet's blog is about zero day vulnerabilities i… |
|
|
|
Post #AnF9FO8Eee8d8GksSG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
On a positive note, blog title! |
|
|
|
Post #AnFBXgPHeBeYvqa3pQ by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDogAm I in a time loop again? Didn't Fortinet just get popped... /… |
|
|
|
Post #AnG7njEsgBijgt4Qka by [email protected] |
|
0 likes, 0 repeats |
|
|
|
FortiNet drama rumbling on |
|
|
|
Post #AnG9mfeyhVSGD1ttcu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I didn't know what is Fortinet, so I googled it and google say… |
|
|
|
Post #AnGPJ9MrHYCuvQN2DA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
FortiNet's security portal has been broken for 24 hours now https://www.for… |
|
|
|
Post #AnGPjczDmawoJbwLKq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
People are quite openly posting what is happening on Reddit now, threat actors … |
|
|
|
Post #AnGSQFRlNVgRfWjzzE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog One day I wish my organization would let me move us away from the … |
|
|
|
Post #AnGZU03PFXuKlZ5HdY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog MSPs? Members of the Scottish Parliament? |
|
|
|
Post #AnGqmnIObhl5v6dvou by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Somebody posted the list of impacted FortiManager versions and fixed versions o… |
|
|
|
Post #AnH0NYvjsai1fVeXB2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog So, as I'm trying to gauge impact or potential for impact for … |
|
|
|
Post #AnH0NZybzObKui0LIG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@NosirrahSec@GossiTheDogThe issue is a remote code execution flaw on the FortiM… |
|
|
|
Post #AnH5RCuiB6MOJYjIMC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
FGFM - FortiGate to FortiManager Protocol Shodan dork, save for later this week… |
|
|
|
Post #AnHB2lDu4v9lD1Qssq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
I've written a thing, and drawn a logo in crayon and an explainer in MS Pai… |
|
|
|
Post #AnHC5qGZstp1fmiUka by [email protected] |
|
0 likes, 0 repeats |
|
|
|
While investigating this one I've found 4 different peeps at 4 different or… |
|
|
|
Post #AnHCGfPIbEUjB8xR0C by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Especially since it's been exploited for over a month now... |
|
|
|
Post #AnHCUQ8o9f8nt0noDw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
btw that blog includes a banger detail I'm not sure is widely known yet - t… |
|
|
|
Post #AnHDv6FIKj93xG7ceG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I'm still not sure what this has to do with the Scottish Parli… |
|
|
|
Post #AnHE1jyBYMGKtVHmBE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I was kidding. Apols. |
|
|
|
Post #AnHEDISleG9z3h6JFo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
This is good coverage btw https://arstechnica.com/security/2024/10/fortinet-sta… |
|
|
|
Post #AnHFqxAcKjm2Ye5JXU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I've been keeping an eye on this situation and have been waiti… |
|
|
|
Post #AnHG0ec2BZoBtiXCDI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Uh-oh. Have we reached the "logo in ms paint" level of … |
|
|
|
Post #AnHJ7zYyzOpilUIWAa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog fortigate piling on ivanti is somehow like two mountain trolls bea… |
|
|
|
Post #AnHLPwCyOxczTqgiFU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
FortiNet just released FortiOS 7.0.13, which fixes the FortiManager zero day fo… |
|
|
|
Post #AnHLqzsQryEeg3z0CG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
So there's a record somewhere, as FortiNet aren't listing it for some r… |
|
|
|
Post #AnHM6eZtpHMVFlmPcO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog yeah that's the weird part... the right thing is obviously tra… |
|
|
|
Post #AnHMUaZWN8pHmL143k by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog the plot thickens |
|
|
|
Post #AnHN6sFP6TK7bPrWIS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog @pl either that or it’s extremely embarrassing. Another security… |
|
|
|
Post #AnHNvcXFHStRdmPBse by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog How can a public company do this shit? The SEC should be eating th… |
|
|
|
Post #AnHSDAuZ7kASznwI0O by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog fortunately for the only on-net customer who has unrestricted FGFM… |
|
|
|
Post #AnID9md3e19If7dPZA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog FortiOS 6.4 is end of support already (since 2024-09-30), and I’… |
|
|
|
Post #AnIG9WMaQ4Zy4sUriK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I'd say they are hell bent on destroying their trust and reput… |
|
|
|
Post #AnIUaLo9AgHAW94kaW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Thanks for the Blog article - i was wondering why the "xab&qu… |
|
|
|
Post #AnIn3748rKAoMvQCoq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
FortiNet have now gone public about FortiJump, aka CVE-2024-47575 https://forti… |
|
|
|
Post #AnInoXsSzXKD8NZuQy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
"Reports have shown this vulnerability to be exploited in the wild." |
|
|
|
Post #AnIsrYGYVFIcyk6AD2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog dumb question but also want to verify, why append xab to the port … |
|
|
|
Post #AnIv5POYTvAzQcZjnc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Kevin, you sure that FortiGate devices are able to register by def… |
|
|
|
Post #AnIvWIe7gL8CJdgD0C by [email protected] |
|
0 likes, 0 repeats |
|
|
|
FortiNet have updated the PSIRT entry to include IPs (there’s one additional)… |
|
|
|
Post #AnIvkJupl5qKJ7BKCG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
FortiJump explained in a GIF |
|
|
|
Post #AnIydXDoBjyzPWVrrk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
FortiJump activity in the wild dating back to August now, place your bets about… |
|
|
|
Post #AnJ0zMwlGqwdp44vdg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
#FortiJump has been added to CISA KEV list. https://mastodon.social/@cisakevtra… |
|
|
|
Post #AnJ1tYGMNv9x8T2GFU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@g0rb |
|
|
|
Post #AnJ4QtInNkMFquCRsW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Needs the crayon logo superimposed over the dog |
|
|
|
Post #AnJJ0dwtLDfI1BteZE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog People are still using those things?!? It's kind of a bummer t… |
|
|
|
Post #AnKDlfPjJ3sPbcNur2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
#FortiJump activity moves back to June 2024 https://www.bleepingcomputer.com/ne… |
|
|
|
Post #AnKTpsFN8OH1pbZHLE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Germany’s BSI advisory about #FortiJump contains a fifth IP address, more to … |
|
|
|
Post #AnKcGBdqRmGH954ZsG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Every time one of these lists pops up I am so relieved that none o… |
|
|
|
Post #AnKnIwwud2X1wTVmKG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Communications Protocol Guide for FGFM protocolhttps://fortinetweb.s3.amazonaws… |
|
|
|
Post #AnKqvTJD43O7Ad08f2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Looking this is in as it's both a funny article and provides a way to finge… |
|
|
|
Post #AnKtu2ch5zChyl7mDY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog You of all the folks, deserve a break (from "FortiJump" … |
|
|
|
Post #AnKxbiqYHjRpFP7upE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
FortiJumper attackers have unfortunately now fallen* off the internet |
|
|
|
Post #AnM5r0XxkgUTHLBv8K by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDogdo you have any MDR that you can recommend ? |
|
|
|
Post #AnMmtKS50oxdcanDEm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog And back to May now...https://x.com/foxit/status/18494867051511195… |
|
|
|
Post #AnMoN4A0FSD9jg55km by [email protected] |
|
0 likes, 0 repeats |
|
|
|
I think this got lost in the mix - the #FortiJump threat actress wasn’t just … |
|
|
|
Post #AnMyrn0P4vpF38sba4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Did the Fortinet customer emails a week ago mention any mitigation… |
|
|
|
Post #Anhl3AlnkDyqttk3v6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Don’t worry everybody, #FortiJump is back for Christmas… this time set in s… |
|
|
|
Post #AnhlKYpzVzrQT3zd7A by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog #FortiJump The gift that keeps on giving. 😂 |
|
|
|
Post #AnhlgJZewdLhV3j8Rk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Popcorn.gif https://cyberplace.social/@GossiTheDog/113307720748822638 |
|
|
|
Post #AnjvQJKTTWnpxsYGIq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Fortijump-higher |
|
|
|
Post #Ao2zt0TWkCSVhxxmng by [email protected] |
|
0 likes, 0 repeats |
|
|
|
FortiJump Higher details are out. Even with the patch installed, apparently you… |
|
|
|
Post #Ao30BXX8Zb3vRtUORs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I wonder if they're still using debian etch or if they ever re… |
|
|
|
Post #AvL5rLGQXx3LtHwW1Y by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog following up on this, 7.4 and 7.2 have patches available. still pe… |
|
|
|
Post #AvL5rtXz5BIcDaQ16u by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@ciphermonger @GossiTheDog i was told patch this week, and haven’t seen anyth… |
