1. Fortinet flaw Zero-day’ed by nation state actors: In October 2024, Fortinet warned a couple of crucial (CVSS 9.8/10) RCE vulnerability, tracked as CVE-2024-47575, in its FortiManager platform, actively exploited by attackers to exfiltrate delicate information like IP addresses, credentials, and configurations. No malware or backdoors had been discovered. This flaw, exploited within the wild, has been linked to nation-state actors, reminiscent of China-backed Volt Hurricane, who’ve used related Fortinet vulnerabilities for cyber espionage.
2. Test Level bug enabled Iranian hacks: In August, CISA issued a warning a couple of crucial flaw (CVE-2024-24919) in CheckPoint’s safety gateway software program. The vulnerability, which had a excessive CVSS rating (8.6/10), allowed attackers like Pioneer Kitten and Peach Sandstorm, Iranian hacker teams, to take advantage of info disclosure weaknesses within the firm’s safety options. Energetic exploitation within the wild was reported, with attackers leveraging the flaw to entry delicate information from techniques utilizing VPN and cellular entry blades.
3. Ivanti Join flaws discovered Chinese language abuse: In December 2023, researchers uncovered two chained zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, in Ivanti’s Join Safe and Coverage Safe gateways, exploited by Chinese language state-sponsored actors. These flaws allowed unauthenticated distant code execution, enabling attackers to steal configurations, alter recordsdata, and arrange reverse tunnels from compromised VPN home equipment. Concentrating on crucial sectors like healthcare and manufacturing, the attackers leveraged superior lateral motion and persistence methods to entry mental property and delicate information. The marketing campaign highlighted the dangers of unpatched enterprise software program, with Ivanti scrambling to launch mitigations whereas engaged on patches.
