1. The Fortinet bug has Zero-day’ed the world’s players: In October 2024, Fortinet warned about the vulnerability (CVSS 9.8/10) RCE, tracked as CVE-2024-47575, on its FortiManager platform, which is exploited by attackers to extract sensitive data such as IP addresses, credentials, and settings. No malware or background was found. This flaw, which is being exploited in the wild, has been linked to national actors, such as China-backed Volt Typhoon, who have used the same Fortinet vulnerability in cyber espionage.
2. Check Point flaw enabled Iranian hacks: In August, CISA issued a warning about a critical flaw (CVE-2024-24919) in the CheckPoint security gateway software. The vulnerability, which had a high CVSS score (8.6/10), allowed attackers such as Pioneer Kitten and Peach Sandstorm, Iranian hacking groups, to exploit information disclosure weaknesses in the company’s security solutions. Active exploits in the wild were reported, with attackers exploiting a flaw to access sensitive data from systems running VPNs and mobile access blades.
3. Ivanti Connect’s mistakes got Chinese abuse: In December 2023, researchers discovered chained zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, in Ivanti’s Connect Secure and Policy Secure gateways, which were exploited by Chinese government-sponsored actors. These flaws allowed unauthorized remote code execution, allowing attackers to steal configuration, modify files, and set up reverse tunnels from compromised VPN devices. Targeting key sectors such as healthcare and manufacturing, attackers have used advanced lateral movement and persistence techniques to access intellectual property and sensitive data. The campaign highlighted the vulnerability of unpatched enterprise software, with Ivanti moving to release mitigations while working on patches.
Source link