GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    screaminggoat (screaminggoat@infosec.exchange)'s status on Tuesday, 14-Jan-2025 23:29:11 JST screaminggoat screaminggoat
    • BrianKrebs
    • Kevin Beaumont
    • cR0w :cascadia:
    • Will Dormann

    Happy #ZeroDay from your friends at Fortinet: Authentication bypass in Node.js websocket module
    CVE-2024-55591 (CVSSv3.1: 9.8 critical) An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

    Please note that reports show this is being exploited in the wild.

    Indicators of compromise include possible log entries, IP addresses used, and admin accounts created. cc: @GossiTheDog @wdormann @cR0w @briankrebs

    #zeroday #patchtuesday #fortinet #vulnerability #CVE_2024_55591 #infosec #ioc #threatintel #infosec #cybersecurity #

    In conversation about 4 months ago from infosec.exchange permalink
    • Kevin Beaumont repeated this.
    • Embed this notice
      MemoryLeech (cyberleech@cyberplace.social)'s status on Tuesday, 14-Jan-2025 23:32:43 JST MemoryLeech MemoryLeech
      in reply to
      • BrianKrebs
      • Kevin Beaumont
      • cR0w :cascadia:
      • Will Dormann

      @screaminggoat @GossiTheDog @wdormann @cR0w @briankrebs

      Took em long enough to put this out.

      In conversation about 4 months ago permalink
    • Embed this notice
      MemoryLeech (cyberleech@cyberplace.social)'s status on Tuesday, 14-Jan-2025 23:43:58 JST MemoryLeech MemoryLeech
      • BrianKrebs
      • Kevin Beaumont
      • cR0w :cascadia:
      • Will Dormann

      @GossiTheDog @screaminggoat @wdormann @cR0w @briankrebs

      I'm likely thinking of something else but those sample logs are familiar to some that were seen last week.

      In conversation about 4 months ago permalink
    • Embed this notice
      screaminggoat (screaminggoat@infosec.exchange)'s status on Wednesday, 15-Jan-2025 00:05:38 JST screaminggoat screaminggoat
      in reply to
      • Kevin Beaumont
      • MemoryLeech

      @CyberLeech @GossiTheDog if you're referring to the URL you mentioned the other day, it's available and does not explicitly mention exploitation 🤔 https://www.fortiguard.com/psirt/FG-IR-24-266

      In conversation about 4 months ago permalink

      Attachments


    • Embed this notice
      screaminggoat (screaminggoat@infosec.exchange)'s status on Wednesday, 15-Jan-2025 23:20:52 JST screaminggoat screaminggoat
      in reply to
      • Kevin Beaumont

      Note that Fortinet's security advisory has Indicators of Compromise, of which 3 out of 5 IP addresses overlap with Arctic Wolf reporting from 10 January 2025: Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls.

      While its use in a ransomware campaign hasn't been confirmed by Arctic Wolf, @GossiTheDog notes exploitation by a ransomware operator:

      they have a copy of an exploit and are using it for initial access and handing off for lateral movement.

      #CVE_2024_55591 #threatintel #ioc #fortinet #FortiProxy #fortios #zeroday #vulnerability #infosec #cybersecurity #cybersecurity #eitw #activeexploitation #cisakev #kev #cti #cyberthreatintelligence #infosec

      In conversation about 4 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.