1. Fortinet flaw Zero-day’ed by nation state actors: In October 2024, Fortinet warned a few essential (CVSS 9.8/10) RCE vulnerability, tracked as CVE-2024-47575, in its FortiManager platform, actively exploited by attackers to exfiltrate delicate information like IP addresses, credentials, and configurations. No malware or backdoors have been discovered. This flaw, exploited within the wild, has been linked to nation-state actors, similar to China-backed Volt Storm, who’ve used comparable Fortinet vulnerabilities for cyber espionage.
2. Verify Level bug enabled Iranian hacks: In August, CISA issued a warning a few essential flaw (CVE-2024-24919) in CheckPoint’s security gateway software program. The vulnerability, which had a excessive CVSS rating (8.6/10), allowed attackers like Pioneer Kitten and Peach Sandstorm, Iranian hacker teams, to use data disclosure weaknesses within the firm’s security options. Lively exploitation within the wild was reported, with attackers leveraging the flaw to entry delicate information from techniques utilizing VPN and cell entry blades.
3. Ivanti Join flaws discovered Chinese language abuse: In December 2023, researchers uncovered two chained zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, in Ivanti’s Join Safe and Coverage Safe gateways, exploited by Chinese language state-sponsored actors. These flaws allowed unauthenticated distant code execution, enabling attackers to steal configurations, alter information, and arrange reverse tunnels from compromised VPN home equipment. Focusing on essential sectors like healthcare and manufacturing, the attackers leveraged superior lateral motion and persistence methods to entry mental property and delicate information. The marketing campaign highlighted the dangers of unpatched enterprise software program, with Ivanti scrambling to launch mitigations whereas engaged on patches.
