FISA

  Fortinet on Wednesday   said   it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is   CVE-2020-12812   (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS that could allow a user to log in successfully without being prompted for the second factor of authentication if the case of the username was changed. This happens when two-factor authentication is enabled in the 'user local' setting, and that user authentication type is set to a remote authentication method (eg, LDAP),Fortinet   noted   in July 2020. The issue exists because of inconsistent case-sensitive matching among the local and remote authentication. The vulnerability has since come under   active exploitation   in the   wild   by   multiple threat actors , with the U.S. government also listing it as   one of the many weaknesses ...

  WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process that could allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer," the company said in a Thursday advisory. If the Firebox was previously configured with the mobile user VPN with IKEv2 or a branch office VPN using IKEv2 to a dynamic gateway peer, and both of those configurations have since been deleted, that Firebox may still be vulnerable if a branch office VPN to a static gateway peer is still configured. The vulnerability impacts the following versions of Fireware OS: 2025.1 - Fixed in 2025.1.4 12.x - Fixed in 12.11.6 12.5.x (T15 & T35 models)...

  A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code, and commit click and ad fraud.The extensions have been collectively downloaded over 50,000 times, according to Koi Security, which discovered the campaign. The add-ons are no longer available. These browser programs were advertised as VPNs, screenshot utilities, ad blockers, and unofficial versions of Google Translate. The oldest add-on, Dark Mode, was published on October 25, 2024, offering the ability to enable a dark theme for all websites. The full list of the browser add-ons : Free VPN,  Screenshot                                                                              ...

  Recent data  shows third-party and supply chain breaches — including software supply chain attacks — now cost an average of $4.91 million per incident, and take 267 days to resolve. This isn’t surprising, considering how vendor usage has evolved over the last several years. Many businesses manage sprawling networks of suppliers, each with their own technology partners, security protocols and potential vulnerabilities. A weakness in any part of this extended armor can expose an entire organization to devastating breaches.  But there are actionable steps organizations can take to regain visibility over their supplier ecosystems and proactively manage related cyber risk.   Overall, supply chain and procurement professionals should implement rigorous vetting criteria for supplier partners, in order to maintain oversight of what systems and software connect to their network.  The first step is to ensure suppliers follow established cybersecurity standards, includin...

  The hyperconnected world has made it easier than ever for businesses and consumers to exchange documents, approve transactions, and complete critical financial workflows with just a click. Digital file sharing and electronic signature platforms used widely across banking, real estate, insurance, and everyday business operations, have become essential to how modern organizations move at speed. But that same convenience creates an opening for cyber criminals. Email security researchers at Check Point have recently uncovered a phishing campaign where attackers impersonate file-sharing and e-signature services to deliver finance-themed lures that look like legitimate notifications. In this incident, attackers sent over  40,000 phishing emails  targeting roughly  6,100 customers  over the past two weeks. All malicious links were funneled through https://url.za.m.mimecastprotect.com, increasing trust by mimicking familiar redirect flows. The hyperconnected world has...

  A cyber threat group affiliated with Hamas has been conducting espionage across the Middle East. " Wirte " — tracked by Palo Alto's Unit 42 as "Ashen Lepus" — has been spying on regional government bodies and diplomatic entities since 2018. Lately, it's been expanding its interests into countries less directly associated with the Israel-Palestine conflict, like Oman and Morocco. And to match its broadening scope, Wirte has invented a new malware suite with a variety of features useful for evading cybersecurity programs. "When the group first started they used very simple tools — it didn't seem like the people behind the group had a lot of technical know-how," say Unit 42 researchers, who requested anonymity for this article. "However, over the years we've seen this group evolve their tools and techniques; we're now observing an evolution and enhancement in their capabilities." Hamas's New Malware & TTPs T...

  Artificial intelligence (AI) agents are a breeze to create using Microsoft Copilot Studio, and almost just as easy to manipulate into divulging sensitive corporate data. Despite broad security concerns about AI agents, last year, Microsoft decided to allow even totally nontechnical users to deploy their own autonomous bots. You don't need to know how to code at all now — using a simple graphical interface, employees can spin up robots that automate business processes, integrate with other business platforms, and can perform customer-facing functions. There's a certain lack of shock factor, then, in a new Tenable report detailing just how insecure these agents can be. In a simple experiment, researchers created a basic agent, and then very easily demonstrated how it could be coaxed into spilling private data and granting attackers other silly powers. "These tools can naively become a massive risk due to their level of access, ability to perform actions, a...