For individuals

While 427,000 Fortinet devices running on FortiOS, FortiProxy, FortiSwitchManager, and FortiPAM iterations impacted by the critical CVE-2024-23113 flaw, another 62,000 FortiManager instances remain susceptible to attacks leveraging the CVE-2024-47575 bug, also known as FortiJump.

All impacted IT systems and external connections have already been taken down as part of "necessary and far-reaching protective measures" following the detection of the intrusion last week, said AEP.

Aside from taking down all phone and fax services, the attack has also disrupted the court's e-filing platform, websites with juror reporting instructions, and credit card payment processing system.

Investigation into the incident is still ongoing, according to a HACLA spokesperson, who emphasized the continued operations of the major U.S. public housing authority.

Initial access to the targeted SharePoint server through the flaw was leveraged to breach a Microsoft Exchange service account with elevated privileges, deploy the Huorong Antivirus, and install Impacket, resulting in the deactivation of legitimate antivirus systems and lateral movement.

Other Linux-based network devices may have also been targeted by Pygmy Goat, as indicated by its utilization of a fake Fortinet certificate, a pair of remote shells, and several communication wake-up techniques.

Attacks by Interlock involved infiltration of targeted corporate networks and data exfiltration before proceeding with lateral movement, file encryption, and double-extortion activities.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

The true measure of our cybersecurity prowess lies in our capacity to endure.

Megjelent a SANS és a Nemzetbiztonsági Szakszolgálat Nemzeti Kibervédelmi Intézet közös kiadványának 2024. novemberi száma, melyben azzal foglalkozunk, hogyan védhetjük meg a csalóktól online pénzügyi fiókjainkat.