Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day – BleepingComputer

npressfetimg-668.png

Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets.

The security flaw (CVE-2022-42475) abused in these incidents is a heap-based buffer overflow weakness found in the FortiOS SSLVPNd that allowed unauthenticated attackers to crash targeted devices remotely or gain remote code execution.

The network security company urged customers in mid-December to patch their appliances against ongoing attacks exploiting this vulnerability after quietly fixing the bug on November 28 in FortiOS 7.2.3 (and without releasing information that it was a zero-day).

Customers were privately alerted of this issue on December 7 via a TLP:Amber advisory. More information was released publicly on December 12, including a warning that the bug was being actively exploited in attacks.

“Fortinet is aware of an instance where this vulnerability was exploited in the wild,” the company said at the time, recommending admins to immediately check their systems against a list of indicators of compromise shared in this advisory.

This Wednesday, Fortinet published a follow-up report revealing that attackers were using CVE-2022-42475 exploits to compromise FortiOS SSL-VPN appliances to deploy malware deployed as a trojanized version of the IPS Engine.

Zero-day used to target government networks

The company said the threat actor’s attacks were highly targeted, with evidence found during analysis showing a focus on government networks.

“The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets,” Fortinet said.

“The discovered Windows sample attributed to the attacker displayed artifacts of having been compiled on a machine in the UTC+8 timezone, which includes Australia, China, Russia, Singapore, and other Eastern Asian countries.”

The attackers were heavily focused on maintaining persistence and evading detection by using the vulnerability to install malware that patches FortiOS logging processes so that specific log entries could be removed, or to even kill the logging processes if necessary.

Additional payloads downloaded on compromised appliances revealed that the malware also broke the compromised devices’ Intrusion Prevention System (IPS) functionality designed to detect threats by constantly monitoring network traffic to block security violation attempts.

“The malware patches the logging processes of FortiOS to manipulate logs to evade detection,” Fortinet said.

“The malware can manipulate log files. It searches for elog files, which are logs of events in FortiOS. After decompressing them in memory, it searches for a string the attacker specifies, deletes it, and reconstructs the logs.”

Fortinet warned that further malicious payloads were downloaded from a remote site during attacks but could not be retrieved for analysis.

The company concluded that the threat actor behind last month’s CVE-2022-42475 exploitation shows “advanced capabilities,” including the ability to reverse-engineer parts of the FortiOS operating system.

It also advised customers to immediately upgrade to a patched version of FortiOS to block attack attempts and reach out to Fortinet support if they find indicators of compromise linked to the December attacks.

Source: https://news.google.com/__i/rss/rd/articles/CBMicWh0dHBzOi8vd3d3LmJsZWVwaW5nY29tcHV0ZXIuY29tL25ld3Mvc2VjdXJpdHkvZm9ydGluZXQtZ292dC1uZXR3b3Jrcy10YXJnZXRlZC13aXRoLW5vdy1wYXRjaGVkLXNzbC12cG4temVyby1kYXkv0gF1aHR0cHM6Ly93d3cuYmxlZXBpbmdjb21wdXRlci5jb20vbmV3cy9zZWN1cml0eS9mb3J0aW5ldC1nb3Z0LW5ldHdvcmtzLXRhcmdldGVkLXdpdGgtbm93LXBhdGNoZWQtc3NsLXZwbi16ZXJvLWRheS9hbXAv?oc=5

VPN

npressfetimg-1255.png
VPN

What is a VPN? Can it really protect my online privacy and security? – Fox News

Privacy has never been in such short supply.  There’s one technology I’ve found essential to fighting back against big tech’s prying and spying routine.   A VPN, or virtual private network, can be a very good idea for you to secure your internet connection, and it can be an effective way for you to protect your online privacy and security.

CLICK TO G…….

Read More
npressfetimg-1182.png
VPN

How to Pick a VPN for Torrenting – How-To Geek

Favebrush/Shutterstock.com

When you pick a VPN for torrenting, you need to look out for a few key security features, like a kill switch and transparent no-log policy. Also, avoid United States-based VPN providers and servers.

If you’re going to torrent, you’re going to need a VPN to protect yourself while doing so. How do you pick a good VPN for torrenting, though, is there something …….

Read More
npressfetimg-1109.png
VPN

The best Thailand VPN in 2023 – TechRadar

Thailand isn’t just beautiful beaches, breath-taking jungles, playful monkeys and yummy Pad Thai. Something that tourists often forget is that authorities are infamous for their strong grip on the internet. That’s where the best Thailand VPN apps can come handy.

Following the 2006 military coup d’état, online censorship and surveillance have been growing year by year. Now beyond solely …….

Read More