Cybersecurity

FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation

29 sec read10 views0 listens

A sophisticated Russian credential-harvesting campaign called FortiBleed has compromised over 430,000 FortiGate firewalls globally, extracting 110 million credentials through a five-phase operation still targeting 19,000 devices. The attack abuses legitimate firmware diagnostics to passively intercept authentication traffic without deploying malware, enabling ransomware attacks and breaching a NATO-aligned defense contractor. Organizations face imminent risk and should immediately rotate all credentials, enforce multifactor authentication, and remove firewall management interfaces from internet exposure.

Read the full article at Security Affairs

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

Global cybersecurity agencies warn of credential exposure in FortiBleed campaign targeting Fortinet firewalls, VPN gateways

Threat actors are exploiting weak credentials to gain unauthorized access to Fortinet firewalls and VPN gateways through a campaign known as FortiBleed. This highlights a critical cybersecurity gap where credential reuse and poor password hygiene are...

Ali Nemati

Cybersecurity1 day ago26 sec read

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 102

The latest Security Affairs Malware Newsletter rounds up significant cybersecurity threats, including a supply chain attack on OptinMonster, a China-nexus actor targeting medical research, and new Android and Windows malware. It also details advanced...

Ali Nemati

Cybersecurity6 days ago29 sec read

ClickFix Campaign Uses EtherHiding and GULoader to Infect Windows Users via Fake CAPTCHA

A sophisticated cyberattack campaign is targeting desktop Windows users by deploying fake CAPTCHA overlays on compromised WordPress sites to deliver GULoader malware. This threat leverages blockchain-based payload delivery and social engineering to b...

Ali Nemati

Cybersecurity6 days ago1m & 1 s read

Ghostwriter Hackers Abuse Gmail Admin-Themed Emails to Steal Credentials and 2FA Codes

Ghostwriter Hackers Abuse Gmail Admin-Themed Emails to Steal Credentials and 2FA Codes A sophisticated cyber threat group known as Ghostwriter has been leveraging phishing tactics that mimic official Google alerts to deceive users into divulging thei...

Ali Nemati

CybersecurityJun 1527 sec read

Google exposes China espionage group that's been lurking in networks undetected since 2023

Google's Threat Intelligence Group uncovered a new Chinese state-sponsored espionage group, UNC6508, which has been operating since September 2023 and targeting U.S. and Canadian organizations across various sectors to steal sensitive data. This disc...

Ali Nemati

FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation

Related Articles

Global cybersecurity agencies warn of credential exposure in FortiBleed campaign targeting Fortinet firewalls, VPN gateways

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 102

ClickFix Campaign Uses EtherHiding and GULoader to Infect Windows Users via Fake CAPTCHA

Ghostwriter Hackers Abuse Gmail Admin-Themed Emails to Steal Credentials and 2FA Codes

Google exposes China espionage group that's been lurking in networks undetected since 2023