The UK’s Nationwide Cyber Safety Centre (NCSC) has published a new advisory warning that cybercriminals as well as Advanced Persistent Threat (APT) actors are actively searching for unpatched VPN servers and trying to exploit the CVE-2018-13379 susceptibility.
According to NCSC, a significant number of organizations in the UK have not fixed a Fortinet VPN vulnerability found in May 2019, resulting in the credentials of 50,000 vulnerable VPNs being stolen and revealed on a hacker forum. As such, the NCSC recommended organizations that are using such devices to assume they are now compromised and to start incident management procedures, where security updates have not been downloaded.
“The NCSC is advising organizations which are using Fortinet VPN devices where security updates have not been installed, to assume they are now compromised and to begin incident management procedures. Users of all Fortinet VPN devices should check whether the 2019 updates have been installed. If not, the NCSC recommends that as soon as possible, the affected device should be removed from service, returned to a factory default, reconfigured, and then returned to service,” NCSC stated.
Safety tips for users & organizations
The first step is to check whether the 2019 update is installed on all Fortinet VPN devices or not. If not, the NCSC recommends installing it as soon as possible. Secondly, the corrupt devices should be removed from service, returned to a factory default, reconfigured, and then restored to service.
While fixing the security loophole, organizations should examine all connected hosts and networks to detect any further attacker movement and activities. Anomalous connections in access logs for the SSL VPN service may also indicate the use ..
Support the originator by clicking the read the rest link below.
