New wave of attacks targets FortiGate configurations.

Automated attacks are hitting FortiGate firewalls, creating accounts, altering VPN settings, and exporting configurations in a campaign that mirrors activity seen in December. Arctic Wolf links the intrusions to previously patched authentication bypass flaws that allowed attackers to evade FortiCloud SSO using crafted SAML responses. The new activity involves rapid, automated logins from a few hosting providers, often abusing the [email protected] account. Researchers say it’s unclear whether earlier patches fully resolved the issue, and users are urged to disable FortiCloud SSO logins to reduce exposure.

Read more:

https://www.securityweek.com/new-wave-of-attacks-targeting-fortigate-firewalls/