Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      Report: 71% of tech leaders won’t hire devs without AI skills

      July 17, 2025

      Slack’s AI search now works across an organization’s entire knowledge base

      July 17, 2025

      In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

      July 17, 2025

      Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

      July 16, 2025

      Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

      July 17, 2025

      AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

      July 17, 2025

      Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

      July 17, 2025

      Oblivion Remastered and Metal Gear Solid Delta co-developer Virtuos faces layoffs — with 270 workers cut

      July 17, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      The details of TC39’s last meeting

      July 17, 2025
      Recent

      The details of TC39’s last meeting

      July 17, 2025

      Notes Android App Using SQLite

      July 17, 2025

      How to Get Security Patches for Legacy Unsupported Node.js Versions

      July 17, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

      July 17, 2025
      Recent

      Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

      July 17, 2025

      AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

      July 17, 2025

      Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

      July 17, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Development»Australian Businesses at Risk as Threat Actors Exploit Fortinet Vulnerabilities

    Australian Businesses at Risk as Threat Actors Exploit Fortinet Vulnerabilities

    April 15, 2025

    Fortinet Vulnerabilities

    Australian organizations using Fortinet products are being urged to take immediate action following a new advisory highlighting the active exploitation of previously known vulnerabilities. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued this alert primarily for technical users within organizations across the private and public sectors.

    Fortinet has observed malicious actors exploiting older, unpatched vulnerabilities to gain and maintain unauthorized access to Fortinet devices. While patches were released previously, many compromised devices were either not updated in time or were attacked before security fixes were applied.

    What Happened?

    Fortinet’s latest findings reveal a threat actor is actively targeting three known vulnerabilities:

    • FG-IR-24-015: Out-of-bounds write vulnerability in sslvpnd.
    • FG-IR-23-097: Heap buffer overflow during SSL VPN pre-authentication.
    • FG-IR-22-398: Heap-based buffer overflow in sslvpnd.

    These issues affect the SSL VPN component in Fortinet’s FortiGate devices, which are commonly used by businesses for secure remote access.

    Although Fortinet previously released patches addressing these vulnerabilities, a new technique has been revealed where attackers can retain read-only access to devices even after the original security holes have been patched. This access is achieved by inserting a symbolic link that connects the user and root filesystems through a folder used for serving language files in the SSL VPN.

    The symbolic link avoids detection and allows the attacker to read potentially sensitive information such as device configurations.

    Importantly, devices without SSL VPN enabled are not affected.

    Who Is Affected?

    • Organizations that have not updated their Fortinet devices to the latest versions.
    • Devices that were compromised before patching may still be at risk due to remnants of the attacker’s access method.
    • This threat is not region or industry-specific, and all sectors are encouraged to assess their environments.

    How Was It Discovered?

    Fortinet’s investigation—supported by internal monitoring and collaboration with third-party organizations—uncovered this post-exploitation technique. The discovery triggered the company’s Product Security Incident Response Team (PSIRT) to develop countermeasures and notify impacted customers.

    This new approach by the attacker is a reminder that known vulnerabilities, especially when unpatched, remain an attractive target. Fortinet emphasized that state-sponsored and financially motivated threat actors continue to scan and exploit such vulnerabilities within days of their public disclosure.

    What Should You Do Now?

    The ASD’s ACSC strongly recommends the following:

    1. Upgrade all Fortinet devices immediately to one of the following secure versions:
      • FortiOS 7.6.2, 7.4.7, 7.2.11, 7.0.17, or 6.4.16
    2. Review all configurations on affected devices for signs of modification or compromise.
    3. Investigate your environment for any suspicious behaviour or anomalies in device logs.

    What Has Fortinet Done?

    To help customers secure their environments and prevent further abuse of these vulnerabilities, Fortinet has taken multiple steps:

    • Released updated AV/IPS signatures to detect and remove the symbolic link.
    • Enhanced FortiOS versions to:
      • Detect and remove the symbolic link during updates.
      • Prevent SSL VPNs from serving malicious files.
    • Provided direct communication and assistance to known impacted customers based on internal telemetry.

    These mitigations are automatically applied if customers have the AV/IPS engine enabled and licensed.

    Enhanced Security in New Releases

    Customers upgrading to the latest FortiOS versions will benefit from improved security features, such as:

    • Virtual patching for interim protection before applying formal patches.
    • Firmware integrity validation at the BIOS level.
    • Filesystem integrity monitoring through Integrity Measurement Architecture (IMA).
    • Automatic updates, allowing devices to receive critical patches without manual intervention.
    • Features like Uninterrupted Cluster Upgrade, Auto-restore configurations, and Scheduled patch upgrades for a smoother upgrade process.

    These enhancements are part of Fortinet’s broader commitment to cybersecurity best practices and responsible transparency.

    Why This Matters

    Fortinet’s alert emphasizes a vital principle in cybersecurity: patching alone is not enough if devices are compromised before the fix is applied. Attackers are becoming more advanced, using stealthy techniques like symbolic links to maintain access under the radar.

    The incident also highlights the shared responsibility in cybersecurity:

    • Vendors must deliver secure products, disclose vulnerabilities responsibly, and support customers with quick fixes.
    • Customers must apply patches promptly and maintain strong cyber hygiene to defend against known and emerging threats.

    With more than 40,000 vulnerabilities reported in 2024 alone (as per NIST data), managing security updates has become an essential routine for all IT environments.

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleLeonardo AI
    Next Article Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

    Related Posts

    Artificial Intelligence

    Scaling Up Reinforcement Learning for Traffic Smoothing: A 100-AV Highway Deployment

    July 17, 2025
    Defending against Prompt Injection with Structured Queries (StruQ) and Preference Optimization (SecAlign)
    Artificial Intelligence

    Defending against Prompt Injection with Structured Queries (StruQ) and Preference Optimization (SecAlign)

    July 17, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    CVE-2025-34025 – Versa Concerto Privilege Escalation and Container Escape Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    Google’s Veo 3: The Dawn of AI-Powered Hollywood-Level Moviemaking?

    Artificial Intelligence

    Ofcom investigates 4chan for not protecting users from illegal content

    Development

    CVE-2025-3460 – Quantenna Wi-Fi Command Injection Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    Highlights

    Development

    Millions of Node.js Apps at Risk Due to Critical Multer Vulnerabilities

    May 21, 2025

    Two high-severity security flaws have been identified in Multer, a popular middleware used in Node.js…

    Want to Customise GNOME Shell Notifications? Try This Extension

    July 11, 2025

    2025’s highest-rated Xbox game on Metacritic is coming to Game Pass in a matter of days — but you’ve never heard of it

    April 7, 2025

    CVE-2025-48740 – StrangeBee TheHive CSRF

    May 23, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.