Bleeping Computer

Chinese hackers exploit Fortinet VPN zero-day to steal credentials

Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client that steal credentials. The zero-day ...
Threat Post

Thousands of Fortinet VPN Account Credentials Leaked

They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit. UPDATE: Subsequent reporting and disclosures ...
ZDNet

Attacker releases credentials for 87,000 FortiGate SSL VPN devices

Fortinet has warned that 87,000 sets of credentials for FortiGate SSL VPN devices have been published online. The California-based cybersecurity firm said on Wednesday that it is aware of the ...
Bleeping Computer

Fortinet VPN design flaw hides successful brute-force attacks

A design flaw in the Fortinet VPN server's logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of ...