Rewterz Threat Advisory – Multiple Palo Alto Security Vulnerabilities
July 15, 2021Rewterz Threat Alert – Emotet – Active IOCs
July 15, 2021Rewterz Threat Advisory – Multiple Palo Alto Security Vulnerabilities
July 15, 2021Rewterz Threat Alert – Emotet – Active IOCs
July 15, 2021Severity
High
Analysis Summary
Mass scanning activity detected targeting Fortinet VPN servers in attacks targeting commercial, government, and technology services networks. The targeted bugs include CVE-2018-13379 vulnerable to unauthenticated arbitrary file read leading to disclosure of usernames and passwords in plaintext.
CVE–2018–13379
This is a path traversal vulnerability in the FortiOS SSL VPN web portal that could potentially allow an unauthenticated attacker to download files through specially crafted HTTP resource requests.
Impact
- Credential theft
- Information disclosure
Indicators of Compromise
IP
- 193.242.145.16
Affected Vendors
- Fortinet
Affected Product
- Fortinet VPN Servers
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Keep your devices/ software updated to the latest patches.
- Enable multi-factor authentication where possible.
- Audit user accounts with administrative privileges and configures access controls with the least privilege in mind.
- Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts.