Digital tablet and coffee cup on newspapers
FBI and CISA urge all Fortinet users to immediately patch their devices
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have shared details about threat attackers having breached the webserver of a US municipal government after exploiting vulnerabilities in the Fortinet VPN appliances.
The two agencies had previously warned Advanced Persistent Threat (APT) groups were likely exploiting several critical vulnerabilities in the Fortinet appliances. They specifically identified three vulnerabilities tracked as CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591, urging users to patch them without delay.
"As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserve...