It sounds like the security of Fortinet and Zoho could use a stronger fortification! According to the Cybersecurity and Infrastructure Security Agency (CISA), these systems have become playgrounds for nation-state actors looking for security loopholes to exploit. In simpler terms, these tech actors are climbing through the digital windows and leaving their shoes on the carpet.
In cyber language, your system’s weakest link is comparable to your grandpa trying to send a text message for the first time. It’s vulnerable and hackers, like naughty neighborhood kids, love to take advantage of it. In this scenario, several nation-state actors have exploited these weak points in Fortinet’s FortiOS SSL-VPN and Zoho’s ManageEngine ServiceDesk Plus, gaining unauthorized access and establishing persistence on compromised systems.
Think of CVE-2022-47966 as a master key made out of ones and zeros. This ‘digital skeleton key’ is what theAdvanced Persistent Threat (APT) actors used to gain unauthorized access. This basically means they’re sticking around longer than your chatty aunt after a family gathering, and just as hard to get rid of!
Pulling it all together, the Cybersecurity and Infrastructure Security Agency (CISA) has waved the red flag on Fortinet and Zoho’s systems. A combination of weak security points and the exploitation of CVE-2022-47966 have allowed multiple nation-state actors to gain improper access and maintain a persistent presence on these systems. So, it appears it’s not just your dad who stays too long at the party — nation-state actors do it too, but on a whole different level!
Original Article: https://thehackernews.com/2023/09/cisa-warning-nation-state-hackers.html
No products in the cart.