Fortinet Identifies Malicious Changes in Current Firewalls
TL;DR
Fortinet confirmed the occurrence of malicious changes in the configurations of its FortiGate devices, affecting supposedly updated devices.
Fortinet Identifies Malicious Activities in Firewalls
Fortinet confirmed the occurrence of malicious changes in the configurations of its FortiGate devices. This vulnerability especially affects devices that are theoretically up to date and have patches applied.
Who, What, Where, When, and How
The cybersecurity company Fortinet, specialized in firewall solutions, announced that cyber threats are exploiting their networks to perform automated intrusions. The changes in the firewall configurations were detected in September 2023, and the attackers are using sophisticated methods to obtain configuration files from the firewall.
How the Exploitation Works
Attackers employ automation techniques to infect FortiGate firewalls. This allows them to modify configurations without leaving traces, compromising the security of the networks that rely on these tools.
Implications for Users and Businesses
The change in firewall configurations can result in sensitive data exposure and compromise the entire IT infrastructure. Fortinet recommends that network administrators review their security policies and stay alert for any suspicious activity.
Fortinet's Recommendations
The company suggests that users and system administrators consistently apply security updates, as well as regularly review their firewall configurations. This practice can mitigate risks of intrusion and maintain the integrity of the networks.
The Future of Firewall Security
With the increasing sophistication of cyber attacks, Fortinet emphasizes the need for investment in proactive security technologies. The company is evaluating new solutions to strengthen the protection of its platforms and reverse the compromised configurations.
Content selected and edited with AI assistance. Original sources referenced above.


