< ciso
brief />
Tag Banner

All news with #fortinet tag

220 articles · page 5 of 11

Fortinet, Parsec and Westermo Secure OT Connectivity

📡 Fortinet announced Alliance Partnerships with Parsec Technologies and Westermo to deliver ruggedized, rapidly deployable secure connectivity for mobile and fixed cyber-physical systems. The Parsec Emergency Connectivity Kit (ECK) packages preconfigured Fortinet devices with rugged enclosures and high-gain antennas for quick field deployment, available as Bloodhound (mobility) and Pitbull (resilience) models. Westermo integration brings WeOS switches and cellular routers into the Fortinet Security Fabric via IPsec, while FortiAuthenticator and FortiPAM extend identity and privileged access controls for industrial sites.
read more →

AI-assisted attacker compromises 600+ FortiGate firewalls

🛡️ AWS security researchers report a Russian-speaking attacker compromised more than 600 FortiGate firewalls between January 11 and February 18, 2026, by exploiting weak or default passwords rather than product vulnerabilities. The actor used a Google Gemini-based AI tool to pivot to additional hosts and deployed reconnaissance tools written in Go and Python. Analysts found clear signs of AI-assisted code generation. Experts urge strong passwords and enabling MFA.
read more →

Fortinet Achieves IEC 62443-4-1 ML2 Certification for SPDL

🛡️Fortinet has achieved IEC 62443-4-1 Maturity Level 2 (ML2) certification for its Secure Product Development Lifecycle (SPDL). This independent certification verifies that Fortinet’s secure development processes are formalized, documented, repeatable, and consistently applied across design, development, verification, validation, release, and maintenance of its security products. SPDL embeds threat modeling, secure-by-design engineering, automated and manual testing, supply chain integrity controls, and a transparent FortiGuard Labs PSIRT vulnerability disclosure process to improve product integrity for IT, OT, and critical infrastructure customers.
read more →

Russian Actor Uses AI to Exploit Weak Fortinet Firewalls

🤖 Amazon Threat Intelligence says a Russian-speaking actor used commercial generative AI services to compromise hundreds of FortiGate firewalls by exploiting exposed management interfaces and weak, single-factor credentials. Between Jan. 11 and Feb. 18 the group breached over 600 devices across 55+ countries, then accessed Active Directory, extracted credential databases, and targeted backups. Amazon recommends fundamental controls — restrict management access, enforce MFA, patch perimeter devices, improve segmentation, and enhance detection — noting the attacker’s toolkit and operational plans were largely AI-generated and publicly left on infrastructure used in the campaign.
read more →

Russian-speaking Actor Uses GenAI to Compromise FortiGate

🔍 Amazon Web Services reported a low-skilled, Russian-speaking actor used commercial GenAI services to run an opportunistic campaign that compromised over 600 FortiGate devices across more than 55 countries between 11 January and 18 February 2026. The attacker scanned internet-exposed management interfaces, attempted commonly reused credentials and relied on AI-assisted scripts to parse stolen configurations and automate VPN access. AWS noted no exploitation of FortiGate vulnerabilities and that AWS infrastructure was not involved. Defenders are urged to prioritize patching, credential hygiene and post-exploitation detection.
read more →

AI-Assisted Actor Uses Generative AI to Compromise FortiGate

🔐 A Russian-speaking, financially motivated actor used commercial generative AI to scale scans and credential guessing against exposed FortiGate management ports, compromising over 600 devices across 55 countries. Amazon Threat Intelligence observed the activity between January 11 and February 18, 2026, noting no FortiGate zero-day exploits were used — the campaign relied on internet-exposed interfaces and weak single-factor credentials. Post-compromise activity included Active Directory theft, credential harvesting, NTLM relay and attempts to target Veeam backup servers, consistent with ransomware preparation.
read more →

Amazon: AI-assisted actor breached 600 FortiGate firewalls

🔍 Amazon says a Russian-speaking threat actor used commercial AI services to help breach over 600 FortiGate firewalls across 55 countries during a five-week campaign in early 2026. The attacker did not rely on zero-day exploits but instead scanned internet-facing management ports and used brute-force attempts against weak credentials lacking MFA. After gaining access, the actor extracted device configurations (including SSL‑VPN and administrative credentials) and deployed AI-assisted Python and Go tools to parse settings, map networks, and automate reconnaissance. Amazon urges administrators to remove exposed management interfaces, enable MFA, ensure VPN passwords differ from Active Directory credentials, and harden backup systems.
read more →

AI-Augmented Actor Compromises FortiGate Devices at Scale

🔐 Amazon Threat Intelligence observed a Russian-speaking, financially motivated actor using commercial generative AI to compromise over 600 FortiGate devices across 55+ countries from 2026-01-11 to 2026-02-18. The campaign did not exploit FortiGate vulnerabilities; it abused exposed management ports and weak single-factor credentials. The actor used AI-generated plans, scripts, and developer assistance to scale credential-based access and automate post-exploitation tasks.
read more →

Bridging the Cyber Skills Divide Through Local Partnerships

🔒 Fortinet’s Education Outreach Program partners with local organizations to expand access to cybersecurity training and industry-recognized certifications. By offering free NSE curriculum and hands-on labs, the program removes cost and access barriers for learners in underserved regions. Partnerships with EduTek in Guatemala and PAICTA in South Africa demonstrate measurable outcomes: participants gain practical skills in firewall management and network security operations, and many progress into employment and improved professional standing.
read more →

Massive Winos (ValleyRat) Phishing Campaigns Target Taiwan

⚠️FortiGuard Labs observed targeted phishing campaigns in Taiwan delivering Winos 4.0 (ValleyRat) and modular plugins via weaponized attachments and cloud-hosted links. Lures impersonate tax audits, e-invoice portals, and installer packages to trick recipients. Attackers employ rotating domains, malicious LNK files, DLL sideloading, and BYOVD using the vulnerable driver wsftprm.sys to gain kernel privileges and evade defenses. Fortinet detections include W64/Agent.ATW!tr and multiple email and gateway protections.
read more →

INTERPOL's Operation Red Card 2.0: Coordinated Disruption

🚨 Operation Red Card 2.0 demonstrates how synchronized public‑ and private‑sector action can disrupt transnational fraud. Between December 2025 and January 2026, authorities across 16 African countries used shared intelligence and operational coordination to identify victims, arrest operators, seize devices, and dismantle malicious infrastructure. Fortinet supported the effort through data contributions and the Cybercrime Atlas, helping turn intelligence into enforcement outcomes.
read more →

A Decade of NSE 8: Why Expert Validation Still Matters

🔒 Fortinet marks the 10-year anniversary of NSE 8, its most rigorous certification that validates expert-level ability to architect, implement, and troubleshoot complex security environments. Unlike memorization-based tests, NSE 8 requires hands-on, real-world problem solving under pressure and synthesis across networking and security domains. The credential signals operational judgment and helps close critical gaps in organizational capability.
read more →

Why Certification Is a Strategic Control for CISOs

🔒 Certification has shifted from a compliance checkbox to a practical control CISOs use to demonstrate how security is designed, governed, and sustained. Fortinet frames credible certification programs as evidence that processes such as vulnerability handling, lifecycle management, and secure development are enforced and repeatable, not ad hoc. The company highlights more than 130 active certifications and its recent IEC 62443-4-1 Maturity Level 2 achievement, and points stakeholders to the Fortinet Trust Portal for transparent, verifiable documentation.
read more →

Phishing Campaign Uses Old Office Flaw to Deploy XWorm

🔒 Fortinet researchers disclosed a phishing campaign that chains a legacy Microsoft Office vulnerability (CVE-2018-0802) with fileless execution to deliver the commercially available XWorm RAT. The attack begins with business-themed lures and a malicious Excel add-in, then pivots into HTA and PowerShell stages to keep most activity off disk. A memory-resident .NET stage is hollowed into msbuild.exe, and XWorm communicates with AES-encrypted C2 while supporting modular plugins that enable credential theft, data exfiltration, and other operator actions.
read more →

AI in Cybersecurity: Skills Gap Shapes Risk and Response

🤖 AI is now central to cybersecurity strategies, accelerating detection and automation while also enabling more sophisticated attacks. The 2025 Global Cybersecurity Skills Gap report finds 97% of organizations use or plan to use AI, but 48% cite lack of AI expertise as their biggest implementation challenge. Organizations must pair AI tooling with human oversight, training, and validation to avoid misconfiguration and false confidence. Fortinet highlights training and certifications to help close the gap.
read more →

Deep Dive: XWorm Phishing Campaign Exploits Excel Files

🔍 FortiGuard Labs observed a phishing campaign delivering a new XWorm RAT variant via malicious Excel attachments that exploit CVE-2018-0802 to execute embedded shellcode. The chain uses an obfuscated HTA and PowerShell to load a fileless .NET module, which downloads a PE in memory and uses process hollowing into Msbuild.exe to run XWorm. The RAT establishes AES-encrypted C2, supports extensive commands and plugins, and enables data theft, remote control, DDoS, and ransomware operations. Fortinet protections including FortiMail, AV, IPS, and Web Filtering are effective against observed indicators.
read more →

Fortinet Patches Critical SQL Injection in FortiClientEMS

⚠️ Fortinet has issued updates to remediate a critical SQL injection vulnerability (CVE-2026-21643) in FortiClientEMS that could allow unauthenticated attackers to execute arbitrary code via specially crafted HTTP requests. The flaw is rated CVSS 9.1 and affects FortiClientEMS 7.4.4; Fortinet advises upgrading to 7.4.5 or later. Gwendal Guégniaud is credited with reporting the issue, and users are urged to apply the fixes promptly.
read more →

SIEM Rules to Detect FortiCloud SSO Authentication Bypass

🔒 Kaspersky has released a set of SIEM correlation rules to detect exploitation of FortiCloud SSO authentication bypasses in Fortinet products. The rules target activity related to CVE-2025-59718, CVE-2025-59719, and CVE-2026-24858, which allow an attacker with a FortiCloud account to access devices when SSO is enabled. The downloadable package ([OOTB] FortiCloud SSO abuse package – ENG) contains IOC, critical admin action, and suspicious activity rule groups; administrators should tune exceptions to reduce false positives and ensure Fortinet events are fully normalized with the "Extra" field populated for effective detection.
read more →

Fortinet Named Gartner Insights Customers' Choice for EPP

🛡️ Fortinet has been named a 2026 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms, marking its fourth consecutive year receiving the distinction. The recognition is based on verified end‑user reviews through November 2025, yielding a 4.8/5 overall rating and a 98% willingness to recommend from 168 ratings. Fortinet highlights its unified FortiEndpoint agent — combining FortiEDR and FortiClient — to deliver EPP, EDR, ZTNA, vulnerability management, centralized management, and simplified operations with minimal performance impact.
read more →

Incentivizing Cybercrime Disruption at Davos 2026 Panel

🔒Fortinet convened a cross-sector panel at the World Economic Forum Annual Meeting in Davos to explore how incentives can shift the economics of cybercrime. Panelists from law enforcement, industry, and civil society highlighted the limits of voluntary intelligence sharing and the need for structured collaboration. Initiatives like the Cybercrime Bounty and the Cybercrime Atlas were presented as practical mechanisms to accelerate validated, anonymous reporting and enable faster action against transnational threats.
read more →