Hackers Exploit New Vulnerability in Fortinet Firewalls to Breach Networks

Jimmy Jing

14 Jan 2025 — 1 min read

Security researchers have identified that malicious actors are actively exploiting a newly discovered vulnerability in Fortinet's FortiGate firewalls, compromising corporate and enterprise networks.

Fortinet issued an advisory confirming that the critical vulnerability, tracked as CVE-2024-55591, is "being exploited in the wild." Patches have been released, but it has been reported that hackers have been using the vulnerability as a zero-day since December, before Fortinet became aware and provided fixes.

Widespread Impact and Comparisons

This incident highlights another significant exploitation of vulnerabilities in enterprise security products designed to safeguard networks from cyber threats. This follows close on the heels of another security issue in Ivanti VPN servers that similarly jeopardized network integrity.

Cybersecurity firm Arctic Wolf reported a "mass exploitation" targeting Fortinet FortiGate devices with management interfaces exposed to the internet. Stefan Hostetler, lead threat intelligence researcher at Arctic Wolf, confirmed that this is linked to CVE-2024-55591.

Hostetler stated that Arctic Wolf has observed "a cluster of intrusions" affecting "tens" of devices, but cautioned that this represents only a "limited sample" of the total likely affected numbers. "The evidence points to an effort to exploit a large number of devices within a narrow timeframe," he added.

Company Response and Ongoing Investigations

Fortinet spokesperson Tiffany Curci declined to specify how many customers have been compromised but assured that the company is "proactively communicating with customers." The identity of the perpetrators remains unclear, though cybersecurity expert Kevin Beaumont suggests that a ransomware operator might be involved.

Hostetler noted that ransomware attacks could potentially exploit this bug, referencing previous research where ransomware group affiliates utilized similar network providers for VPN connectivity.

Call for Immediate Action

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged all Fortinet users to promptly update affected devices. Previously, Fortinet disclosed a security breach in September involving customer data from a third-party cloud environment.

Will RedNote get banned in the US?

There’s a certain irony in the recent wave of TikTok users transitioning to RedNote. Originally, the clause to either divest or ban TikTok was aimed at curbing the influence of foreign-owned social networks potentially susceptible to the Chinese government's control. However, the move has unintentionally led users

Apple Temporarily Suspends Notification Summaries in iOS 18.3 Beta

Apple has announced a temporary suspension of the notification summaries feature for news and entertainment applications in its latest iOS 18.3 developer beta. This decision was confirmed following reports highlighting inaccuracies in content summarizations, which stemmed from the Apple Intelligence platform. In response to criticisms over these inaccuracies, particularly

Biden punts the TikTok ban to Trump

The Biden administration has declared that it will defer dealing with the controversy surrounding the TikTok ban to President Donald Trump, who will be stepping into office shortly. A White House official clarified, “Our position on this has been clear: TikTok should continue to operate under American ownership. Given the

Sony Launches Black PlayStation 5 Accessories for Preorder

In conjunction with the recent CES event, Sony has unveiled a selection of black PlayStation 5 accessories, which are now open for preorder before they hit the shelves on February 20th. The new lineup features a variety of items, including the DualSense Edge controller priced at $199.99, the Pulse