FortiBleed Hits 30K Firewalls 🛡️ & A 27-Year-Old Lock with No Key 🐡
Two major security stories broke this week that every business and IT team should know about — one exposes the login keys to tens of thousands of corporate firewalls, and the other reveals a hidden door in a trusted operating system that's been open since 1999.
🛡️ FortiBleed: Hackers Now Have Working Passwords to 30,000+ Corporate Firewalls
A sweeping credential harvesting campaign dubbed FortiBleed has left more than 30,000 Fortinet FortiGate firewalls — the devices that guard your company's entire network — exposed with their admin passwords cracked and posted online. Attackers systematically extracted configuration files from internet-facing Fortinet devices and cracked the stored password hashes, producing a database of verified, working logins. Confirmed victims include household names like Samsung, Comcast, Siemens, Lenovo, PwC, Accenture, and Oracle, as well as government agencies across 194 countries. If your organization uses a Fortinet firewall and hasn't rotated credentials recently, assume you may be on the list — change passwords immediately and audit for unauthorized access.
🐡 A 27-Year-Old Bug in OpenBSD Lets Anyone Skip the Password
Researchers at Argus Systems discovered a vulnerability in OpenBSD — a security-focused operating system widely used in firewalls, routers, and critical infrastructure — that has existed since 1999. The flaw lives in the code that handles PPP authentication (the handshake that verifies who you are before granting network access). By sending a connection request with empty username and password fields, an attacker could trick the system into saying "yes, come on in" without any valid credentials at all. A secondary bug also leaks chunks of sensitive kernel memory. The good news: researchers disclosed it responsibly, and a fix was committed just two days later on June 14th. If you run OpenBSD-based network gear, apply the patch now.
Stay ahead of threats like these with GOCO Security — visit us at gocosecurity.com.
.jpg)
Comments
Post a Comment