1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Fortinet firewall bugs are being targeted by LockBit ransomware h

    From TechnologyDaily@1337:1/100 to All on Tue Mar 18 15:30:07 2025
    Fortinet firewall bugs are being targeted by LockBit ransomware hackers

    Date:
    Tue, 18 Mar 2025 15:27:00 +0000

    Description:
    Both bugs were fixed in January 2025, but users should update immediately.

    FULL STORY ======================================================================Security
    pros spot a new LockBit variant in the wild A potential affiliate abused two Fortinet flaws to deploy the encryptor There are multiple overlaps with LockBit 3.0

    LockBit affiliates are using vulnerable Fortinet endpoints to target businesses with an updated ransomware strain, experts have warned.

    Cybersecurity researchers at Forescout found the threat actor is using two vulnerabilities in Fortinet firewalls, tracked as CVE-2024-55591, and CVE-2025-24472, to deploy an updated ransomware strain named SuperBlack.

    Both vulnerabilities had been used in the past before, and both were patched in January 2025 - so the best way to defend against the attacks is to make sure your Fortinet firewalls are up to date. At least three victims

    Forescout named the group running the attacks Mora_001. Since there are some overlaps in its tactics, techniques, and procedures (TTP) with LockBit, the researchers believe the group could be a LockBit affiliate.

    Apparently, SuperBlack is based on the builder that was used in LockBit 3.0 attacks, and which leaked in the past. Furthermore, the ransom note in both LockBit and Mora_001 attacks uses the same messaging address.

    Speaking to TechCrunch , senior manager of threat hunting at Forescout, Sai Molige, said there were at least three confirmed cases, but added that there could be others.

    LockBit was one of the most disruptive and influential ransomware groups around, however, in late February 2024, it was struck by the FBI, and it
    never fully recovered. The law enforcement seized its website, the data it held, and obtained thousands of decryption keys.

    It also obtained information about its affiliates which, at the time, counted around 200 groups, and later urged the affiliates to come forward. In
    February this year, the bulletproof hosting service provider, allegedly used by LockBit, was sanctioned by the US and the UK.

    LockBit took roughly a week to get back on its feet and resume operations,
    but it is possible that many of its affiliates pivoted to other groups, such as RansomHub or Medusa. You might also like US, UK crack down on Russian bulletproof hosting service ZServers for LockBit partnership We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/fortinet-firewall-bugs-are-being-target ed-by-lockbit-ransomware-hackers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)