Thread | Brutkey

There's Fortinet's advisories. I knew they had to have some.

The only interesting ones to me on first glance are a couple sev:HIGH auth bypasses in FortiWeb ( https://www.fortiguard.com/psirt/FG-IR-25-448 ) and FortiOS ( https://www.fortiguard.com/psirt/FG-IR-24-042 ) and an ITW sev:CRIT preauth command injection in FortiSIEM that looks nice ( https://www.fortiguard.com/psirt/FG-IR-25-152 ).

#patchTuesday

Christoffer S.
@nopatience@swecyb.com

@cR0w@infosec.exchange Might this be what the folks at GreyNoise picked up reconnaissance wise?

cR0w
@cR0w@infosec.exchange

@nopatience@swecyb.com I don't think so. They noted SSL VPN activity specifically. These appear to be in other services. It's possible they were looking for initial access to use one of these to pivot or escalate but that would a reach to assume.