Three security vulnerabilities in Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon. The FBI and CISA are warning that advanced persistent threat (APT) nation-state actors are exploiting known security vulnerabilities. The bugs are popular with cyberattackers in general, due to Fortinet s widespread footprint, researchers noted. Once they are successful, they will look just like your normal users, one researcher said. The bugs allow an attacker to obtain valid credentials, bypass multifactor authentication (MFA), and man-in-the-middle (MITM) authentication traffic to intercept credentials.
Source: https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/