Forti OS SSL-vpn leak also affects 500 Belgian organisations
- November 26, 2020
This week it was reported that the FortiOS SSL-vpn leaky also affected 500 Belgian companies. It offers attackers the chance to access the vpn via homemade http-headers.
However, the leak is not new and was in September 2019(!) already poemed by Fortinet. We have our managed services Consequently, customers were already informed at the time and the necessary updates were carried out immediately. They run little risk and do not have to worry. If you have any doubts or if you would like more information about this, you can always contact us. Support service consult.
The majority of the unmanaged customers that we could find in the list have also been notified by us to see how to respond to this as quickly as possible and to take similar risks in the future. occur with or without an automated form of patch management.
What can I do?
Of course, we can strongly recommend immediately carry out the necessary patching and/or updates so that the known leaks are harmless. Not only on FortiOS, but on all operating systems, firmware and other applications.
- In case of leaked passwords, it is of course also a must to change these passwords immediately.
- Finally, wherever possible, it is recommended that 2-factor authentication as an extra layer of security. Also, never use the same password for multiple services.
Do you have any questions? Can we help you keep your infrastructure up to date? Our co-workers are waiting for you!
"Of course, we can strongly recommend that the necessary patching and/or updates are carried out immediately so that the known leaks are harmless".
- Webinar
Let's catch up on cyber security. Especially now that homeworkers are being targeted more and more often. After watching this event, you will be up to date with the latest technologies.
