CERT.at investigates ransomware attacks via critical Fortinet vulnerabilities (FortiOS, FortiProxy) and recommends urgent forensic investigations of all devices that didn't have FortiOS 7.0.16 installed before 2025-01-27, when the PoC for CVE-2024-55591 was published. Those devices may be compromised despite having been patched later.

Check (German) warning by @CERT_at
https://www.cert.at/de/warnungen/2025/3/ransomware-gruppen-nutzen-weiterhin-kritische-fortinet-schwachstellen-warnung-vor-gepatchten-aber-bereits-kompromittierten-geraten

Long story with Forescout:
https://www.forescout.com/blog/new-ransomware-operator-exploits-fortinet-vulnerability-duo/

I'm hating how much of my life is dominated by #Fortinet right now.

It's gotten a bit easier now some media outlets are reporting on it, mainly based on @GossiTheDog's toots, but good grief, what a mess.

On the plus side, it's encouraging my place to finally start taking vendor assessment and how we architecturally position vendor appliances a bit more seriously.

Patch your FortiManager now. Limit access to it to only from dedicated jump-servers.

ClownStrike.lol now says #Fortinet has falsely blocked the domain as "phishing" and is giving them the runaround about appealing it. This domain is demonstrating all of the cybersecurity industry's problems.