Another day, another data leak: Fortinet and the security lessons learned
"In September this year, network security solutions provider Fortinet, suffered a data leak which exposed VPN login names and passwords. The exact number of credentials isn’t known. Fortinet said in a blog post that 87,000 had been impacted, while publication Bleeping Computer put the number at half a million . According to Fortinet, the credentials were obtained from systems that remain unpatched against FG- IR-18 -384 / CVE-2018-13379 – a bug uncovered in 2018 which is now on the Cybersecurity and Infrastructure Security Agency’s (CISA’s) list of the top 30 most-exploited flaws . Fortinet released a patch in 2019, but even if devices were patched at the time, if passwords weren’t updated, they remined vulnerable." * Read the full blog over on Clavister .