The common VMware hypervisor increases productivity and allows for easy transfer of VMs and your local computer.
VMware Workstation Pro 16 Full VersionCreate a second secure desktop using different privacy settings, tools, and networking configurations.
You can also use forensic tools for investigating OS vulnerabilities. Workstation is one of the best hypervisors available and offers powerful features for IT security professionals. A threat actor has leaked a list of almost 500,000 Fortinet VPN credentials, stolen from 87,000 vulnerable FortiGate SSL-VPN devices. The breach list provides raw access to organizations in 74 countries, including the USA, India, Taiwan, Italy, France, and Israel, with almost 3,000 US entities affected.Īccording to Fortinet the credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor’s scan. Even if the devices have since been patched, if the passwords were not reset, they remain vulnerable. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The vulnerability in question provides an improper limitation of a pathname to a restricted directory in several Fortinet FortiOS and FortiProxy versions.
The vulnerable SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP requests. Apparently the FortiOS system files also contained login credentials. In April, CVE-2018-13379 was mentioned in a joint advisory from the NSA, CISA, and the FBI as one of five vulnerabilities widely used in on-going attacks by the Russian Foreign Intelligence Service (SVR).
The source, and the websites that leaked the information, make for an interesting story as well.Ī patch for the vulnerability has been available since May 2019, but this patch has not been applied as widely as necessary. The list of Fortinet credentials was leaked by someone going by the handle ‘Orange.’ Orange is also the administrator of the newly launched RAMP hacking forum, and a previous operator of the Babuk Ransomware operation.Īfter the announced retirement of the Babuk gang, Orange apparently went his own way and started RAMP. Orange is now involved in the Groove ransomware operation, which allegedly employs several former Babuk developers. The leak of Fortinet VPN SSL credentials was mirrored on the Groove leak website. Ransomware leak sites are used to create some extra leverage over victim organizations.īoth posts lead to a file hosted on a Tor storage server known to be used by the Groove gang.
The ransomware attackers steal data from the infiltrated system while they deploy their ransomware.
They then threaten to publish the data if the victim decides not to pay. Depending on the kind of data, this can be a rather compelling reason to give in. Organizations use Virtual Private Networks (VPNs) to provide remote access to their systems from the Internet.