APT hackers are exploiting vulnerabilities in Fortinet and ManageEngine. The hackers used CVE-2022-47966 to breach Zoho ManageEngine ServiceDesk Plus and CVE-2022-42475 to access the FortiOS SSL-VPN firewall device. The Cybersecurity and Infrastructure Security Agency (CISA) and other organizations have observed multiple APT actors using similar tactics. The APT actors frequently target firewalls, VPNs, and edge network infrastructure. Detection methods include monitoring for new user creation, scheduled tasks, API calls, executed commands, user accounts logged into systems, and network connections. Mitigations include proper vulnerability and configuration management, network segmentation, proper management of accounts, permissions, and workstations, secure remote access software, auditing scheduled tasks, validating findings, using application allowlists, and verifying security controls. #APTHacker #CyberSecurity #FortiOS #ManageEngine
https://cybersecuritynews.com/apt-fortinet-manageengine-vulnerability/