The IT Nerd

Researchers have identified a threat actor who had exposed Sliver C2 databases and logs and successfully exploited multiple FortiWeb devices to deploy Sliver. This group also leveraged React2Shell (CVE-2025-55182) in order to deploy Sliver and leveraged the tool fast reverse proxy (FRP) to expose local services on victim hosts remotely.

More details here:  https://ctrlaltintel.com/threat%20research/FortiWeb-Sliver/

Ensar Seker, CISO at threat intelligence company SOCRadar, commented:

“This is a textbook case of adversaries exploiting the weakest link in the network, outdated edge appliances. FortiWeb devices running unpatched firmware have become prime targets for initial access, and the deployment of the Sliver C2 framework shows how mature and stealthy these operations have become. Sliver, being an open-source post-exploitation tool, is now favored by both red teams and threat actors alike for its modularity and evasiveness.

What’s especially concerning is the use of Fast Reverse Proxy (FRP) to create persistent tunnels from within internal networks to attacker-controlled infrastructure. This is a clear attempt to sidestep traditional perimeter defenses and EDR visibility. It raises serious questions about visibility on network edge devices, which are often poorly monitored compared to endpoint systems.

This incident underscores the importance of aggressive patch management, zero-trust architecture, and strong monitoring of ingress/egress traffic from non-endpoint infrastructure like WAFs and VPN gateways. Simply deploying EDR is no longer enough if attackers can establish a persistent beachhead on devices outside its scope.”

This should be a wakeup call to get this sort of tech out of networks as soon as possible so that networks become more secure by default.

Fortinet and Crime Stoppers International (CSI), the world’s only global crime reporting platform, today announced the launch of a global partnership and pioneering Cybercrime Bounty program. The partnership with CSI introduces a collaborative program to allow more expansive action against cybercrime, including converged crime. The initial output of the partnership is the Cybercrime Bounty, an initiative designed to encourage individuals worldwide to safely and anonymously report cybercriminal activity, thereby strengthening cyber resilience for organizations and governments and furthering Fortinet’s collaborative efforts with public and private sector partners to advance collective action against cybercrime.

This first-of-its kind Cybercrime Bounty program will demonstrate how collaboration can accelerate innovation, intelligence sharing, coordinated response, and tangible accountability results, driving real cybercrime deterrence and disruption.

Through this unique collaboration, CSI will leverage its trusted anonymous reporting infrastructure to provide a secure channel for citizens and ethical hackers to share information about cyberthreats. Fortinet will contribute its expertise in threat intelligence and cybersecurity innovation to validate, analyze, and put reports into action, where appropriate, routing cybersecurity threat intelligence packages to law enforcement partners for investigations, arrests, and prosecutions.

Together, the shared expertise and resources of the Fortinet and CSI partnership and the Cybercrime Bounty will incentivize disruption, strengthening national and economic security.

A Global Call to Action
The Cybercrime Bounty program represents an unprecedented collaboration between a community-based crime prevention organization and a global cybersecurity leader. It combines CSI’s trusted global network with Fortinet’s world-class threat intelligence expertise to deliver a practical, scalable solution to take on one of today’s most pressing cybersecurity challenges.

Accountability is key to deterrence. Fortinet has committed over 13 years to uniting public and private sectors to systematically disrupt cybercriminal operations and strengthen cyber resilience worldwide. Teamwork is critical to counter cybercriminals. Cybercrime is not a problem any one organization can solve alone; it requires continuous intelligence sharing, education, and a commitment to public-private cooperation at scale. This collaboration with CSI creates a Cybercrime Bounty initiative built to continue scaling deterrence. 

A Global Disruption Framework and United Force Against Cybercrime
The Cybercrime Bounty program and initiative:

• Fosters community engagement and support: Disrupting organized cybercrime requires a global effort, with strong, trusted relationships between private-sector participants and public-sector organizations to align private intelligence and critical infrastructure at speed and across networks and borders. The Fortinet and CSI Cybercrime Bounty program aligns with other successful public-private collaborations that are dedicated to transparency and accountability. 
• Scales disruption against cybercrime: Patterns and weak links are in full force now, requiring speed vs. sovereignty to work across borders without losing trust or privacy. Coordinated response and accountability break down the shift from ad hoc cooperation to scalable disruption.
• Leans into global cybersecurity and cybercrime prevention leadership: As a global leader in cybersecurity and stalwart dedicated to preventing cybercrime through systemic disruption, Fortinet delivers cyberthreat intelligence and visibility into cyber activity through its broad, integrated, and automated protections across the entire digital attack surface. The company also brings its long-standing commitment to pioneering efforts to disrupt cybercrime to this initiative, escalating accountability efforts to deter youth and other aspiring cybercriminals by sending a message that such actions will not go unaccounted for.
• Leverages Fortinet’s leadership role in shaping global cybersecurity collaboration: Relevant insights and experience that Fortinet brings to this Cybercrime Bounty effort include experience gained as a founding member of the World Economic Forum’s Cybercrime Atlas. The Cybercrime Atlas: Impact Report 2025 highlights the tangible progress achieved through multi-sector collaboration in dismantling cybercriminal networks and building resilience at scale. This cybercrime bounty effort with CSI builds on Fortinet’s long-standing collaborations with esteemed organizations from both the public and private sectors, including government entities, academia, and other public organizations, as a fundamental aspect of Fortinet’s commitment to enhancing global cyber resilience.

Today, Fortinet released its 2025 Global Cybersecurity Skills Gap Report. While organizations are embracing AI to enhance cybersecurity, the persistent skills gap prevents them from unlocking its full potential and creates new risks. 

Here is a summary of the report’s key findings: 

• As organizations are increasingly turning to AI to strengthen their security postures and fill gaps, they also acknowledge that AI may be used against them as an engine of new or improved cyberattacks, especially given the lack of AI skillsets across teams. While 78% of Canadians surveyed say AI is helping their IT and security teams become more effective, nearly half (47%) point to a lack of staff with sufficient AI expertise as the biggest challenge to successful implementation. 
• Lack of cybersecurity awareness and training remains the top cause of breaches. 51% of Canadians surveyed indicated a lack of IT security skills and training as one of the leading causes of breaches in their organizations. 
• Boards lack cyber knowledge, despite it being a priority. Cybersecurity is now seen as a top business and financial priority, yet fewer than half (41%) of all Canadian respondents indicated their boards fully understand the risks posed by AI. 
• Organizations want cybersecurity personnel with certifications. 83% of Canadian IT decision-makers prefer to hire candidates who hold certifications, seeing it as validation for their knowledge and ability to stay current. 

The full report can be found here.

Fortinet FortiSwitch owners should be patching their gear ASAP as the company has released security patches for a critical vulnerability in FortiSwitch devices that can be exploited to change administrator passwords remotely.

You can find out more details here: PSIRT | FortiGuard Labs

Martin Jartelius, CISO at Outpost24 had this to say:

“There are a few rules of thumb. DO NOT expose administrative interfaces against the internet if you can avoid this. While this flaw allows a password change, for those who expose their devices against untrusted networks, the quality of passwords is also important, because already today there is the risk of attacks against weak password.”

“We help companies fight both those issues, password quality is the most user-centric, and EASM allows organizations to find those devices and fix the exposure – because exposure it risk, and vulnerability or not – if the attackers cannot reach the device you have substantially less of a stressful morning fixing this issue. Also praise to Fortinet who found, fixed, and disclosed the issue openly.”

This is one of these situations where you should drop what you are doing and patch everything ASAP. I say that because there are a lot of these devices online. Which means every single one is a target for threat actors.

Discovery Education, the creator of essential K-12 solutions used in classrooms around the world, today announced the launch of a new Digital Citizenship Initiative. The Digital Citizenship Initiative is a dynamic partnership that provides educators and students with free tools, resources, and the skills needed to thrive in today’s digital world.

The Digital Citizenship Initiative grew out of needs summarized in a dedicated white paper entitled Risks and Resilience: Why Digital Citizenship Matters in K12 Education. This study illuminated many of the issues facing today’s students, including cyberbullying, online privacy, and digital footprints. Furthermore, research shows that students remain largely unaware of the impacts of digital technologies on all aspects of life. Discovery Education defines digital citizenship as a set of strategies and behaviors designed to promote a safer online experience for everyone.

The Digital Citizenship Initiative partners include Impact Leader Verizon and Fortinet. Each partner has helped contribute expert insights to develop standards-aligned digital resources. Resources include ready-to-use materials, digital lessons, DEMystified series videos, and instructional materials spanning disciplines such as science, health, social studies, and English language arts. Educators can expect quarterly content releases covering a range of topics that address digital citizenship.

“At Verizon, we are driven by purpose and guided by values in all that we do. Being part of the Digital Citizenship Initiative is the latest building block in Verizon’s work to empower people to live, work, and play. Students are our future, and we are proud to support them as they learn to use digital technologies responsibly,” said Alex Servello, Associate Vice President of Responsible Business at Verizon.

“As a cybersecurity leader, we believe that staying ahead of sophisticated threats and cyber risks requires building a more cyber-aware society,” said Rob Rashotte, Vice President, Fortinet Training Institute. “To help achieve this, Fortinet partnered with educators to develop and make accessible a tailor-made security awareness curriculum to help prepare both educators and students to apply cybersecurity skills at school, at home, and everywhere they need it. We are proud that this curriculum will now be leveraged in the Digital Citizenship Initiative to further develop fundamental security skill sets across our global community.”

To access the Digital Citizenship Initiative resources, please visit digitalcitizenship.discoveryeducation.com. Educators with access to Discovery Education Experience can find these resources on the Digital Citizenship channel.

“Digital technology has revolutionized the way students learn, connect, and express themselves. Supporting digital citizenship is critical for preparing students to navigate an increasingly connected and complex online environment,” said Amy Nakamoto, Executive Vice President of Marketing and Strategic Alliances. “Thanks to our partners – Verizon and Fortinet – for your leadership in preparing students to navigate our tech-driven world responsibly.”

For more information about Discovery Education’s award-winning digital resources and professional learning solutions, visit www.discoveryeducation.com.

Well, this isn’t good. News is out via this link that An incorrect privilege assignment vulnerability [CWE-266] in the FortiOS security fabric may allow an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targeted FortiGate to a malicious upstream FortiGate they control.

Jim Routh, Chief Trust Officer at cybersecurity company Saviynt, commented:

“The  FortiOS Security Fabric Vulnerability that was patched is an excellent example of the value to a critical software provider in pen testing applications performed by an internal or external resource. In this case, a Fortinet employee, Justin Lum, discovered the vulnerability and initiated a process to produce the necessary patches to the impacted software versions. 

• FortiOS 7.6.0
• FortiOS 7.4.0–7.4.4
• FortiOS 7.2.0–7.2.9
• FortiOS 7.0.0–7.0.15
• FortiOS 6.4 (all versions; requires migration)

The primary purpose of the FortiOS Security Fabric is to make it easier for enterprise administrators to configure the software for optimal usage across Fortinet software modules. Fortinet is a market leading (20%) provider of firewall technology for enterprises large and small. They also offer enterprises additional network management software like SD-WAN components. 

The potential for exploitability for a set of cyber security capabilities designed to protect enterprises reaches a critical threshold with “super admin” privileged access, once the vulnerability is exploited by a threat actor. Threat actors dream about and strive for obtaining “super admin” privilege especially for software designed to protect enterprises.”

The link above as well as this link has all the details to make sure that you don’t get pwned. Thus it is now time to patch all the things.

Vancouver Canucks and Fortinet today announced that Fortinet has become the new Preferred Partner for the 2024–2025 season. Canucks Sports & Entertainment (CSE) has chosen Fortinet’s industry-leading Security Fabric platform to reduce complexity and streamline the identification and remediation of network and security issues across the group’s facilities.

CSE is one of the premier sports and entertainment companies in North America. In support of their goal to create inspiring moments and unforgettable experiences for their fans, CSE has deployed several Fortinet solutions at its central data center to help secure the Rogers Arena, home to NHL Vancouver Canucks and its fans, the Canucks Training Camp facilities, and the eSports team Vancouver Surge.

The Fortinet Security Fabric Wins Over Vancouver Canucks 
The Fortinet Security Fabric platform and Fortinet’s unique ability to converge networking and security help organizations like CSE reduce management complexity by consolidating siloed security tools, increasing visibility, improving performance, and decreasing the mean time to detect and respond to security incidents.

The Canucks’s implementation includes a central FortiGate Next-Generation Firewall (NGFW) cluster at its data center to protect and segment its network and build a Secure SD-WAN platform to simplify, accelerate, and secure communications between locations. Supported by the Fortinet Security Fabric platform, CSE has a single pane of glass to help consolidate management, visibility, analytics, and control for the entire environment.

Fortinet Leads the Cybersecurity Evolution in Canada
Fortinet has a long history of investing in Canada over the last 20 years. With more than 2,600 employees and over $200 million in infrastructure investments across Canada, including a regional data center, offices, a security operations center, and center of research and development excellence, Fortinet has been dedicated to protecting Canadian enterprises, nonprofits, educational institutions, and government agencies. 

Fortinet also remains steadfast in its commitment to close the cybersecurity skills gap and has pledged to train 1 million people globally by 2026 through its award-winning Training Institute program. As part of this, with more than 30 Canadian academic partners, no-cost training to all K-12 school boards in Canada, and an emphasis on helping military members, veterans, and spouses transition into the cyber field, Fortinet is helping grow cybersecurity awareness and resilience across the nation.

Fortinet today announced that it has acquired Next DLP, a leader in insider risk and data protection. With this acquisition, Fortinet will improve its position in the standalone enterprise data loss prevention (DLP) market and strengthen its leadership in integrated DLP markets within endpoint and SASE in alignment with Fortinet’s business strategy.

Next DLP has been recognized by industry analysts for its technology innovation and was recently named a Representative Vendor in the 2023 Gartner Market Guide for Data Loss Prevention¹ and the 2023 Gartner Market Guide for Insider Risk Management Solutions.² The company delivers a leading next-generation, cloud-native SaaS data protection platform that extends from endpoint to cloud.

As part of its commitment to offering enterprises a top-tier Unified SASE solution, Fortinet plans to integrate Next DLP’s technology to add advanced data loss prevention capabilities to Fortinet’s security service edge (SSE) offering, as well as integrate additional insider risk and data protection capabilities across the Fortinet Security Fabric.

Transaction Details
The deal has been signed and closed as of August 5, 2024.

 Fortinet today announced that it has entered into a definitive agreement to acquire Lacework, the data-driven cloud security company.

Lacework delivers a leading AI-powered cloud security platform that seamlessly integrates all critical CNAPP services. With patented AI and machine learning technology, an agent and agentless architecture for data collection, a homegrown data lake, and a powerful code security offering, Lacework is trusted by nearly 1,000 customers to deliver comprehensive security from code to cloud.

Fortinet is renowned for its cybersecurity innovation with more patents than the nearest three competitors combined and over 100 inclusions in industry analyst reports, including recognition in eight Gartner® Magic Quadrant™ reports. Fortinet delivers its solutions as part of the Fortinet Security Fabric, an integrated cybersecurity platform that spans Secure Networking, AI-driven Security Operations, and Unified SASE, which includes access and cloud security.

Fortinet intends to integrate Lacework’s CNAPP solution into Fortinet’s Unified SASE offering, forming one of the most comprehensive, full stack AI-driven cloud security platforms available from a single vendor. This will help customers identify, prioritize, and remediate risks and threats in complex cloud-native infrastructure from code to cloud.

This strategic acquisition aligns with Fortinet’s growth strategy in the Unified SASE market, which includes solutions for securing access and cloud, and underscores the company’s commitment to innovation and integration. As part of the acquisition, Fortinet is committed to a seamless transition for Lacework customers and partners. Backed by Fortinet’s proven leadership and expertise, Lacework customers will be able to benefit from access to Fortinet’s global reach, extensive scale, vast resources, and industry-leading threat intelligence while continuing to leverage their existing security infrastructure investments.

Financial terms of the transaction were not disclosed. The transaction, which is expected to close in the second half of 2024, is subject to required regulatory approvals and other customary closing conditions. Goldman Sachs & Co. LLC is acting as exclusive financial advisor to Lacework. Cooley LLP is acting as legal counsel to Lacework, and Fenwick & West LLP is acting as legal counsel to Fortinet.