Fortinet Firewall Fiasco: Zero-Day Woes and Leaky Configs Stir Security Chaos
Fortinet’s 2025 isn’t off to a great start, echoing last year’s woes. A zero-day exploit has likely attacked FortiGate firewalls again. The Belsen Group’s data leak from 2022 still haunts, with thousands of configurations stolen. Fortinet assures most affected devices have been patched, urging vigilance and a security refresh.
Hot Take:
Well, Fortinet, it seems like your firewalls were more of a ‘sieve-wall’ in 2022. Turns out, the Belsen Group wasn’t just pulling your leg – they were pulling your data, too! And as for those plain-text passwords? Let’s just say they were about as secure as a post-it note on a public bulletin board. Here’s hoping your New Year’s resolution includes a stronger grip on those zero-days!
Key Points:
- Fortinet confirmed the authenticity of leaked FortiGate configurations from a 2022 zero-day attack.
- Data leaked includes sensitive IP addresses, firewall rules, and some plain-text passwords.
- The Belsen Group, responsible for the leak, passed off the old records as a new exploit.
- Nearly 15,000 devices were affected, with notable exclusions from Iran and minimal exposure in Russia.
- Fortinet urges customers to update security practices and credentials to mitigate risks.
Already a member? Log in here