Fortinet FortiClient Flaw: Cybercriminals Get a Remote Control Upgrade!

A critical security flaw in Fortinet FortiClient EMS, CVE-2023-48788, is being exploited by cybercriminals to install remote desktop software like AnyDesk. Kaspersky reports this SQL injection bug is the gateway for unauthorized access, leading to compromised systems in multiple countries. Remember, folks: even in cybersecurity, sharing is not caring!

3P
Published: December 20, 2024 6:33 amAdded: December 19, 2024 at 11:06 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Fortinet FortiClient EMS has been caught with its virtual pants down! Thanks to a critical flaw, cybercriminals have been having a field day installing remote desktop software like they’re setting up their own IT department. Note to self: Make sure your software isn’t as easy to hack as a celebrity’s Twitter account.

Key Points:

  • A critical SQL injection vulnerability (CVE-2023-48788) in Fortinet FortiClient EMS has been exploited.
  • Attackers have used this flaw to install remote desktop software such as AnyDesk and ScreenConnect.
  • The attack targeted a Windows server exposed to the internet with open ports associated with FortiClient EMS.
  • Additional tools like password recovery and network scanning software were deployed in the attack.
  • The campaign targeted companies across multiple countries, leveraging ScreenConnect subdomains.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?