Coralogix Releases eBPF Observability for K8s Workloads
There are several big barriers to an effective tracing strategy. Modern applications require complex code instrumentation, and legacy applications might not be so easy to alter,…
Whether you are just starting your observability journey or already are an expert, our courses will help advance your knowledge and practical skills.
Expert insight, best practices and information on everything related to Observability issues, trends and solutions.
Explore our guides on a broad range of observability related topics.
As per a recent update from Fortinet, Exploitation of CVE-2024-55591, a recently disclosed authentication bypass vulnerability in FortiOS and FortiProxy, allows remote attackers to achieve super-admin privileges. By sending specially crafted requests to the Node.js WebSocket module, attackers can exploit this zero-day vulnerability to gain unauthorized access.
Fortinet reports that attackers exploiting the zero-day vulnerability in the wild are creating randomly generated admin or local user accounts on compromised devices. These accounts are then added to existing SSL VPN user groups or new groups created by the attackers.
Severity: CRITICAL
CVSSv3 Score: 9.6
Nov 16-23, 2024 – Vulnerability scanning
Nov 22-27, 2024 – Reconnaissance
Dec 4-7, 2024 – SSL VPN configuration
Dec 16-27, 2024 – Lateral Movement
Jan 14, 2025 – Fortinet Published the Vulnerability
Type | Values | Context |
IP | 45.55.158[.]47 [most used IP address]137.184.65[.]71149.22.94[.]37155.133.4[.]175157.245.3[.]251167.71.245[.]1023.27.140[.]6531.192.107[.]16537.19.196[.]6564.190.113[.]2566.135.27[.]17887.249.138[.]47 | Threat Actor has been seen using these IP addresses for login to management interface |
User | GujhmkEd8x4kG0xgeyPvnw81Alg7c4Ypda8aKmi8p41a2n6t8ah1t6M4ix9f | Randomly created user/admin users |
IP | 1.1.1.1127.0.0.12.2.2.28.8.8.88.8.4.4 | login activity log with random scrip and dstip Note- Please note that the IP parameters are not the actual source IP addresses of the attack traffic, they are generated arbitrarily by the attacker as a parameter. Because of this they should not be used for any blocking. |
[1] https://www.fortiguard.com/psirt/FG-IR-24-535
[2] https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/
[3]https://www.rapid7.com/blog/post/2025/01/16/etr-fortinet-firewalls-hit-with-new-zero-day-attack-older-data-leak/[4]https://www.bleepingcomputer.com/news/security/fortinet-warns-of-auth-bypass-zero-day-exploited-to-hijack-firewalls/
There are several big barriers to an effective tracing strategy. Modern applications require complex code instrumentation, and legacy applications might not be so easy to alter,…
Imagine you’re a product manager at a B2B SaaS company. Monday morning, a frustrated client floods your inbox—their workflows were disrupted by a slowdown you could’ve…
Imagine being the new developer in a bustling tech company. Everyone is rushing to meet deadlines, and no one has time to explain the tangled web…