One Article Review
| Source |  Volexity |
|---|---|
| Identifiant | 8611889 |
| Date de publication | 2024-11-15 19:50:18 (vue: 2024-11-15 20:05:49) |
| Titre | BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA |
| Texte | >KEY TAKEAWAYS Volexity discovered and reported a vulnerability in Fortinet\'s Windows VPN client, FortiClient, where user credentials remain in process memory after a user authenticates to the VPN. This vulnerability was abused by BrazenBamboo in their DEEPDATA malware. BrazenBamboo is the threat actor behind development of the LIGHTSPY malware family. LIGHTSPY variants have been discovered for all major operating systems, including iOS, and Volexity has recently discovered a new Windows variant. In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet\'s Windows VPN client that allowed credentials to be stolen from the memory of the client\'s process. This vulnerability was discovered while analyzing a recent sample of the DEEPDATA malware family. DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices. Analysis of the sample revealed a plugin that was designed to […]
>KEY TAKEAWAYS Volexity discovered and reported a vulnerability in Fortinet\'s Windows VPN client, FortiClient, where user credentials remain in process memory after a user authenticates to the VPN. This vulnerability was abused by BrazenBamboo in their DEEPDATA malware. BrazenBamboo is the threat actor behind development of the LIGHTSPY malware family. LIGHTSPY variants have been discovered for all major operating systems, including iOS, and Volexity has recently discovered a new Windows variant. In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet\'s Windows VPN client that allowed credentials to be stolen from the memory of the client\'s process. This vulnerability was discovered while analyzing a recent sample of the DEEPDATA malware family. DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices. Analysis of the sample revealed a plugin that was designed to […] |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 2024 >key abused actor after all allowed analysis analyzing authenticates been behind brazenbamboo client credential credentials day deepdata designed development devices disclosure discovered exploitation family forticlient fortinet from gather has have identified including information ios july lightspy major malware memory modular new operating plugin post process range recent recently remain reported revealed sample steal stolen system systems takeaways target threat tool used user variant variants volexity vpn vulnerability weaponizes where wide windows zero |
| Tags | Malware Tool Vulnerability Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.