A threat actor that has been using known old FortiOS vulnerabilities to breach FortiGate devices for years has also been leveraging a clever trick to maintain undetected read-only access to them after the original access vector was locked down, Fortinet has revealed on Thursday. “[Read-only access] was achieved via creating a symbolic link connecting the user filesystem and the root filesystem in a folder used to serve language files for the SSL-VPN,” Fortinet CISO Carl … More
The post Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices appeared first on Help Net Security.
This article has been indexed from Help Net Security