[GTALUG] Cert Advisory FortiOS APT
D. Hugh Redelmeier
hugh at mimosa.com
Thu Apr 8 10:18:01 EDT 2021
| From: Russell Reiter via talk <talk at gtalug.org>
|
| The advisory says even if your org doesn't use the os you should apply
| mitigations.
|
| https://siliconangle.com/2021/04/04/hackers-actively-targeting-fortios-vulnerabilities-warn-fbi-cisa/
>From there, I got to
<https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf>
Long, but easy to digest. Scary.
It's "let's attack SSL-based VPNs". Several vendors. But not OpenVPN for
some reason. Perhaps because it isn't used as a corporate VPN.
Hosts are definitely Linux.
More information about the talk
mailing list