all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

Add to bookmarks
April 17, 2024, 10:23 a.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads.
The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or

attacker campaign critical cve cve-2023-48788 cvss cvss score cybersecurity deploy devices exploit exploitation exploiting flaw forticlient forticlient ems fortinet hackers hackers exploit injection injection flaw metasploit payloads researchers score screenconnect security security flaw sql sql injection unauthenticated unauthorized

Visit resource

More from thehackernews.com / The Hacker News

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure an hour ago | thehackernews.com
address ai risks ai security artificial +16
Considerations for Operational Technology Cybersecurity an hour ago | thehackernews.com
change control cybersecurity devices +18
New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024 5 hours ago | thehackernews.com
act and telecommunications april bans +23
Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 18 hours ago | thehackernews.com
access accounts address android +20
China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale 21 hours ago | thehackernews.com
actor china cloud cloud security +22
Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM 1 day ago | thehackernews.com
adoption attackers challenge cyber +21
New R Programming Vulnerability Exposes Projects to Supply Chain Attacks 1 day ago | thehackernews.com
actor attacks code code execution +22
Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover 1 day, 1 hour ago | thehackernews.com
access adversary code code execution +18
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks 1 day, 21 hours ago | thehackernews.com
access access management attacks availability +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Engineer

@ Core10 | Nashville, Tennessee, United States - Remote
View on infosec-jobs.com

Security Operations Engineer I

@ Jamf | US Remote
View on infosec-jobs.com

IT Security ISSO Specialist (15.10)

@ OCT Consulting, LLC | Washington, District of Columbia, United States
View on infosec-jobs.com

Compliance Officer

@ Aspire Software | Canada - Remote
View on infosec-jobs.com

Security Operations Center (SOC) - AVP

@ Paytm | Noida, Uttar Pradesh
View on infosec-jobs.com
View more jobs