The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory on the exploitation of vulnerabilities in Fortinet’s FortiOS operating system by advanced persistent threat actors.
Hackers may use the default configuration, path traversal and improper authentication vulnerabilities in FortiOS and other techniques to secure access to government, technology and commercial services and carry out future attacks, according to the advisory published Friday.
CISA has called on administrators and users to review the joint cybersecurity advisory and carry out the recommended measures to mitigate cyber risks.
Mitigation measures include patching the identified cyber vulnerabilities, implementing network segmentation, requiring administrator credentials to install software, using multifactor authentication and regularly changing passwords to network systems and accounts.
GovConWire Events will host its Defense Cybersecurity Forum to explore the progress that NSA and other federal agencies have made to protect U.S. national security and enhance its capabilities in threat intelligence, vulnerability assessments and cyber defense to stay ahead of the nation’s adversaries in cyberspace.
Morgan Adamski, chief of NSA’s Cybersecurity Collaboration Center, will serve as a keynote speaker. She will address the Cybersecurity Directorate’s mission, accomplishments in protecting U.S. assets, the role of commercial partnerships and the challenges still to come in cyber.