Medusa Ransomware Leveraging Fortinet Vulnerability for Advanced Attacks

The notorious Medusa ransomware group has been manipulating an essential exposure in Fortinet’s FortiClient EMS software to establish refined ransomware attacks. The SQL injection flaw tracked as CVE-2023-48788, permits assaulters to execute malicious code on vulnerable systems and gain a foothold for deploying ransomware.

“Medusa accumulates access to a target system via a known defect such as the Fortinet EMS SQL injection vulnerability. CVE-2023-48788 impacts circumstances that have FortiClient EMS, versions 7.2 to 7.2.2 and 7.0.1 to 7.0.10, established to manage endpoints,” Bitdefender said. Medusa understood for targeting a wide spectrum of sectors, including healthcare, manufacturing, and education, has been fast to capitalize on the Fortinet vulnerability.

By transmitting hostile web requests including SQL statements, the group exploits the FCTUID parameter in request headers, allowing them to manage arbitrary commands via the xp_cmdshell function in Microsoft SQL Server. Once initial access is gained, Medusa creates a webshell on the compromised server to enable data exfiltration and payload delivery. Bitdefender said the group uses tools like bitsadmin to transmit negative files and establish persistence on victim systems.

Medusa’s attack chain showcases the group’s advanced capabilities, especially in the places of performance and security evasion. After achieving a foothold, Medusa leverages PowerShell scripts to run management, exfiltrate data, and execute its ransomware payload. The company’s malware, known as gaze.exe, destroys different benefits and loads files referencing Tor connections for data exfiltration. To avoid detection, Medusa establishes compromised versions of legitimate remote monitoring and management (RMM) devices like ConnectWise and AnyDesk. These tampered RMM tools often go overlooked due to their trusted status within the victim’s environment.

Associations can embrace a multi-layered system to protect against Medusa’s ransomware attacks. Executing robust patch control practices is important to promptly address exposures like the Fortinet fault. Network segmentation, regular backups, and employee security awareness training are also critical elements of a complete security technique. As Medusa persists to develop and refine its strategies, it is critical for companies to stay alert and aggressive in their cybersecurity measures.

Search

Recent News

Blog Images

Threat actors are coercing victims into providing their login credentials for the purpose of theft

Blog Images

Remote Code Execution Vulnerability in Ivanti Endpoint Manager Exploited by Proof of Concept

Blog Images

Medusa Ransomware Leveraging Fortinet Vulnerability for Advanced Attacks

Blog Images

Port of Seattle Confirms Cyberattack in August Linked to Rhysida Ransomware

Blog Images

New Android Banking Malware TrickMo Targets Users to Steal Login Credentials

Blog Images

Cybercriminals Targeting Stored Credentials in Browsers

Blog Images

Earth Preta Hackers Have Expanded Their Toolkit with New Tools

Blog Images

RAMBO Attack Compromises Data from Isolated Air-gapped Systems

Blog Images

Palo Alto Networks Purchases IBM QRadar in a $500 Million Acquisition

Blog Images

New Vulnerabilities in Microsoft macOS Apps Could Enable Cyberpunks to Obtain Unrestricted Access

Blog Images

Cicada3301 ransomwares Linux encryptor specifically targets VMware ESXi systems

Blog Images

Watch Out for Harmful Chrome Extensions That Drain Crypto Wallets

Blog Images

Iranian State-Sponsored Hackers Conduct Intelligence Operations Through Fake Job Offers

Blog Images

Wireshark 4.4.0 Released: Whats New in This Update?

Blog Images

Identify and Mitigate Remote Code Execution Vulnerabilities on the Moodle Platform

Blog Images

The Risks of Chrome Zero-Day Vulnerability (CVE-2024-7965)

Blog Images

Redis Server infected with new ransomware payload by P2Pinfect

Blog Images

New RAT Malware SneakyChef & SugarGhost Attack Windows Systems

Blog Images

New Linux Variant Of RansomHub Attacking ESXi Systems

Blog Images

US denies Kaspersky software for purported Russian connections

Blog Images

Malicious search results can lead to the installation of SolarMarker malware

Blog Images

A hacker gained access to Tile's customer support platform in the Life360 breach

Blog Images

ScreenConnect and RDP access were installed to begin the ALPHV ransomware deployment

Blog Images

Source code and internal data from the New York Times have been leaked in 270GB

Blog Images

Bypassing authentication on the Telerik Report Server is possible due to a flaw in the server

Blog Images

A Data-management startup, Tabular, has been acquired by Databricks

Blog Images

Latest cyber attacks replace AutoIt with AutoHotkey by DarkGate Malware

Blog Images

Cryptominer deployed by 8220 Gang exploiting Oracle WebLogic Server flaw

Blog Images

Linux Malware Scanner from Kaspersky released

Blog Images

Palo Alto Networks Firewall zero-day vulnerability exploited by Red Tail Cryptominer

Blog Images

Ransomware attacks shut down Seattle 27 public libraries

Blog Images

Theft of $37 million of cryptocurrency by an Indian national

Blog Images

Cybersecurity Platform Cynet Makes MSPs Rich & Clients Safe

Blog Images

Through gift card fraud, Moroccan cybercriminals steal up to $100K daily

Blog Images

Detect Fake Antivirus Websites Delivering Android & Windows Malware

Blog Images

Encryption and data exfiltration by Ransomhub on industrial control systems

Blog Images

Attackers weaponize Microsoft Access documents to execute malicious code

Blog Images

Hacker claims access to AWS, Azure, MongoDB, and Github API keys

Blog Images

Ransomware attacks launched by the Ikaruz Red Team using LockBit Builder

Blog Images

Fortinet FortiSIEM PoC published on unauthenticated RCE vulnerability

Blog Images

An Exchange Server keylogger steals login credentials from the login page

Blog Images

Laundering $73 Million in Pig Butchering Crypto Scam Arrested by Chinese Nationals

Blog Images

North Korean Hackers Utilize Facebook Messenger in Focused Malware Offensive

Blog Images

Dell Data Breach: Hacker Compromises Customer Phone Numbers and Service Reports

Blog Images

Apple Implements RTKit iOS Zero-Day Fix for Older iPhone Models

Blog Images

OpenAI Unveils GPT-4o: Faster, Enhanced Model Now Available Free for All ChatGPT Users

Blog Images

Proof of Concept (PoC) Unveiled for Severe PuTTY Private Key Recovery Vulnerability

Blog Images

Hackers Breaches Fidelity National Financial to Steal 1.3 Million People’s Data

Blog Images

Hackers Can Install Ransomware on Network-Connected Devices

Blog Images

Alert: Connect Secure Zero-Days Used in Attacks, Says Ivanti

Blog Images

Cisco to Rectify Hazardous Weaknesses Affecting Unity Connection Software

Blog Images

Zeppelin Ransomware Source Code Fetches $500 on the Hacking Forum

Blog Images

Mandiant X Account to be Restored After 6-Hour Cryptocurrency Scam

Blog Images

“Critical Google Cookies” Exploit Allows Persistent Access After Password Reset

Blog Images

Hackers to Use the New DLL Hijacking Technique to Bypass Windows Security

Blog Images

DoJ Fines XCast $10 Million for Large-Scale Illegal Robocall Scheme

Blog Images

Hackers to Breach an Australian State Court Recording Database

Blog Images

The recent Terrapin bug may downgrade the SSH security protocol

Blog Images

Caution: Scam-as-a-Service Allowing the Cybercriminals to Drain Crypto Wallets

Blog Images

Microsoft to Disable MSIX App Installer Protocol Due to Malware Attacks

Blog Images

Darkweb Leaksmas Event Reveals Massive Hacked Data

Blog Images

A Year After the Rockstar Breach, GTA 5 Source Code was Purportedly Published Online

Blog Images

Carbanak Banking Malware Uses New Ransomware Techniques to Resurface

Blog Images

Microsoft Alerts the Defence Sector about a New FalseFont Backdoor

Blog Images

PikaBot Infects Windows-Based Systems with Malicious Search Ads

Blog Images

CISA Asks Manufacturers to Remove Default Passwords to Prevent Cyber Threats

Blog Images

Microsoft Issues a Storm-0539 Warning: Holiday Gift Card Fraud Is Getting Worse

Blog Images

BazaCall Phishing Scammers to Use Google Forms to Fraud People

Blog Images

"Sierra:21" vulnerabilities target Critical infrastructure routers

Blog Images

New MIPS Variant of P2PInfect Botnet aiming at Routers and IoT gears

Blog Images

Kali Linux to Release 2023.4 Version with New Hacking Tools

Blog Images

New Slam Hacks AMD Future Intel CPUs to Steal Sensitive Data

Blog Images

Russian Cybercriminals Are Taking Advantage of MS Outlook Privilege Increase Vulnerability

Blog Images

New BLUFFS Bluetooth attack exposes devices to AiTM (adversaries in-the-middle attacks)

Blog Images

Microsoft Cautions Users to Kremlin-Backed APT28 Benefiting of Outlook Vulnerability

Blog Images

Federal Agencies, "Iran-Affiliated Hackers to Breach Several U.S. States"

Blog Images

Terrorism Of CACTUS Ransomware Attacks

Blog Images

Malware FjordPhantom to Spread Stealthy through Email, and Messaging Apps

Blog Images

Agent Racoon’s Threat On Middle East, Africa, and U.S Organizations

Blog Images

Deal of the Year: Broadcom’s Game-Changing Acquisition of VMware for $61 Billion

Blog Images

US Treasury Sanctions the Sinbad Crypto Mixer Used by N. Korean Hackers

Blog Images

Security Breach: Cyber Criminals to Exploit Browser Extensions to Hack Facebook Accounts

Blog Images

Windows Systems Breached: APT Hacks HrServ Web Shell, Security Alert

Blog Images

Unlocking Cybersecurity Secrets: Bug Hunter GPT’s Latest Responses

Blog Images

New Security Updates Introduced to Firefox 120: A Sneak Peek

Blog Images

Hackers Deploying REMCOS RAT to Exploit Windows SmartScreen Zero-Day Flaws

Blog Images

FEAM Aero Suffers Data Breach Due to LockBit Ransomware Attack

Blog Images

What are expected cybersecurity tips for Black Friday and Cyber Monday in 2023?

Blog Images

TTB Antivirus Achieves Perfect Score of 18/18, Receives AV-Test Verification for the Third Consecutive Time

Blog Images

Vulnerability of D-link Wi-Fi range extender to command injection attacks

Blog Images

MGM Resorts $100 Million Customer Data Stolen in Ransomware Attack

Blog Images

Sony Faces Cyber-Security Breach as Ransomware Group Alleges Successful Intrusion into “All Sony Systems”

Blog Images

TTB Antivirus Recognized as the Best Antivirus for Android by AV-TEST GmbH

Blog Images

Alarm For 1.5m WordPress Sites Users: Threat From Cookie Consent Plugins

Blog Images

The RatMilad Scare- How to Stay Safe?

Blog Images

A New Netflix-Styled App That is Actually a Ransomware

Blog Images

Uber Hacked! Hacker Announces in the Company Slack. Employees Think it is a Joke

Blog Images

This Spine Chilling new Linux Malware is proving to be an Alarm to all the IT Professionals

Blog Images

Why is it important to be secure on the internet today? Twilio Breach and its Customer Data Compromise!!!

Blog Images

Will the new 'BlastDoor' security feature be able to fight iMessage hacks?

Blog Images

All about the 6GHz (6E) Wi-Fi you need to know

Blog Images

US issues warning after Microsoft claims Chinese hackers perpetrating on its mail server program

Blog Images

PDF feature certified prone to cyberattacks

Blog Images

Fake TikTok App and Laptop offers spreading adware

Blog Images

Silver Sparrow attack on over 30000 Macs; here is what we know so far

Blog Images

Akamais Cybercrime Report 2020 is a real lesson; heres a glimpse

Blog Images

Chinese state-backed hacking group targets vaccine makers in India: A report