Tens of thousands of firewalls surrendered their credentials. A trusted software supplier became the doorway into hundreds of customer systems. Law enforcement dismantled one of the oldest pipelines feeding the ransomware economy. And the largest consultancy in the world placed a four-billion-dollar bet that defending industrial systems is the defining security challenge of the decade. The through-line is unmistakable - the contest is no longer only about keeping intruders out, but about seeing compromise the moment it surfaces, wherever it surfaces.
Here is your weekly five-minute distillation of the 10 most consequential movements in cyber
security.
FortiBleed: 86,644 Fortinet Firewalls Surrender Their Credentials, and the Data Reaches the Dark Net First
THE BIG DEAL
On 18 June, the United States Cybersecurity and Infrastructure Security Agency warned that a sweeping credential-theft campaign, dubbed FortiBleed, had compromised roughly 86,644 internet-facing Fortinet firewalls and SSL VPN gateways across 194 countries. Researchers attribute the operation to a Russian-speaking group that ran an estimated 1.16 billion credential attempts against more than 320,000 FortiGate targets. Government agencies, financial institutions and healthcare providers are among the victims. Critically, the stolen credential database was already circulating on dark net forums before CISA issued its advisory, giving secondary actors a head start.
TAKEAWAY
The edge device is now the prize, and the warning shot arrives on the dark net, not in your security operations centre. Terminate active VPN sessions, rotate every Fortinet credential, enforce phishing-resistant multi-factor authentication and remove management interfaces from the public internet today. Then ask the harder question: if your credentials were traded tonight, how would you know?
SOURCE CISA - Hardening Fortinet Devices After Credential Exposure
Published by
About our partner
Brighten Tech
Brighten Tech, is designed to provide organisations with earlier visibility of potential threats by identifying exposed credentials, leaked information and emerging threat activity directly from source environments across the dark net and related ecosystems. Rather than relying solely on intelligence that has already been aggregated and widely circulated, the platform aims to provide organisations with greater time to assess, respond and reduce risk.What the Radiance platform delivers:› Real-time dark net monitoring across forums and marketplaces, captured at the moment of publication› Automated credential-leak and PII breach detection for your organisation, customers and executives› Breach source-URL identification and threat-actor intelligence for rapid, targeted response› A non-attributable collection methodology that leaves no digital footprint› SIEM and SOAR integration that triggers automated playbooks the moment a leak is detectedStop discovering breaches last. Start seeing them first.Explore Radiance at brightentech.aiUntil next
Learn moreHelp your peers
Share what you've learned with fellow public servants