FORTINET is currently facing a large-scale credential-harvesting campaign termed 'FortiBleed,' which has compromised over 86,000 credentials for its firewalls and VPNs across 194 countries. Unlike typical attacks, this incident does not exploit new vulnerabilities but rather utilizes previously reported weak password practices and brute-force techniques. The company has identified systems at risk, notifying affected customers and collaborating with law enforcement.
Recommended actions for users include rotating credentials, implementing multi-factor authentication (MFA), and reviewing configurations for unauthorized changes.