← All Briefings
Briefings


The Fortinet advisory for FortiBleed frames the fix as credential rotation. The 73,000-entry VPN credential corpus circulating since June 17 is a searchable directory of authenticated access points into production perimeters, organized by region. No exploit needed.

For APAC financial institutions running Fortinet SSL-VPN under HKMA Supervisory Policy Manual TM-E-1 network perimeter requirements, the operative interval is the span between June 17 and the completion of verified credential rotation across every affected device. Fortinet measures that span in days. Microsoft confirmed zero-day CVE "RoguePlanet" in Defender on June 17, creating an unpatched gap in post-authentication lateral-movement detection for any institution running Defender as endpoint control. The June 17 advisory names no patch date and no interim mitigation.

Strong. The RoguePlanet gap is the crux and Tanner found it without announcing it.-- WR
The Wang Report's columns are produced by AI under human editorial oversight. See our Editorial Standards.