Patch or Perish

“The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground.” – Dennis Hughes, FBI

A pair of glasses rests on a laptop, with code visible on the screen.
Photography by Kevin Ku on Pexels
Published: Monday, 02 June 2025 02:11 (EDT)
By Alex Rivera

Alright, maybe Dennis Hughes was being a little dramatic, but he wasn’t entirely wrong. In today’s hyper-connected world, vulnerabilities are like ticking time bombs, and the latest Fortinet and Veeam security flaws are no exception. If you’re still dragging your feet on patching these, you might as well be handing over the keys to your digital kingdom.

Here’s a fun (read: terrifying) fact: Over 86,000 Fortinet instances are still vulnerable to a flaw that’s been around for nine months. Nine. Months. That’s like leaving your front door wide open for three-quarters of a year, hoping no one notices. And guess what? Attackers have noticed. According to The Register, hackers have already started exploiting this flaw, and the clock is ticking for anyone who hasn’t patched yet.

But wait, there’s more! Veeam Backup & Replication, a tool many businesses rely on to keep their data safe, is also in the crosshairs. Threat actors are actively exploiting a critical vulnerability (CVE-2024-40711) to spread Akira and Fog ransomware. This flaw has a severity rating of 9.8 out of 10.0, which, in cybersecurity terms, is like DEFCON 1. If you’re not sweating yet, you should be.

Fortinet: Nine Months and Counting

Let’s start with Fortinet. This isn’t some obscure, hard-to-find vulnerability. It’s been out in the wild for nine months, and there’s really no excuse for not patching it by now. The flaw affects Fortinet’s FortiOS SSL-VPN, a product used by thousands of businesses worldwide to secure remote access. The problem? Attackers can exploit this flaw to gain unauthorized access to your network. Once inside, they can do whatever they want – steal data, plant malware, or just generally wreak havoc.

According to Shadowserver, more than 86,000 instances of Fortinet’s SSL-VPN are still vulnerable. That’s 86,000 potential entry points for hackers. And now that attackers are actively exploiting this flaw, the risk isn’t theoretical anymore – it’s very, very real.

So, what’s the holdup? For some, it might be the “if it ain’t broke, don’t fix it” mentality. But in cybersecurity, that’s a dangerous game to play. Just because you haven’t been hacked yet doesn’t mean you’re safe. In fact, the longer you wait to patch, the more likely it is that you’ll become a target.

Veeam: A Ransomware Playground

Now, let’s talk about Veeam. If you’re using Veeam Backup & Replication and haven’t patched the CVE-2024-40711 vulnerability, you’re basically inviting ransomware into your network. And not just any ransomware – we’re talking about Akira and Fog, two nasty pieces of malware that can lock up your data and demand a hefty ransom to get it back.

According to Sophos, attackers are using compromised VPN credentials and the CVE-2024-40711 flaw to create local accounts on targeted systems. Once they’ve got a foothold, they deploy ransomware, encrypting your data and leaving you with two choices: pay up or lose everything.

This vulnerability has a severity rating of 9.8, which means it’s about as bad as it gets. If you’re not patching this flaw immediately, you’re playing with fire. And in the world of ransomware, that fire can burn your entire business to the ground.

Why Are These Flaws So Dangerous?

Both the Fortinet and Veeam vulnerabilities are dangerous for a few reasons. First, they’re easy to exploit. Attackers don’t need to be cybersecurity wizards to take advantage of these flaws – they just need to know where to look. And with tools like Shodan (a search engine for internet-connected devices), finding vulnerable systems is a piece of cake.

Second, these flaws give attackers a lot of power. With Fortinet, they can gain unauthorized access to your network, which is like handing them the keys to your entire digital infrastructure. With Veeam, they can deploy ransomware, locking up your data and demanding a ransom to release it. In both cases, the consequences can be catastrophic.

Finally, these vulnerabilities are being actively exploited right now. This isn’t some hypothetical future threat – it’s happening as we speak. If you haven’t patched yet, you’re already behind the curve, and the longer you wait, the more likely it is that you’ll become a victim.

What You Need to Do

So, what can you do to protect yourself? The answer is simple: patch, patch, patch. If you’re using Fortinet’s SSL-VPN or Veeam Backup & Replication, you need to apply the latest security updates immediately. Don’t wait for a convenient time – there’s no such thing when it comes to cybersecurity.

For Fortinet users, make sure you’re running the latest version of FortiOS and that all security patches have been applied. If you’re not sure whether your system is vulnerable, now is the time to check. And if you find that you are vulnerable, don’t panic – just patch the flaw and move on.

For Veeam users, the process is similar. Make sure you’re running the latest version of Veeam Backup & Replication and that all security patches have been applied. If you’re using a VPN to access Veeam, make sure your credentials are secure and that multi-factor authentication (MFA) is enabled.

Final Thoughts

At the end of the day, cybersecurity is all about staying one step ahead of the bad guys. And right now, the bad guys are exploiting vulnerabilities in Fortinet and Veeam to wreak havoc on businesses around the world. If you haven’t patched these flaws yet, you’re playing a dangerous game. But the good news is that it’s not too late. Patch your systems now, and you can avoid becoming the next victim.

Remember, in the words of Dennis Hughes, the only truly secure computer is one that’s unplugged, locked in a safe, and buried 20 feet underground. But since that’s not exactly practical, patching your vulnerabilities is the next best thing.

Cybersecurity

Close-up shot of a computer motherboard with miniature figures seemingly investigating it, representing digital forensics.
Master Cybersecurity Through Digital Forensics

Uncover the secrets of digital forensics in cybersecurity. See how it helps investigate breaches and fortify defenses against evolving cyber threats.
Abstract illustration of a yellow paddle deflecting a pink virus-like splash on a black background.
Most Popular Cybersecurity Air-Gapping Tips

Explore expert insights on air-gapping, the cybersecurity strategy that isolates critical systems. Find out why it's a game-changer for data security.
Abstract background with glowing circles and lines, reminiscent of a technological network.
Cyber Hygiene: Essential Tips for Data Security

Discover how cyber hygiene can safeguard your data and devices. Explore practical steps to enhance your cybersecurity practices.
A woman in black clothing aiming a rifle at an indoor shooting range.
Master Cybersecurity Threat Hunting Techniques

Dive into the world of cybersecurity threat hunting and explore how staying ahead of attackers can safeguard your digital assets.
A person in a hoodie sits in a dimly lit room, hunched over a computer keyboard with a serious expression on their face, suggesting a focused and intense effort in the face of a cybersecurity challenge.
Cybersecurity Threat Intelligence Platforms: A Deep Dive

Learn the ins and outs of cybersecurity threat intelligence platforms, why they matter, and how they can help your organization stay ahead of emerging cyber threats.
A person wearing a VR headset and gloves is sitting in front of multiple computer screens in a dark setting.
How Cybersecurity Threat Simulation Protects You

Learn why mastering cybersecurity threat simulation is key to defending your systems against evolving cyber threats and staying one step ahead of attackers.
 

Related articles