Category: Uncategorized

Turkish authorities say they have disrupted planned attacks on Christmas and New Year’s events after arresting more than 100 suspected members of the so-called Islamic State group.

Mass raids were carried out at 124 addresses across Istanbul, the capital’s chief prosecutor said, with firearms, ammunition and “organisational documents” seized.

Officials said IS supporters had been actively planning attacks across Turkey this week, particularly against non-Muslims.

Police detained 115 suspects but efforts are ongoing to trace a further 22, an official statement read.

The prosecutor’s office said the suspects were in contact with IS operatives outside Turkey.

The announcement comes two days after Turkish intelligence agents carried out a raid against the group on the Afghanistan-Pakistan border.

A Turkish national who is alleged to have held a senior role with the IS wing operating in the region was detained and accused of planning attacks against civilians.

Turkey’s security services regularly target people with suspected links to IS.

The country shares a 900km (560 mile) border with Syria, where the group continues to operate in parts of the country.

Syria’s president Ahmed al-Sharaa, who has close ties to the Turkish government, has vowed to work with the US and Europe to root out surviving elements of IS.

The US launched a wave of air strikes against the group’s positions across Syria on Friday in response to the killing of three Americans.

Two US soldiers and a civilian interpreter were killed by IS gunmen during an ambush earlier this month.

Norad, the North American Aerospace Defense Command, has kicked off its 70-year tradition of tracking Santa Claus on Christmas Eve, with US President Donald Trump joining.

Along with First Lady Melania, Trump took calls from multiple children.

Every year, Norad tracks Santa as he circles the globe, with volunteers helping to answer calls and provide updates to children on his location.

The tradition started back in 1955, after a misprint in a department store led a young child to call a Colorado military command centre and ask for Santa’s location.

Dec 25, 2025Ravie LakshmananVulnerability / Enterprise Security

Fortinet on Wednesday said it observed “recent abuse” of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations.

The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS that could allow a user to log in successfully without being prompted for the second factor of authentication if the case of the username was changed.

“This happens when two-factor authentication is enabled in the ‘user local’ setting, and that user authentication type is set to a remote authentication method (eg, LDAP),” Fortinet noted in July 2020. “The issue exists because of inconsistent case-sensitive matching among the local and remote authentication.”

The vulnerability has since come under active exploitation in the wild by multiple threat actors, with the U.S. government also listing it as one of the many weaknesses that were weaponized in attacks targeting perimeter-type devices in 2021.

In a fresh advisory issued December 24, 2025, Fortinet noted that successfully triggering CVE-2020-12812 requires the following configuration to be present –

• Local user entries on the FortiGate with 2FA, referencing back to LDAP
• The same users need to be members of a group on the LDAP server
• At least one LDAP group the two-factor users are a member of needs to be configured on FortiGate, and the group needs to be used in an authentication policy which could include for example administrative users, SSL, or IPSEC VPN

If these prerequisites are satisfied, the vulnerability causes LDAP users with 2FA configured to bypass the security layer and instead authenticate against LDAP directly, which, in turn, is the result of FortiGate treating usernames as case-sensitive, whereas the LDAP Directory does not.

“If the user logs in with ‘Jsmith’, or ‘jSmith’, or ‘JSmith’, or ‘jsmiTh’ or anything that is NOT an exact case match to ‘jsmith,’ the FortiGate will not match the login against the local user,” Fortinet explained. “This configuration causes FortiGate to consider other authentication options. The FortiGate will check through other configured firewall authentication policies.”

“After failing to match jsmith, FortiGate finds the secondary configured group ‘Auth-Group’, and from it the LDAP server, and provided the credentials are correct, authentication will be successful regardless of any settings within the local user policy (2FA and disabled accounts).”

As a result, the vulnerability can authenticate admin or VPN users without 2FA. Fortinet released FortiOS 6.0.10, 6.2.4, and 6.4.1 to address the behavior in July 2020. Organizations that have not deployed these versions can run the below command for all local accounts to prevent the authentication bypass issue –

set username-case-sensitivity disable

Customers who are on FortiOS versions 6.0.13, 6.2.10, 6.4.7, 7.0.1, or later are advised to run the following command –

set username-sensitivity disable

“With username-sensitivity set to disabled, FortiGate will treat jsmith, JSmith, JSMITH, and all possible combinations as identical and therefore prevent failover to any other misconfigured LDAP group setting,” the company said.

As additional mitigation, it’s worth considering removing the secondary LDAP Group if it’s not required, as this eliminates the entire line of attack since no authentication via LDAP group will be possible, and the user will fail authentication if the username is not a match to a local entry.

However, the newly issued guidance does not give any specifics on the nature of the attacks exploiting the flaw, nor whether any of those incidents were successful. Fortinet has also advised impacted customers to contact its support team and reset all credentials if they find evidence of admin or VPN users being authenticated without 2FA.