As cyber threats continue to grow and evolve, so does the need for innovative solutions and reliable threat intelligence. Using millions of global network sensors, FortiGuard Labs monitors the worldwide attack surface and employs artificial intelligence (AI) to mine that data for new threats, ensuring you are prepared for what’s coming.
When a cybersecurity attack with large ramifications affects numerous organizations, FortiGuard Outbreak Alerts are here to help you understand what happened, learn the technical details of the attack, and how you can protect yourself now and in the future.
What is Ivanti Connect Secure and Policy Secure Attack?
Ivanti disclosed two zero-day vulnerabilities in their Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways. CVE-2023-46805 is a vulnerability found in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure. This authentication bypass vulnerability allows a remote attacker to access restricted resources by bypassing control checks. While CVE-2024-21887 is a command injection vulnerability in the same web components. Read more
The CVE-2023-46805 and CVE-2024-21887 vulnerabilities are coupled together to perform exploitation on servers running on the Ivanti software. The attack does not require authentication and enables a threat actor to send malicious requests and execute arbitrary commands on the system for further exploitation. FortiGuard Labs has observed high exploitation attempts since the release of the signature to detect and block the Ivanti ICS Authentication Bypass vulnerability (CVE-2023-46805). FortiGuard Labs recommends administrators to follow vendor’s mitigation steps and apply patches as soon as they are provided.
An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack. Read less
What is Androxgh0st Malware Attack?
FortiGuard Labs continue to observe widespread activity of Androxgh0st Malware in the wild exploiting multiple vulnerabilities, specifically targeting- the PHPUnit (CVE-2017-9841), Laravel Framework (CVE-2018-15133) and Apache Web Server (CVE-2021-41773) to spread and conduct information gathering attacks on the target networks. Read more
AndroxGh0st malware is a python-based malware, which primarily targets user environment (.env) files. These files may contain credentials for various high-profile applications such as AWS, O365, SendGrid, and Twilio. AndroxGh0st has numerous malicious functions to abuse SMTP, scan and exploit exposed credentials and APIs, and deploy web shell to maintain persistent access to systems.
An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack. Read less
What is Adobe ColdFusion Access Control Bypass Attack?
FortiGuard labs observed extremely widespread exploitation attempts relating to security bypass vulnerabilities in Adobe ColdFusion. With IPS detections reaching up- to 50,000+ unique detections in January 2024. Read more
The vulnerabilities (CVE-2023-26347, CVE-2023-38205, CVE-2023-29298) allow an attacker to bypass the Secure Profile feature that restricts external access to the ColdFusion Administrator. Successful exploitation could result in access to the ColdFusion Administration endpoints and attackers could further exploit and chain CVE-2023-38203 to achieve remote code execution attacks.
An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack. Read less
Cyberattacks can occur at any time. The number of outbreak alerts you receive can vary anywhere from once per month to several times per week.
Join Fortinet's top threat experts as they delve into today's critical cybersecurity topics and the ever-evolving cyber threat landscape.
|
Join us for another episode of the FortiGuard Labs Threat Intelligence Podcast as Jonas Walker and Aamir Lakhani join forces to discuss the recent MOVEit vulnerability and how the Cl0p ransomware groups have orchestrated an extensive campaign around it, making over $100M in revenue.
Listen Now
The FortiGuard Labs Threat Research team recently observed a number of social media posts commenting on a fraud campaign targeting India Post users. Learn more.
FortiGuard Labs has observed a stealer campaign spreading multiple files that exploit CVE-2024-21412 to download malicious executable files. Read more.
According to new FortiGuard Labs analysis, this year’s Olympics has been a target for a growing number of cybercriminals. This report provides a comprehensive view of planned attacks, such as third-party breaches, infostealers, phishing, and malware. Read more.
FortiGuard Labs uncovers MerkSpy, a new spyware exploiting CVE-2021-40444 to steal keystrokes and sensitive data. Learn more.
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers. Over the past month, FortiGuard Labs has been monitoring botnets that have adopted this strategy. Learn more.
FortiGuard Labs has uncovered a fresh threat, Fickle stealer, which is distributed via various strategies. Read more.
Shinra and Limpopo are recent ransomware designed to encrypt files in Windows and VMWare ESXi environments respectively, and they demand payment from victims to decrypt the files.
A new phishing campaign was recently captured by our FortiGuard Labs that spreads a new Agent Tesla variant targeting Spanish-speaking people. Learn more.
FBI Warns against public phone charging stations
To address the talent shortage facing SOC teams Fortinet's enhanced services help SOC teams reduce their cyber risk concerns and allowing more time for higher-priority projects. View the details in the press release.
New research underscores the importance of effective cyber awareness training for employees to decrease cyber risks, with more than 50% of leaders indicating their employees lack proper knowledge
“Fortinet is honored to become a member of JCDC to build on our existing collaboration and trusted relationship with the U.S. government to help improve our nation’s cybersecurity.” - Ken Xie, Founder, Chairman of the Board, and Chief Executive Officer at Fortinet
By integrating current threat intelligence into defense strategies, cybersecurity staff can effectively anticipate, prevent, and respond to cyberattacks. This webinar will walk through the concept of Threat Informed Defense, the MITRE CTID, two recently published projects, and current projects in the works.
The threat landscape is changing faster than ever. Over the past six months, FortiGuard Labs identified 10,666 new ransomware variants—twice as many as in the previous 6 months. See what our experts had to say.
Our FortiGuard Labs experts discuss the cyber threat activity we saw in the second half of 2022, predictions for 2023, and smart strategies you can implement today.
FortiGuard Labs Global Threat Landscape Report offers a snapshot of the active threat landscape and highlights the latest industry trends.
Gain an in-depth understanding of various threat categories, including vulnerabilities, targeted attacks, ransomware campaigns, and OT- and IoT-related threats.
FortiGuard Labs’ threat predictions report examines a new era of advanced persistent cybercrime, discusses how AI is changing the attack game, and shares fresh trends to watch for in 2024.
The FortiGuard Incident Response team provides both proactive and reactive incident response services, which are platform-agnostic and available to all organizations across the globe. Incident response teams like ours get unique exposure to attacks and threat vectors compared to many teams working in the cybersecurity field as we are often involved in investigating incidents where the victim’s defenses have failed.
FortiGuard Labs 1H 2023 Global Threat Landscape Report provides valuable intelligence and early warning for potential threat activity.
An Annual Perspective by FortiGuard Labs
New vulnerabilities are on the rise, but don’t count out the old. Don’t become a statistic - get the latest Global Threat Landscape report.
FortiGuard Labs Global Threat Landscape Report offers a snapshot of the active threat landscape and highlights the latest industry trends.
FortiGuard Labs 1H 2023 Global Threat Landscape Report provides valuable intelligence and early warning for potential threat activity.
New vulnerabilities are on the rise, but don’t count out the old. Don’t become a statistic - get the latest Global Threat Landscape report.
FortiGuard Labs believes that sharing intelligence and working with other threat intelligence organizations improves protections for customers and enhances the effectiveness of the entire cybersecurity industry. Our leadership helps take the fight to our adversaries and produces a more successful disruption model by leveraging these relationships.
For decades we have been faced with the classic ‘last mile’ challenge when it comes to information sharing and threat intelligence.
Guarda ora
Fortinet is now an official Research Partner with MITRE Engenuity’s Center for Threat-Informed Defense (Center).
Read Blog
FortiGuard application security services protect, monitor, and optimize application performance and usage.
Consulta guide alle soluzioni, eBook, schede tecniche, rapporti degli analisti e altro ancora.
