Fortiguard Labs
Latest News
Outbreak Alert
Palo Alto Networks Management Interface Attack
Nov 21, 2024Palo Alto Networks has recently disclosed two zero-day vulnerabilities, CVE-2024-0012 and CVE-2024-9474, affecting the PAN-OS firewall and other products. Both flaws, which are actively being...
Outbreak Alert
Progress Kemp LoadMaster OS Command Injection Vulnerability
Nov 20, 2024FortiGuard network sensors detect attack attempts targeting the Progress Kemp LoadMaster. Successful exploitation of the CVE-2024-1212 vulnerability allows unauthenticated remote attackers to...
Threat Signal Report
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
Nov 15, 2024What is the Vulnerability?Microsoft Windows contains an NTLMv2 hash spoofing vulnerability (CVE-2024-43451) that could result in disclosing a user's NTLMv2 hash to an attacker via a file open...
Outbreak Alert
Palo Alto Expedition Missing Authentication Vulnerability
Nov 14, 2024FortiGuard sensors continue to detect and block attack attempts targeting the Palo Alto Expedition vulnerability (CVE-2024-5910). Successful exploitation, this vulnerability could allow attackers...
Threat Signal Report
Cisco URWB Access Point Command Injection Vulnerability (CVE-2024-20418)
Nov 07, 2024What is the Vulnerability?A maximum severity security (CVS Score 10.0) vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable...
Outbreak Alert
Mallox Ransomware
Oct 03, 2024FortiGuard Labs continue to see increase in Mallox ransomware related activities detecting Mallox ransomware on multiple hundred FortiGuard sensors. Ransomware infection may cause disruption,...
Threat Signal Report
Metabase Information Disclosure Vulnerability (CVE-2021-41277)
Oct 21, 2024What is the attack?FortiGuard Labs observes widespread attack attempts targeting a three-year-old Metabase vulnerability (CVE-2021-41277) detected by more than 30,000 sensors. Successful...
Threat Signal Report
Veeam Backup and Replication Deserialization Vulnerability (CVE-2024-40711)
Oct 17, 2024What is the Vulnerability?CVE-2024-40711 is a critical unauthenticated Remote Code Execution (RCE) vulnerability in Veeam Backup & Replication software. Threat actors could execute arbitrary code...
Outbreak Alert
Jenkins RCE Attack
Oct 09, 2024Cyber threat actors target Jenkins Arbitrary File Read vulnerability (CVE-2024-23897) in ransomware attacks. FortiGuard Labs continues to see active attack telemetry targeting the vulnerability.
Outbreak Alert
Synacor Zimbra Collaboration Command Execution Vulnerability
Oct 09, 2024Threat Actors are exploiting a recently fixed RCE vulnerability in Zimbra email servers, which can be exploited just by sending specially crafted emails to the SMTP server.
Threat Signal Report
Ivanti CSA (Cloud Services Appliance) zero-day Attack
Oct 08, 2024What is the Attack?Attackers are actively exploiting multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance) that could lead an attacker to gain admin access, bypass...
Publications
[Virus Bulletin 2024] Android Flutter Malware
Oct 02, 2024This talk explains how to use Blutter to analyze malicious Android samples such as Android/Fluhorse and Android/SpyLoan.
Threat Signal Report
Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)
Sep 26, 2024What is the Vulnerability?Ivanti Virtual Traffic Manager (vTM), a software application used to manage and optimize the delivery of applications across networks is affected by an authentication...
Threat Signal Report
Apache HugeGraph-Server Improper Access Control Vulnerability (CVE-2024-27348)
Sep 25, 2024What is the Vulnerability?CVE-2024-27348 is a remote code execution (RCE) vulnerability affecting Apache HugeGraph-Server. HugeGraph is a versatile graph database that integrates seamlessly with...
Outbreak Alert
GeoServer RCE Attack
Sep 23, 2024A remote code execution vulnerability affecting GeoServer is under active exploitation, with recent attack attempts observed on 40,000+ FortiGuard sensors. This vulnerability (CVE-2024-36401) is...
Threat Signal Report
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability (CVE-2024-8190)
Sep 13, 2024What is the Vulnerability?An OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) version 4.6 allows an authenticated attacker to remotely execute code. The attacker must...
Threat Signal Report
Raisecom Gateway Command Injection (CVE-2024-7120)
Sep 13, 2024What is the Attack?FortiGuard Labs observes attack attempts targeting certain models of Raisecom Gateway that are vulnerable to CVE-2024-7120. This attack can be initiated remotely and may lead to...
Outbreak Alert
Russian Cyber Espionage Attack
Sep 09, 2024FortiGuard Labs continues to observe attack attempts exploiting the vulnerabilities highlighted in the recent CISA advisory about Russian military cyber actors. These actors are targeting U.S. and...
Outbreak Alert
Palo Alto Networks Management Interface Attack
Nov 21, 2024Palo Alto Networks has recently disclosed two zero-day vulnerabilities, CVE-2024-0012 and CVE-2024-9474, affecting the PAN-OS firewall and other products. Both flaws, which are actively being...
Outbreak Alert
Progress Kemp LoadMaster OS Command Injection Vulnerability
Nov 20, 2024FortiGuard network sensors detect attack attempts targeting the Progress Kemp LoadMaster. Successful exploitation of the CVE-2024-1212 vulnerability allows unauthenticated remote attackers to...
Threat Signal Report
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
Nov 15, 2024What is the Vulnerability?Microsoft Windows contains an NTLMv2 hash spoofing vulnerability (CVE-2024-43451) that could result in disclosing a user's NTLMv2 hash to an attacker via a file open...
Outbreak Alert
Palo Alto Expedition Missing Authentication Vulnerability
Nov 14, 2024FortiGuard sensors continue to detect and block attack attempts targeting the Palo Alto Expedition vulnerability (CVE-2024-5910). Successful exploitation, this vulnerability could allow attackers...
Threat Signal Report
Cisco URWB Access Point Command Injection Vulnerability (CVE-2024-20418)
Nov 07, 2024What is the Vulnerability?A maximum severity security (CVS Score 10.0) vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable...
Outbreak Alert
Mallox Ransomware
Oct 03, 2024FortiGuard Labs continue to see increase in Mallox ransomware related activities detecting Mallox ransomware on multiple hundred FortiGuard sensors. Ransomware infection may cause disruption,...
Threat Signal Report
Metabase Information Disclosure Vulnerability (CVE-2021-41277)
Oct 21, 2024What is the attack?FortiGuard Labs observes widespread attack attempts targeting a three-year-old Metabase vulnerability (CVE-2021-41277) detected by more than 30,000 sensors. Successful...
Threat Signal Report
Veeam Backup and Replication Deserialization Vulnerability (CVE-2024-40711)
Oct 17, 2024What is the Vulnerability?CVE-2024-40711 is a critical unauthenticated Remote Code Execution (RCE) vulnerability in Veeam Backup & Replication software. Threat actors could execute arbitrary code...
Outbreak Alert
Jenkins RCE Attack
Oct 09, 2024Cyber threat actors target Jenkins Arbitrary File Read vulnerability (CVE-2024-23897) in ransomware attacks. FortiGuard Labs continues to see active attack telemetry targeting the vulnerability.
Outbreak Alert
Synacor Zimbra Collaboration Command Execution Vulnerability
Oct 09, 2024Threat Actors are exploiting a recently fixed RCE vulnerability in Zimbra email servers, which can be exploited just by sending specially crafted emails to the SMTP server.
Threat Signal Report
Ivanti CSA (Cloud Services Appliance) zero-day Attack
Oct 08, 2024What is the Attack?Attackers are actively exploiting multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance) that could lead an attacker to gain admin access, bypass...
Publications
[Virus Bulletin 2024] Android Flutter Malware
Oct 02, 2024This talk explains how to use Blutter to analyze malicious Android samples such as Android/Fluhorse and Android/SpyLoan.
Threat Signal Report
Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)
Sep 26, 2024What is the Vulnerability?Ivanti Virtual Traffic Manager (vTM), a software application used to manage and optimize the delivery of applications across networks is affected by an authentication...
Threat Signal Report
Apache HugeGraph-Server Improper Access Control Vulnerability (CVE-2024-27348)
Sep 25, 2024What is the Vulnerability?CVE-2024-27348 is a remote code execution (RCE) vulnerability affecting Apache HugeGraph-Server. HugeGraph is a versatile graph database that integrates seamlessly with...
Outbreak Alert
GeoServer RCE Attack
Sep 23, 2024A remote code execution vulnerability affecting GeoServer is under active exploitation, with recent attack attempts observed on 40,000+ FortiGuard sensors. This vulnerability (CVE-2024-36401) is...
Threat Signal Report
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability (CVE-2024-8190)
Sep 13, 2024What is the Vulnerability?An OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) version 4.6 allows an authenticated attacker to remotely execute code. The attacker must...
Threat Signal Report
Raisecom Gateway Command Injection (CVE-2024-7120)
Sep 13, 2024What is the Attack?FortiGuard Labs observes attack attempts targeting certain models of Raisecom Gateway that are vulnerable to CVE-2024-7120. This attack can be initiated remotely and may lead to...
Outbreak Alert
Russian Cyber Espionage Attack
Sep 09, 2024FortiGuard Labs continues to observe attack attempts exploiting the vulnerabilities highlighted in the recent CISA advisory about Russian military cyber actors. These actors are targeting U.S. and...
Outbreak Alert
Palo Alto Networks Management Interface Attack
Nov 21, 2024Palo Alto Networks has recently disclosed two zero-day vulnerabilities, CVE-2024-0012 and CVE-2024-9474, affecting the PAN-OS firewall and other products. Both flaws, which are actively being...
Outbreak Alert
Progress Kemp LoadMaster OS Command Injection Vulnerability
Nov 20, 2024FortiGuard network sensors detect attack attempts targeting the Progress Kemp LoadMaster. Successful exploitation of the CVE-2024-1212 vulnerability allows unauthenticated remote attackers to...
Threat Signal Report
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
Nov 15, 2024What is the Vulnerability?Microsoft Windows contains an NTLMv2 hash spoofing vulnerability (CVE-2024-43451) that could result in disclosing a user's NTLMv2 hash to an attacker via a file open...
Outbreak Alert
Palo Alto Expedition Missing Authentication Vulnerability
Nov 14, 2024FortiGuard sensors continue to detect and block attack attempts targeting the Palo Alto Expedition vulnerability (CVE-2024-5910). Successful exploitation, this vulnerability could allow attackers...
Threat Signal Report
Cisco URWB Access Point Command Injection Vulnerability (CVE-2024-20418)
Nov 07, 2024What is the Vulnerability?A maximum severity security (CVS Score 10.0) vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable...
Outbreak Alert
Mallox Ransomware
Oct 03, 2024FortiGuard Labs continue to see increase in Mallox ransomware related activities detecting Mallox ransomware on multiple hundred FortiGuard sensors. Ransomware infection may cause disruption,...
Threat Signal Report
Metabase Information Disclosure Vulnerability (CVE-2021-41277)
Oct 21, 2024What is the attack?FortiGuard Labs observes widespread attack attempts targeting a three-year-old Metabase vulnerability (CVE-2021-41277) detected by more than 30,000 sensors. Successful...
Threat Signal Report
Veeam Backup and Replication Deserialization Vulnerability (CVE-2024-40711)
Oct 17, 2024What is the Vulnerability?CVE-2024-40711 is a critical unauthenticated Remote Code Execution (RCE) vulnerability in Veeam Backup & Replication software. Threat actors could execute arbitrary code...
Outbreak Alert
Jenkins RCE Attack
Oct 09, 2024Cyber threat actors target Jenkins Arbitrary File Read vulnerability (CVE-2024-23897) in ransomware attacks. FortiGuard Labs continues to see active attack telemetry targeting the vulnerability.
Outbreak Alert
Synacor Zimbra Collaboration Command Execution Vulnerability
Oct 09, 2024Threat Actors are exploiting a recently fixed RCE vulnerability in Zimbra email servers, which can be exploited just by sending specially crafted emails to the SMTP server.
Threat Signal Report
Ivanti CSA (Cloud Services Appliance) zero-day Attack
Oct 08, 2024What is the Attack?Attackers are actively exploiting multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance) that could lead an attacker to gain admin access, bypass...
Publications
[Virus Bulletin 2024] Android Flutter Malware
Oct 02, 2024This talk explains how to use Blutter to analyze malicious Android samples such as Android/Fluhorse and Android/SpyLoan.
Threat Signal Report
Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)
Sep 26, 2024What is the Vulnerability?Ivanti Virtual Traffic Manager (vTM), a software application used to manage and optimize the delivery of applications across networks is affected by an authentication...
Threat Signal Report
Apache HugeGraph-Server Improper Access Control Vulnerability (CVE-2024-27348)
Sep 25, 2024What is the Vulnerability?CVE-2024-27348 is a remote code execution (RCE) vulnerability affecting Apache HugeGraph-Server. HugeGraph is a versatile graph database that integrates seamlessly with...
Outbreak Alert
GeoServer RCE Attack
Sep 23, 2024A remote code execution vulnerability affecting GeoServer is under active exploitation, with recent attack attempts observed on 40,000+ FortiGuard sensors. This vulnerability (CVE-2024-36401) is...
Threat Signal Report
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability (CVE-2024-8190)
Sep 13, 2024What is the Vulnerability?An OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) version 4.6 allows an authenticated attacker to remotely execute code. The attacker must...
Threat Signal Report
Raisecom Gateway Command Injection (CVE-2024-7120)
Sep 13, 2024What is the Attack?FortiGuard Labs observes attack attempts targeting certain models of Raisecom Gateway that are vulnerable to CVE-2024-7120. This attack can be initiated remotely and may lead to...
Outbreak Alert
Russian Cyber Espionage Attack
Sep 09, 2024FortiGuard Labs continues to observe attack attempts exploiting the vulnerabilities highlighted in the recent CISA advisory about Russian military cyber actors. These actors are targeting U.S. and...
Services
-
Network -
Application -
Files and Endpoint -
Security Operations
Select one for more details:
-
Anti-recon and Exploit
-
Botnet Domain Reputation DB
-
Data Loss Prevention
-
Indicators of Compromise
-
Intrusion Protection
-
IP Reputation/Anti-Botnet
-
Internet Services
-
Secure DNS
-
Application Control
-
Web Application Security (FADC)
-
Client Application Firewall
-
Web Application Security (FWB)
-
OT Threat
-
IoT Detection
-
Web Filtering
-
Inline-CASB Application Definitions
