Fortiguard Labs
Latest News
Threat Signal Report
Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)
Sep 26, 2024What is the Vulnerability?Ivanti Virtual Traffic Manager (vTM), a software application used to manage and optimize the delivery of applications across networks is affected by an authentication...
Threat Signal Report
Apache HugeGraph-Server Improper Access Control Vulnerability (CVE-2024-27348)
Sep 25, 2024What is the Vulnerability?CVE-2024-27348 is a remote code execution (RCE) vulnerability affecting Apache HugeGraph-Server. HugeGraph is a versatile graph database that integrates seamlessly with...
Outbreak Alert
GeoServer RCE Attack
Sep 23, 2024A remote code execution vulnerability affecting GeoServer is under active exploitation, with recent attack attempts observed on 40,000+ FortiGuard sensors. This vulnerability (CVE-2024-36401) is...
Threat Signal Report
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability (CVE-2024-8190)
Sep 13, 2024What is the Vulnerability?An OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) version 4.6 allows an authenticated attacker to remotely execute code. The attacker must...
Threat Signal Report
Raisecom Gateway Command Injection (CVE-2024-7120)
Sep 13, 2024What is the Attack?FortiGuard Labs observes attack attempts targeting certain models of Raisecom Gateway that are vulnerable to CVE-2024-7120. This attack can be initiated remotely and may lead to...
Outbreak Alert
Russian Cyber Espionage Attack
Sep 09, 2024FortiGuard Labs continues to observe attack attempts exploiting the vulnerabilities highlighted in the recent CISA advisory about Russian military cyber actors. These actors are targeting U.S. and...
Threat Signal Report
Versa Director Dangerous File Type Upload Vulnerability (CVE-2024-39717)
Aug 27, 2024What is the Vulnerability?The Versa Director GUI contains a zero-day dangerous file type upload vulnerability (CVE-2024-39717) that allows attackers to upload potentially malicious files, granting...
Outbreak Alert
Jenkins RCE Attack
Aug 20, 2024Cyber threat actors target Jenkins Arbitrary File Read vulnerability (CVE-2024-23897) in ransomware attacks. FortiGuard Labs continues to see active attack telemetry targeting the vulnerability.
Threat Signal Report
Microsoft Multiple Actively Exploited Vulnerabilities
Aug 14, 2024What are the Vulnerabilities?Threat actors are exploiting multiple zero-day vulnerabilities that were recently disclosed on the Microsoft Security Updates- August 2024. The six actively exploited...
Outbreak Alert
ServiceNow Remote Code Execution Attack
Jul 30, 2024FortiGuard Labs continue to observe attack attempts targeting the recent ServiceNow Platform vulnerabilities (CVE-2024-4879, CVE-2024-5217, & CVE-2024-5178). When chained together, could lead to...
Threat Signal Report
SnakeKeylogger Attack
Aug 01, 2024What is the Attack?Threat actors are continuously preying on end users to unknowingly install a trojan stealer known as SnakeKeylogger or KrakenKeylogger. This trojan was developed using .NET and...
Threat Signal Report
VMware ESXi Ransomware Attack (CVE-2024-37085)
Jul 31, 2024What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi...
Threat Signal Report
ServiceNow Improper Input Validation Vulnerability (CVE-2024-4879)
Jul 29, 2024What is the vulnerability?A critical input validation vulnerability (CVE-2024–4879) is identified in ServiceNow’s Now platform hosted in Vancouver and Washington DC, exploiting this vulnerability...
Threat Signal Report
Threat Actors leveraging the recent CrowdStrike update outage
Jul 19, 2024What is the Threat?FortiGuard Labs is aware of the campaigns used by threat actors to spread malware, using phishing and scams to take advantage of the recent widespread global IT outage affecting...
Threat Signal Report
SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)
Jul 17, 2024What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper...
Threat Signal Report
Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-38112)
Jul 16, 2024What is the Vulnerability?CVE-2024-38112 is a spoofing vulnerability in Windows MSHTML Platform. The attacker can abuse internet shortcuts and Microsoft protocol handlers to execute malicious...
Threat Signal Report
Progress Telerik Report Server Authentication Bypass Vulnerability
Jul 08, 2024What is the Vulnerability?Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability, allowing an attacker to bypass authentication and create rogue administrator...
Threat Signal Report
Brain Cipher Ransomware Attack
Jun 28, 2024What is the attack?A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia’s government-owned national data centers. This incident involved threat actors encrypting...
Threat Signal Report
Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)
Sep 26, 2024What is the Vulnerability?Ivanti Virtual Traffic Manager (vTM), a software application used to manage and optimize the delivery of applications across networks is affected by an authentication...
Threat Signal Report
Apache HugeGraph-Server Improper Access Control Vulnerability (CVE-2024-27348)
Sep 25, 2024What is the Vulnerability?CVE-2024-27348 is a remote code execution (RCE) vulnerability affecting Apache HugeGraph-Server. HugeGraph is a versatile graph database that integrates seamlessly with...
Outbreak Alert
GeoServer RCE Attack
Sep 23, 2024A remote code execution vulnerability affecting GeoServer is under active exploitation, with recent attack attempts observed on 40,000+ FortiGuard sensors. This vulnerability (CVE-2024-36401) is...
Threat Signal Report
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability (CVE-2024-8190)
Sep 13, 2024What is the Vulnerability?An OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) version 4.6 allows an authenticated attacker to remotely execute code. The attacker must...
Threat Signal Report
Raisecom Gateway Command Injection (CVE-2024-7120)
Sep 13, 2024What is the Attack?FortiGuard Labs observes attack attempts targeting certain models of Raisecom Gateway that are vulnerable to CVE-2024-7120. This attack can be initiated remotely and may lead to...
Outbreak Alert
Russian Cyber Espionage Attack
Sep 09, 2024FortiGuard Labs continues to observe attack attempts exploiting the vulnerabilities highlighted in the recent CISA advisory about Russian military cyber actors. These actors are targeting U.S. and...
Threat Signal Report
Versa Director Dangerous File Type Upload Vulnerability (CVE-2024-39717)
Aug 27, 2024What is the Vulnerability?The Versa Director GUI contains a zero-day dangerous file type upload vulnerability (CVE-2024-39717) that allows attackers to upload potentially malicious files, granting...
Outbreak Alert
Jenkins RCE Attack
Aug 20, 2024Cyber threat actors target Jenkins Arbitrary File Read vulnerability (CVE-2024-23897) in ransomware attacks. FortiGuard Labs continues to see active attack telemetry targeting the vulnerability.
Threat Signal Report
Microsoft Multiple Actively Exploited Vulnerabilities
Aug 14, 2024What are the Vulnerabilities?Threat actors are exploiting multiple zero-day vulnerabilities that were recently disclosed on the Microsoft Security Updates- August 2024. The six actively exploited...
Outbreak Alert
ServiceNow Remote Code Execution Attack
Jul 30, 2024FortiGuard Labs continue to observe attack attempts targeting the recent ServiceNow Platform vulnerabilities (CVE-2024-4879, CVE-2024-5217, & CVE-2024-5178). When chained together, could lead to...
Threat Signal Report
SnakeKeylogger Attack
Aug 01, 2024What is the Attack?Threat actors are continuously preying on end users to unknowingly install a trojan stealer known as SnakeKeylogger or KrakenKeylogger. This trojan was developed using .NET and...
Threat Signal Report
VMware ESXi Ransomware Attack (CVE-2024-37085)
Jul 31, 2024What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi...
Threat Signal Report
ServiceNow Improper Input Validation Vulnerability (CVE-2024-4879)
Jul 29, 2024What is the vulnerability?A critical input validation vulnerability (CVE-2024–4879) is identified in ServiceNow’s Now platform hosted in Vancouver and Washington DC, exploiting this vulnerability...
Threat Signal Report
Threat Actors leveraging the recent CrowdStrike update outage
Jul 19, 2024What is the Threat?FortiGuard Labs is aware of the campaigns used by threat actors to spread malware, using phishing and scams to take advantage of the recent widespread global IT outage affecting...
Threat Signal Report
SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)
Jul 17, 2024What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper...
Threat Signal Report
Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-38112)
Jul 16, 2024What is the Vulnerability?CVE-2024-38112 is a spoofing vulnerability in Windows MSHTML Platform. The attacker can abuse internet shortcuts and Microsoft protocol handlers to execute malicious...
Threat Signal Report
Progress Telerik Report Server Authentication Bypass Vulnerability
Jul 08, 2024What is the Vulnerability?Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability, allowing an attacker to bypass authentication and create rogue administrator...
Threat Signal Report
Brain Cipher Ransomware Attack
Jun 28, 2024What is the attack?A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia’s government-owned national data centers. This incident involved threat actors encrypting...
Threat Signal Report
Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)
Sep 26, 2024What is the Vulnerability?Ivanti Virtual Traffic Manager (vTM), a software application used to manage and optimize the delivery of applications across networks is affected by an authentication...
Threat Signal Report
Apache HugeGraph-Server Improper Access Control Vulnerability (CVE-2024-27348)
Sep 25, 2024What is the Vulnerability?CVE-2024-27348 is a remote code execution (RCE) vulnerability affecting Apache HugeGraph-Server. HugeGraph is a versatile graph database that integrates seamlessly with...
Outbreak Alert
GeoServer RCE Attack
Sep 23, 2024A remote code execution vulnerability affecting GeoServer is under active exploitation, with recent attack attempts observed on 40,000+ FortiGuard sensors. This vulnerability (CVE-2024-36401) is...
Threat Signal Report
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability (CVE-2024-8190)
Sep 13, 2024What is the Vulnerability?An OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) version 4.6 allows an authenticated attacker to remotely execute code. The attacker must...
Threat Signal Report
Raisecom Gateway Command Injection (CVE-2024-7120)
Sep 13, 2024What is the Attack?FortiGuard Labs observes attack attempts targeting certain models of Raisecom Gateway that are vulnerable to CVE-2024-7120. This attack can be initiated remotely and may lead to...
Outbreak Alert
Russian Cyber Espionage Attack
Sep 09, 2024FortiGuard Labs continues to observe attack attempts exploiting the vulnerabilities highlighted in the recent CISA advisory about Russian military cyber actors. These actors are targeting U.S. and...
Threat Signal Report
Versa Director Dangerous File Type Upload Vulnerability (CVE-2024-39717)
Aug 27, 2024What is the Vulnerability?The Versa Director GUI contains a zero-day dangerous file type upload vulnerability (CVE-2024-39717) that allows attackers to upload potentially malicious files, granting...
Outbreak Alert
Jenkins RCE Attack
Aug 20, 2024Cyber threat actors target Jenkins Arbitrary File Read vulnerability (CVE-2024-23897) in ransomware attacks. FortiGuard Labs continues to see active attack telemetry targeting the vulnerability.
Threat Signal Report
Microsoft Multiple Actively Exploited Vulnerabilities
Aug 14, 2024What are the Vulnerabilities?Threat actors are exploiting multiple zero-day vulnerabilities that were recently disclosed on the Microsoft Security Updates- August 2024. The six actively exploited...
Outbreak Alert
ServiceNow Remote Code Execution Attack
Jul 30, 2024FortiGuard Labs continue to observe attack attempts targeting the recent ServiceNow Platform vulnerabilities (CVE-2024-4879, CVE-2024-5217, & CVE-2024-5178). When chained together, could lead to...
Threat Signal Report
SnakeKeylogger Attack
Aug 01, 2024What is the Attack?Threat actors are continuously preying on end users to unknowingly install a trojan stealer known as SnakeKeylogger or KrakenKeylogger. This trojan was developed using .NET and...
Threat Signal Report
VMware ESXi Ransomware Attack (CVE-2024-37085)
Jul 31, 2024What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi...
Threat Signal Report
ServiceNow Improper Input Validation Vulnerability (CVE-2024-4879)
Jul 29, 2024What is the vulnerability?A critical input validation vulnerability (CVE-2024–4879) is identified in ServiceNow’s Now platform hosted in Vancouver and Washington DC, exploiting this vulnerability...
Threat Signal Report
Threat Actors leveraging the recent CrowdStrike update outage
Jul 19, 2024What is the Threat?FortiGuard Labs is aware of the campaigns used by threat actors to spread malware, using phishing and scams to take advantage of the recent widespread global IT outage affecting...
Threat Signal Report
SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)
Jul 17, 2024What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper...
Threat Signal Report
Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-38112)
Jul 16, 2024What is the Vulnerability?CVE-2024-38112 is a spoofing vulnerability in Windows MSHTML Platform. The attacker can abuse internet shortcuts and Microsoft protocol handlers to execute malicious...
Threat Signal Report
Progress Telerik Report Server Authentication Bypass Vulnerability
Jul 08, 2024What is the Vulnerability?Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability, allowing an attacker to bypass authentication and create rogue administrator...
Threat Signal Report
Brain Cipher Ransomware Attack
Jun 28, 2024What is the attack?A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia’s government-owned national data centers. This incident involved threat actors encrypting...
Services
-
Network -
Application -
Files and Endpoint -
Security Operations
Select one for more details:
-
Anti-recon and Exploit
-
Botnet Domain Reputation DB
-
Data Loss Prevention
-
Indicators of Compromise
-
Intrusion Protection
-
IP Reputation/Anti-Botnet
-
Internet Services
-
Secure DNS
-
Application Control
-
Web Application Security (FADC)
-
Client Application Firewall
-
Web Application Security (FWB)
-
OT Threat
-
IoT Detection
-
Web Filtering
-
Inline-CASB Application Definitions
