Outbreak Alerts

FortiGuard Outbreak Alerts will be the mechanism for communicating important information to customers and partners. When a cybersecurity incident/attack/event occurs that has large ramifications to the cybersecurity industry and affects numerous organizations, this page will be updated with a link to the individual FortiGuard Outbreak Alert. That Alert will include:

  • An explanation of the attack, its timeline and what specific technology was affected
  • Where applicable patches and/or mitigation recommendations can be found
  • What Fortinet products, if deployed, would break the attack sequence
  • What specific versions those Fortinet products need to be at to provide the protection
  • Threat Hunting tools from Fortinet to help you determine if you were affected
  • Related research from FortiGuard Labs
FortiGuard Labs has observed various older router vulnerabilities still being exploited in the wild to distribute malware such as MooBot Malware, Lucifer Malware, BotenaGo Botnet, Zerobot Malware and Enemybot Malware.

Feb 01, 2023 Severity: High
In the year 2022, FortiGuard IPS and FortiGuard AV/Sandbox blocked three trillion and six trillion hits respectively from vulnerabilities, malware and 0-day attacks. Those encompassed several thousand varieties of Remote Code Execution, Cross-Site Scripting, Elevation of Privilege, Denial of...

Jan 20, 2023 Severity: Critical
A command injection vulnerability that allows remote attackers to easily exploit CWP (Control Web Panel) with a crafted HTTP request which can result in Remote Code Execution. According to Shodan, there are thousands of servers that could still be vulnerable to CVE-2022-44877. This vulnerability...

Jan 19, 2023 Severity: High
Zerobot is a Go-based botnet that spreads primarily through IoT and web application vulnerabilities. According to Fortinet research analysis the most recent distribution of Zerobot includes additional capabilities such a new DDoS attack capabilities and exploiting Apache vulnerabilities.

Dec 27, 2022 Severity: Critical
In Spring Cloud Function versions 3.2.2, 3.1.6, and older versions, it is possible for an attacker to provide a specially crafted malicious expression that may result in remote code execution and access to local resources. With CVSS base score of 9.8 and publicly available proof of concept, this...

Dec 20, 2022 Severity: High
Recently, security researchers at Claroty posted a blog describing a method for bypassing some vendors WAF solutions. The attack technique involves appending JSON syntax to SQL injection payloads.

Dec 20, 2022 Severity: High
Microsoft disclosed on Tuesday (Dec 13, 2022) that drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity and Microsoft Threat Intelligence Center (MSTIC) ongoing analysis indicates that the signed malicious drivers were...

Dec 16, 2022 Severity: High
According to FortiGuard Labs researcher, the two vulnerabilities could eventually lead to information disclosure. The CVE-2021-26085 for Atlassian Confluence Server could allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/...

Dec 13, 2022 Severity: Medium
Go based malware that targets Redis server's vulnerability CVE-2022-0543 allowing threat actors to drop the Redigo malware and gain server access.

Dec 08, 2022 Severity: Medium
The Hive ransomware gang has received up to $100+ million in ransom payments from more than 1,300 victims according to a joint advisory released by the FBI, the U.S. Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services.

Nov 22, 2022 Severity: Critical