Outbreak Alerts

FortiGuard Outbreak Alerts will be the mechanism for communicating important information to customers and partners. When a cybersecurity incident/attack/event occurs that has large ramifications to the cybersecurity industry and affects numerous organizations, this page will be updated with a link to the individual FortiGuard Outbreak Alert. That Alert will include:

  • An explanation of the attack, its timeline and what specific technology was affected
  • Where applicable patches and/or mitigation recommendations can be found
  • What Fortinet products, if deployed, would break the attack sequence
  • What specific versions those Fortinet products need to be at to provide the protection
  • Threat Hunting tools from Fortinet to help you determine if you were affected
  • Related research from FortiGuard Labs
Asea Brown Boveri (ABB), a Swiss industrial automation firm which develops flow computers, a special-purpose electronic instrument used by oil and gas manufacturers to interpret data and calculate oil and gas flow rates and volume are affected by a vulnerability that could allow hackers to cause...

Released: Nov 16, 2022 Updated: Nov 16, 2022 Severity: High
An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack in X.509 certificate verification, specifically, in name constraint checking. This buffer overflow could result in a crash which can cause a denial of service or potentially a remote code execution.

Released: Apr 11, 2022 Updated: Nov 04, 2022 Severity: High
Fortinet researchers observed VMware vulnerability (CVE-2022-22954) being exploited in the wild and leveraged to deliver multiple malware payloads such as cryptocurrency miners and ransomware on the affected machines. During August 2022, more than 50,000 devices were seen in attack attempts...

Released: Oct 26, 2022 Updated: Oct 26, 2022 Severity: High
A vulnerability on Apache Commons Text library that can allow the attacker to do a Remote Code Execution (RCE) via its interpolation. FortiGuard has added protections throughout the Security Fabric to safeguard its customers from possible attacks.

Released: Oct 21, 2022 Updated: Oct 21, 2022 Severity: High
Researchers at Microsoft Threat Intelligence Center (MSTIC) have identified evidence of a novel ransomware campaign targeting organizations in the transportation and logistics industries in Ukraine and Poland. According to the report, the new ransomware labels itself with a ransom note of...

Released: Oct 18, 2022 Updated: Oct 18, 2022 Severity: Medium
Joint Cybersecurity Advisory (CSA) has released the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by Peoples Republic of China (PRC) state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and...

Released: Oct 18, 2022 Updated: Oct 18, 2022 Severity: Critical
Critical zero-day vulnerabilities that can allow the attacker to do a Remote Code Execution (RCE) on Microsoft Exchange Servers. FortiGuard has added multiple protections throughout the Security Fabric to safeguard its customers from attacks exploiting these zero-day vulnerabilities.

Released: Sep 29, 2022 Updated: Sep 29, 2022 Severity: Critical
The WPGateway plugin vulnerability can allow an unauthenticated remote attacker to add a malicious user with admin privileges and completely take over the WordPress sites.

Released: Sep 20, 2022 Updated: Sep 20, 2022 Severity: Medium
Apache webservers running an older and vulnerable version of Apache 2.4.49 and 2.4.50 are still deployed on various could platforms. According to Shodan, 6000+ webservers could still be vulnerable to a path traversal attack and can eventually lead to remote code execution.

Released: Sep 14, 2022 Updated: Sep 14, 2022 Severity: Medium
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files. By bypassing authentication, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. The vulnerability exists due...

Released: Aug 25, 2022 Updated: Sep 06, 2022 Severity: High