Outbreak Alerts

FortiGuard Outbreak Alerts will be the mechanism for communicating important information to customers and partners. When a cybersecurity incident/attack/event occurs that has large ramifications to the cybersecurity industry and affects numerous organizations, this page will be updated with a link to the individual FortiGuard Outbreak Alert. That Alert will include:

  • An explanation of the attack, its timeline and what specific technology was affected
  • Where applicable patches and/or mitigation recommendations can be found
  • What Fortinet products, if deployed, would break the attack sequence
  • What specific versions those Fortinet products need to be at to provide the protection
  • Threat Hunting tools from Fortinet to help you determine if you were affected
  • Related research from FortiGuard Labs
The WPGateway plugin vulnerability can allow an unauthenticated remote attacker to add a malicious user with admin privileges and completely take over the WordPress sites.

Sep 20, 2022 Severity: Critical
A 0-day exploit was discovered on a popular Java library Log4j2 that can result to a Remote Code Execution (RCE). This is a widely deployed library, and while systems protected by Fortinet Security Fabric are secured by the protections below, all systems need to upgrade ASAP as this is 10.0...

Jun 27, 2022 Severity: Critical
A remote code execution vulnerability exists in Spring Framework with JDK version 9 due to an insecure deserialization exploit. The exploit is based on insufficient validation of input that an attacker can perform a remote code execution. Spring is encouraging customers to upgrade to Spring...

Mar 31, 2022 Severity: Critical
A remote code execution vulnerability exists in Windows OS when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs;...

Mar 16, 2022 Severity: Critical
This report focusses on the Kaseya vulnerability itself -- A separate (dedicated) report is available for the REvil ransomware which exploits this vunlerability. Kaseya VSA product is the victim of a sophisticated cyberattack causing many of its customers to be infected with ransomware. On July...

Jul 05, 2021 Severity: Critical