Fortiguard Labs
Latest News
Threat Signal Report
Progress Telerik Report Server Authentication Bypass Vulnerability
Jul 08, 2024What is the Vulnerability?Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability, allowing an attacker to bypass authentication and create rogue administrator...
Threat Signal Report
Brain Cipher Ransomware Attack
Jun 28, 2024What is the attack?A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia’s government-owned national data centers. This incident involved threat actors encrypting...
Threat Signal Report
Polyfill.io Supply Chain Attack
Jun 26, 2024What is the attack?Over 100,000+ sites have been impacted by a supply chain attack involving the Polyfill.io service. Polyfill is a popular tool used for enhancing browser capabilities by hundreds...
Outbreak Alert
Ivanti Connect Secure and Policy Secure Attack
Jun 25, 2024Widespread exploitation of zero-day vulnerabilities affecting Ivanti Connect Secure and Policy Secure gateways underway.
Outbreak Alert
PHP RCE Attack
Jun 12, 2024FortiGuard Labs has observed significant level of exploitation attempts targeting the new PHP vulnerability. The TellYouThePass ransomware gang has been leveraging CVE-2024-4577, a remote code...
Threat Signal Report
Oracle WebLogic Server Vulnerabilities (CVE-2023-21839, CVE-2017-3506)
Jun 04, 2024What is the attack?A threat actor known as “8220 Gang” is seen exploiting two vulnerabilities in the Oracle WebLogic server: CVE-2017-3506, which allows remote OS command execution, and...
Outbreak Alert
Check Point Quantum Security Gateways Information Disclosure Attack
May 27, 2024Attackers exploit a zero-day vulnerability affecting Check Point Security Gateways to gain remote access. The vulnerability can allow attackers to read sensitive information on Check Point...
Outbreak Alert
D-Link Multiple Devices Attack
May 24, 2024Multiple D-link device vulnerabilities are being actively targeted. Many of the Routers and NAS devices are end-of-life (EOL) D-Link devices that do not have any patches available.
Threat Signal Report
Genesis Market Malware Attack
May 22, 2024What is the attack?The FortiGuard Lab’s EDR team recently identified malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was...
Threat Signal Report
NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)
May 21, 2024What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw...
Outbreak Alert
Black Basta Ransomware
May 17, 2024A new alert from CISA, the FBI, the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that Black Basta affiliates have...
Publications
[Insomni'hack 2024] The Accessibility Abyss: Navigating Android Malware Waters
May 16, 2024This talk is about Android malware which abuse the Accessibility Service API.
Publications
[BlackAlps 2022] You wont ever write Frida scripts again... (actually, yes, you will, it's just a fancy title)
May 16, 2024This talk explains how to unpack Android malware using either static unpackers, or dynamic unpacking with Medusa.
Outbreak Alert
ConnectWise ScreenConnect Attack
May 13, 2024Threat actors including ransomware gangs are seen exploiting newly discovered critical flaws in remote monitoring and management software called ScreenConnect.
Threat Signal Report
Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
May 13, 2024What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible for rendering and displaying web content. This “use...
Threat Signal Report
Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
May 07, 2024What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory...
Threat Signal Report
GitLab Password Reset Vulnerability (CVE-2023-7028)
May 02, 2024What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may...
Threat Signal Report
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315)
May 01, 2024What is the vulnerability?The CVE-2023-32315 is a path traversal vulnerability that affects all Openfire versions since version 3.1.0. Successful exploitation of this vulnerability could allow...
Threat Signal Report
Progress Telerik Report Server Authentication Bypass Vulnerability
Jul 08, 2024What is the Vulnerability?Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability, allowing an attacker to bypass authentication and create rogue administrator...
Threat Signal Report
Brain Cipher Ransomware Attack
Jun 28, 2024What is the attack?A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia’s government-owned national data centers. This incident involved threat actors encrypting...
Threat Signal Report
Polyfill.io Supply Chain Attack
Jun 26, 2024What is the attack?Over 100,000+ sites have been impacted by a supply chain attack involving the Polyfill.io service. Polyfill is a popular tool used for enhancing browser capabilities by hundreds...
Outbreak Alert
Ivanti Connect Secure and Policy Secure Attack
Jun 25, 2024Widespread exploitation of zero-day vulnerabilities affecting Ivanti Connect Secure and Policy Secure gateways underway.
Outbreak Alert
PHP RCE Attack
Jun 12, 2024FortiGuard Labs has observed significant level of exploitation attempts targeting the new PHP vulnerability. The TellYouThePass ransomware gang has been leveraging CVE-2024-4577, a remote code...
Threat Signal Report
Oracle WebLogic Server Vulnerabilities (CVE-2023-21839, CVE-2017-3506)
Jun 04, 2024What is the attack?A threat actor known as “8220 Gang” is seen exploiting two vulnerabilities in the Oracle WebLogic server: CVE-2017-3506, which allows remote OS command execution, and...
Outbreak Alert
Check Point Quantum Security Gateways Information Disclosure Attack
May 27, 2024Attackers exploit a zero-day vulnerability affecting Check Point Security Gateways to gain remote access. The vulnerability can allow attackers to read sensitive information on Check Point...
Outbreak Alert
D-Link Multiple Devices Attack
May 24, 2024Multiple D-link device vulnerabilities are being actively targeted. Many of the Routers and NAS devices are end-of-life (EOL) D-Link devices that do not have any patches available.
Threat Signal Report
Genesis Market Malware Attack
May 22, 2024What is the attack?The FortiGuard Lab’s EDR team recently identified malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was...
Threat Signal Report
NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)
May 21, 2024What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw...
Outbreak Alert
Black Basta Ransomware
May 17, 2024A new alert from CISA, the FBI, the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that Black Basta affiliates have...
Publications
[Insomni'hack 2024] The Accessibility Abyss: Navigating Android Malware Waters
May 16, 2024This talk is about Android malware which abuse the Accessibility Service API.
Publications
[BlackAlps 2022] You wont ever write Frida scripts again... (actually, yes, you will, it's just a fancy title)
May 16, 2024This talk explains how to unpack Android malware using either static unpackers, or dynamic unpacking with Medusa.
Outbreak Alert
ConnectWise ScreenConnect Attack
May 13, 2024Threat actors including ransomware gangs are seen exploiting newly discovered critical flaws in remote monitoring and management software called ScreenConnect.
Threat Signal Report
Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
May 13, 2024What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible for rendering and displaying web content. This “use...
Threat Signal Report
Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
May 07, 2024What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory...
Threat Signal Report
GitLab Password Reset Vulnerability (CVE-2023-7028)
May 02, 2024What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may...
Threat Signal Report
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315)
May 01, 2024What is the vulnerability?The CVE-2023-32315 is a path traversal vulnerability that affects all Openfire versions since version 3.1.0. Successful exploitation of this vulnerability could allow...
Threat Signal Report
Progress Telerik Report Server Authentication Bypass Vulnerability
Jul 08, 2024What is the Vulnerability?Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability, allowing an attacker to bypass authentication and create rogue administrator...
Threat Signal Report
Brain Cipher Ransomware Attack
Jun 28, 2024What is the attack?A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia’s government-owned national data centers. This incident involved threat actors encrypting...
Threat Signal Report
Polyfill.io Supply Chain Attack
Jun 26, 2024What is the attack?Over 100,000+ sites have been impacted by a supply chain attack involving the Polyfill.io service. Polyfill is a popular tool used for enhancing browser capabilities by hundreds...
Outbreak Alert
Ivanti Connect Secure and Policy Secure Attack
Jun 25, 2024Widespread exploitation of zero-day vulnerabilities affecting Ivanti Connect Secure and Policy Secure gateways underway.
Outbreak Alert
PHP RCE Attack
Jun 12, 2024FortiGuard Labs has observed significant level of exploitation attempts targeting the new PHP vulnerability. The TellYouThePass ransomware gang has been leveraging CVE-2024-4577, a remote code...
Threat Signal Report
Oracle WebLogic Server Vulnerabilities (CVE-2023-21839, CVE-2017-3506)
Jun 04, 2024What is the attack?A threat actor known as “8220 Gang” is seen exploiting two vulnerabilities in the Oracle WebLogic server: CVE-2017-3506, which allows remote OS command execution, and...
Outbreak Alert
Check Point Quantum Security Gateways Information Disclosure Attack
May 27, 2024Attackers exploit a zero-day vulnerability affecting Check Point Security Gateways to gain remote access. The vulnerability can allow attackers to read sensitive information on Check Point...
Outbreak Alert
D-Link Multiple Devices Attack
May 24, 2024Multiple D-link device vulnerabilities are being actively targeted. Many of the Routers and NAS devices are end-of-life (EOL) D-Link devices that do not have any patches available.
Threat Signal Report
Genesis Market Malware Attack
May 22, 2024What is the attack?The FortiGuard Lab’s EDR team recently identified malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was...
Threat Signal Report
NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)
May 21, 2024What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw...
Outbreak Alert
Black Basta Ransomware
May 17, 2024A new alert from CISA, the FBI, the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that Black Basta affiliates have...
Publications
[Insomni'hack 2024] The Accessibility Abyss: Navigating Android Malware Waters
May 16, 2024This talk is about Android malware which abuse the Accessibility Service API.
Publications
[BlackAlps 2022] You wont ever write Frida scripts again... (actually, yes, you will, it's just a fancy title)
May 16, 2024This talk explains how to unpack Android malware using either static unpackers, or dynamic unpacking with Medusa.
Outbreak Alert
ConnectWise ScreenConnect Attack
May 13, 2024Threat actors including ransomware gangs are seen exploiting newly discovered critical flaws in remote monitoring and management software called ScreenConnect.
Threat Signal Report
Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
May 13, 2024What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible for rendering and displaying web content. This “use...
Threat Signal Report
Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
May 07, 2024What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory...
Threat Signal Report
GitLab Password Reset Vulnerability (CVE-2023-7028)
May 02, 2024What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may...
Threat Signal Report
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315)
May 01, 2024What is the vulnerability?The CVE-2023-32315 is a path traversal vulnerability that affects all Openfire versions since version 3.1.0. Successful exploitation of this vulnerability could allow...
Services
-
Network -
Application -
Files and Endpoint -
Security Operations
Select one for more details:
-
Anti-recon and Exploit
-
Botnet Domain Reputation DB
-
Data Loss Prevention
-
Indicators of Compromise
-
Intrusion Protection
-
IP Reputation/Anti-Botnet
-
Internet Services
-
Secure DNS
-
Application Control
-
Web Application Security (FADC)
-
Client Application Firewall
-
Web Application Security (FWB)
-
OT Threat
-
IoT Detection
-
Web Filtering
-
Inline-CASB Application Definitions
