Fortiguard Labs
Latest News
Outbreak Alert
Black Basta Ransomware
May 17, 2024A new alert from CISA, the FBI, the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that Black Basta affiliates have...
Publications
[Insomni'hack 2024] The Accessibility Abyss: Navigating Android Malware Waters
May 16, 2024This talk is about Android malware which abuse the Accessibility Service API.
Publications
[BlackAlps 2022] You wont ever write Frida scripts again... (actually, yes, you will, it's just a fancy title)
May 16, 2024This talk explains how to unpack Android malware using either static unpackers, or dynamic unpacking with Medusa.
Outbreak Alert
ConnectWise ScreenConnect Attack
May 13, 2024Threat actors including ransomware gangs are seen exploiting newly discovered critical flaws in remote monitoring and management software called ScreenConnect.
Threat Signal Report
Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
May 13, 2024What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible for rendering and displaying web content. This “use...
Threat Signal Report
Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
May 07, 2024What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory...
Threat Signal Report
GitLab Password Reset Vulnerability (CVE-2023-7028)
May 02, 2024What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may...
Threat Signal Report
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315)
May 01, 2024What is the vulnerability?The CVE-2023-32315 is a path traversal vulnerability that affects all Openfire versions since version 3.1.0. Successful exploitation of this vulnerability could allow...
Outbreak Alert
C-DATA Web Management System RCE Attack
Apr 30, 2024FortiGuard Labs observed a critical level of attack attempts in the wild targeting a 2-year-old vulnerability found on C-DATA Web Management System.
Threat Signal Report
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
Apr 26, 2024What is the Vulnerability ? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being...
Outbreak Alert
PAN-OS GlobalProtect Command Injection Vulnerability
Apr 26, 2024The attack on PAN-OS GlobalProtect devices identified as CVE-2024-3400 allows a malicious actor to remotely exploit an unauthenticated command injection vulnerability that leads to remote code...
Threat Signal Report
ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359)
Apr 24, 2024What is the Attack? Cisco issued an advisory on 24th April, regarding its Adaptive Security Appliances, multifunctional devices combining firewall, VPN, and other security functions. It...
Outbreak Alert
Akira Ransomware
Apr 22, 2024FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has targeted over 250 organizations since the past year,...
Threat Signal Report
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259)
Apr 19, 2024What is the Akira Ransomware Attack? The Akira ransomware attack has been actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250...
Threat Signal Report
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400)
Apr 12, 2024What is the vulnerability/attack? A critical unauthenticated remote code injection vulnerability in the PAN-OS GlobalProtect Gateway was discovered. This vulnerability tracked under...
Outbreak Alert
Sunhillo SureLine Command Injection Attack
Apr 10, 2024The attack on Sunhillo SureLine identified as CVE-2021-36380 allows a malicious actor to exploit an unauthenticated OS Command Injection vulnerability. Once established, the attacker can gain...
Threat Signal Report
XZ Utils Supply Chain Attack (CVE-2024-3094)
Apr 01, 2024What is the vulnerability/attack? A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under...
Outbreak Alert
Nice Linear eMerge Command Injection Vulnerability
Mar 27, 2024The vulnerability tracked as CVE-2019-7256 affecting an access control system called Linear eMerge E3-Series is affected by an OS command injection flaw that could allow an attacker to cause...
Outbreak Alert
Black Basta Ransomware
May 17, 2024A new alert from CISA, the FBI, the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that Black Basta affiliates have...
Publications
[Insomni'hack 2024] The Accessibility Abyss: Navigating Android Malware Waters
May 16, 2024This talk is about Android malware which abuse the Accessibility Service API.
Publications
[BlackAlps 2022] You wont ever write Frida scripts again... (actually, yes, you will, it's just a fancy title)
May 16, 2024This talk explains how to unpack Android malware using either static unpackers, or dynamic unpacking with Medusa.
Outbreak Alert
ConnectWise ScreenConnect Attack
May 13, 2024Threat actors including ransomware gangs are seen exploiting newly discovered critical flaws in remote monitoring and management software called ScreenConnect.
Threat Signal Report
Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
May 13, 2024What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible for rendering and displaying web content. This “use...
Threat Signal Report
Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
May 07, 2024What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory...
Threat Signal Report
GitLab Password Reset Vulnerability (CVE-2023-7028)
May 02, 2024What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may...
Threat Signal Report
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315)
May 01, 2024What is the vulnerability?The CVE-2023-32315 is a path traversal vulnerability that affects all Openfire versions since version 3.1.0. Successful exploitation of this vulnerability could allow...
Outbreak Alert
C-DATA Web Management System RCE Attack
Apr 30, 2024FortiGuard Labs observed a critical level of attack attempts in the wild targeting a 2-year-old vulnerability found on C-DATA Web Management System.
Threat Signal Report
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
Apr 26, 2024What is the Vulnerability ? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being...
Outbreak Alert
PAN-OS GlobalProtect Command Injection Vulnerability
Apr 26, 2024The attack on PAN-OS GlobalProtect devices identified as CVE-2024-3400 allows a malicious actor to remotely exploit an unauthenticated command injection vulnerability that leads to remote code...
Threat Signal Report
ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359)
Apr 24, 2024What is the Attack? Cisco issued an advisory on 24th April, regarding its Adaptive Security Appliances, multifunctional devices combining firewall, VPN, and other security functions. It...
Outbreak Alert
Akira Ransomware
Apr 22, 2024FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has targeted over 250 organizations since the past year,...
Threat Signal Report
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259)
Apr 19, 2024What is the Akira Ransomware Attack? The Akira ransomware attack has been actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250...
Threat Signal Report
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400)
Apr 12, 2024What is the vulnerability/attack? A critical unauthenticated remote code injection vulnerability in the PAN-OS GlobalProtect Gateway was discovered. This vulnerability tracked under...
Outbreak Alert
Sunhillo SureLine Command Injection Attack
Apr 10, 2024The attack on Sunhillo SureLine identified as CVE-2021-36380 allows a malicious actor to exploit an unauthenticated OS Command Injection vulnerability. Once established, the attacker can gain...
Threat Signal Report
XZ Utils Supply Chain Attack (CVE-2024-3094)
Apr 01, 2024What is the vulnerability/attack? A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under...
Outbreak Alert
Nice Linear eMerge Command Injection Vulnerability
Mar 27, 2024The vulnerability tracked as CVE-2019-7256 affecting an access control system called Linear eMerge E3-Series is affected by an OS command injection flaw that could allow an attacker to cause...
Outbreak Alert
Black Basta Ransomware
May 17, 2024A new alert from CISA, the FBI, the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that Black Basta affiliates have...
Publications
[Insomni'hack 2024] The Accessibility Abyss: Navigating Android Malware Waters
May 16, 2024This talk is about Android malware which abuse the Accessibility Service API.
Publications
[BlackAlps 2022] You wont ever write Frida scripts again... (actually, yes, you will, it's just a fancy title)
May 16, 2024This talk explains how to unpack Android malware using either static unpackers, or dynamic unpacking with Medusa.
Outbreak Alert
ConnectWise ScreenConnect Attack
May 13, 2024Threat actors including ransomware gangs are seen exploiting newly discovered critical flaws in remote monitoring and management software called ScreenConnect.
Threat Signal Report
Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
May 13, 2024What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible for rendering and displaying web content. This “use...
Threat Signal Report
Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
May 07, 2024What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory...
Threat Signal Report
GitLab Password Reset Vulnerability (CVE-2023-7028)
May 02, 2024What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may...
Threat Signal Report
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315)
May 01, 2024What is the vulnerability?The CVE-2023-32315 is a path traversal vulnerability that affects all Openfire versions since version 3.1.0. Successful exploitation of this vulnerability could allow...
Outbreak Alert
C-DATA Web Management System RCE Attack
Apr 30, 2024FortiGuard Labs observed a critical level of attack attempts in the wild targeting a 2-year-old vulnerability found on C-DATA Web Management System.
Threat Signal Report
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
Apr 26, 2024What is the Vulnerability ? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being...
Outbreak Alert
PAN-OS GlobalProtect Command Injection Vulnerability
Apr 26, 2024The attack on PAN-OS GlobalProtect devices identified as CVE-2024-3400 allows a malicious actor to remotely exploit an unauthenticated command injection vulnerability that leads to remote code...
Threat Signal Report
ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359)
Apr 24, 2024What is the Attack? Cisco issued an advisory on 24th April, regarding its Adaptive Security Appliances, multifunctional devices combining firewall, VPN, and other security functions. It...
Outbreak Alert
Akira Ransomware
Apr 22, 2024FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has targeted over 250 organizations since the past year,...
Threat Signal Report
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259)
Apr 19, 2024What is the Akira Ransomware Attack? The Akira ransomware attack has been actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250...
Threat Signal Report
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400)
Apr 12, 2024What is the vulnerability/attack? A critical unauthenticated remote code injection vulnerability in the PAN-OS GlobalProtect Gateway was discovered. This vulnerability tracked under...
Outbreak Alert
Sunhillo SureLine Command Injection Attack
Apr 10, 2024The attack on Sunhillo SureLine identified as CVE-2021-36380 allows a malicious actor to exploit an unauthenticated OS Command Injection vulnerability. Once established, the attacker can gain...
Threat Signal Report
XZ Utils Supply Chain Attack (CVE-2024-3094)
Apr 01, 2024What is the vulnerability/attack? A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under...
Outbreak Alert
Nice Linear eMerge Command Injection Vulnerability
Mar 27, 2024The vulnerability tracked as CVE-2019-7256 affecting an access control system called Linear eMerge E3-Series is affected by an OS command injection flaw that could allow an attacker to cause...
Services
-
Network -
Application -
Files and Endpoint -
Security Operations
Select one for more details:
-
Anti-recon and Exploit
-
Botnet Domain Reputation DB
-
Data Loss Prevention
-
Indicators of Compromise
-
Intrusion Protection
-
IP Reputation/Anti-Botnet
-
Internet Services
-
Secure DNS
-
Application Control
-
Web Application Security (FADC)
-
Client Application Firewall
-
Web Application Security (FWB)
-
OT Threat
-
IoT Detection
-
Web Filtering
-
Inline-CASB Application Definitions
