Weekly Threat Briefs

FortiGuard Labs uses its industry leading global infrastructure of threat sensors, honeypots, and collectors to provide you with the largest source of data of any pure play network security vendor. Data is collected from all of these sources on a continual basis and analyzed by Fortinet’s world-wide team of analysts to provide you with a weekly recap of the incidents and threats you care the most about.

On this page you will find an archive of our weekly Threat Intelligence Briefs, as well as the ability to sign up to receive these briefs every Friday. Join the thousands of other security-minded professionals who receive these weekly briefs!

Researchers discovered an updated version of the ComRAT malware by Turla, a Russian state-sponsored threat actor. It leverages Gmail's web interface to receive commands and exfiltrate data. ComRAT leverages cookies in the configuration file to connect to an inbox on Gmail's web interface and downloa...

May 29, 2020
Researchers found a new espionage framework, called Ramsay, developed for the collection and exfiltration of sensitive files within air-gapped networks. Analysts found a sample from Japan on VirusTotal, which led to the discovery of different components and versions of the framework. Currently, it i...

May 22, 2020
Two U.S. cybersecurity agencies, the FBI and CISA, published a report of the top 10 most commonly exploited software vulnerabilities (CVEs) between 2016 and 2019. The cybersecurity agencies recommend applying patches to degrade the possibilities for malicious actors targeting corporations and enterp...

May 15, 2020
FortiGuard Labs has discovered a new malicious spear-phishing campaign once again using the COVID-19/coronavirus pandemic as a lure. This latest email campaign targets a medical device supplier, wherein the attacker is inquiring about various materials needed to address the COVID-19 pandemic due to...

May 08, 2020
Ransomware has been a dominant threat to organizations for several years now, causing damage estimated to be in the billions of dollars. Increasingly, a common action carried out by ransomware attacks is to erase the volume backups (i.e., shadow copies), thereby preventing victims from being able to...

May 01, 2020