FortiGuard Labs | FortiGuard Center – Outbreak Alerts FortiGuard Outbreak Alerts will be the mechanism for communicating important information to customers and partners. When a cybersecurity incident/attack/event occurs that has large ramifications to the cybersecurity industry and affects numerous organizations, this page will be updated with a link to the individual FortiGuard Outbreak Alert.
- Palo Alto Networks Management Interface Attackon November 21, 2024 at 8:00 am
Palo Alto Networks has recently disclosed two zero-day vulnerabilities, CVE-2024-0012 and CVE-2024-9474, affecting the PAN-OS firewall and other products. Both flaws, which are actively being exploited in the wild, affect the Management Web Interface. Successful exploitations allows attackers to bypass authentication and gain administrator-level access without any user interaction.
- Progress Kemp LoadMaster OS Command Injection Vulnerabilityon November 20, 2024 at 8:00 am
FortiGuard network sensors detect attack attempts targeting the Progress Kemp LoadMaster. Successful exploitation of the CVE-2024-1212 vulnerability allows unauthenticated remote attackers to access the system through the management interface, potentially leading to data breaches, service disruptions, or further attacks
- Palo Alto Expedition Missing Authentication Vulnerabilityon November 14, 2024 at 8:00 am
FortiGuard sensors continue to detect and block attack attempts targeting the Palo Alto Expedition vulnerability (CVE-2024-5910). Successful exploitation, this vulnerability could allow attackers to take over administrative accounts, putting configuration secrets, credentials, and other imported data within Expedition at serious risk.
- Synacor Zimbra Collaboration Command Execution Vulnerabilityon October 5, 2024 at 2:29 am
Threat Actors are exploiting a recently fixed RCE vulnerability in Zimbra email servers, which can be exploited just by sending specially crafted emails to the SMTP server.
- Mallox Ransomwareon October 3, 2024 at 7:02 am
FortiGuard Labs continue to see increase in Mallox ransomware related activities detecting Mallox ransomware on multiple hundred FortiGuard sensors. Ransomware infection may cause disruption, damage to daily operations, potential impact to an organization’s reputation and extortion.
- GeoServer RCE Attackon September 23, 2024 at 7:00 am
A remote code execution vulnerability affecting GeoServer is under active exploitation, with recent attack attempts observed on 40,000+ FortiGuard sensors. This vulnerability (CVE-2024-36401) is suspected to be exploited by the Earth Baxia APT group, as reported by FortiGuard Recon and the root cause of the vulnerability lies in the absence of proper input validation during request handling, posing a significant risk of system compromise upon successful exploitation.
- Russian Cyber Espionage Attackon September 6, 2024 at 5:51 am
FortiGuard Labs continues to observe attack attempts exploiting the vulnerabilities highlighted in the recent CISA advisory about Russian military cyber actors. These actors are targeting U.S. and global critical infrastructure to conduct espionage, steal data, and compromise or destroy sensitive information.
- Jenkins RCE Attackon August 20, 2024 at 7:00 am
Cyber threat actors target Jenkins Arbitrary File Read vulnerability (CVE-2024-23897) in ransomware attacks. FortiGuard Labs continues to see active attack telemetry targeting the vulnerability.
- Apache OFBiz RCE Attackon August 8, 2024 at 6:11 am
FortiGuard Labs continues to observe attack attempts targeting the recent Apache OFBiz vulnerabilities (CVE-2024-38856 and CVE-2024-36104) that can be exploited by threat actors through maliciously crafted unauthorized requests, leading to the remote code execution.
- ServiceNow Remote Code Execution Attackon July 31, 2024 at 5:23 am
FortiGuard Labs continue to observe attack attempts targeting the recent ServiceNow Platform vulnerabilities (CVE-2024-4879, CVE-2024-5217, & CVE-2024-5178). When chained together, could lead to Remote Code Execution and potential data breaches with unauthorized system access.