Skip to content Skip to navigation Skip to footer

AI-Powered Threat Intelligence for an Evolving Digital World

As cyber threats continue to grow and evolve, so does the need for innovative solutions and reliable threat intelligence. Using millions of global network sensors, FortiGuard Labs monitors the worldwide attack surface and employs artificial intelligence (AI) to mine that data for new threats, ensuring you are prepared for what’s coming.


Active Outbreak Alerts

When a cybersecurity attack with large ramifications affects numerous organizations, FortiGuard Outbreak Alerts are here to help you understand what happened, learn the technical details of the attack, and how you can protect yourself now and in the future.

icon zero day white
23.01.2024
Severity: critical
Ivanti Connect Secure and Policy Secure Attack

What is Ivanti Connect Secure and Policy Secure Attack?
Ivanti disclosed two zero-day vulnerabilities in their Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways. CVE-2023-46805 is a vulnerability found in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure. This authentication bypass vulnerability allows a remote attacker to access restricted resources by bypassing control checks. While CVE-2024-21887 is a command injection vulnerability in the same web components. Read more

What is the FortiGuard Labs analysis? 

The CVE-2023-46805 and CVE-2024-21887 vulnerabilities are coupled together to perform exploitation on servers running on the Ivanti software. The attack does not require authentication and enables a threat actor to send malicious requests and execute arbitrary commands on the system for further exploitation. FortiGuard Labs has observed high exploitation attempts since the release of the signature to detect and block the Ivanti ICS Authentication Bypass vulnerability (CVE-2023-46805). FortiGuard Labs recommends administrators to follow vendor’s mitigation steps and apply patches as soon as they are provided.

How does Fortinet detect and protect against the Ivanti Connect Secure and Policy Secure Authentication Bypass Attack? 

  • To detect and block any traffic targeting the related vulnerability, the FortiGuard IPS signature is available. 
  • To detect and respond to the attack, the FortiGuard Outbreak Detection service provides automatic event handler and reports via FortiAnalyzer.
  • Indicators of Compromise Service is available for Threat Hunting via FortiAnalyzer, FortiSIEM, and FortiSOAR.

Where can I find additional information? 

An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack.  Read less

icon Androxgh0st1
17.01.2024
Severity: hoch
Androxgh0st Malware Attack

What is Androxgh0st Malware Attack?
FortiGuard Labs continue to observe widespread activity of Androxgh0st Malware in the wild exploiting multiple vulnerabilities, specifically targeting- the PHPUnit (CVE-2017-9841), Laravel Framework (CVE-2018-15133) and Apache Web Server (CVE-2021-41773) to spread and conduct information gathering attacks on the target networks. Read more

What is the FortiGuard Labs analysis? 

AndroxGh0st malware is a python-based malware, which primarily targets user environment (.env) files. These files may contain credentials for various high-profile applications such as AWS, O365, SendGrid, and Twilio. AndroxGh0st has numerous malicious functions to abuse SMTP, scan and exploit exposed credentials and APIs, and deploy web shell to maintain persistent access to systems.

How does Fortinet detect and protect against the Androxgh0st Malware Attack? 

  • To detect and block any traffic targeting the related vulnerabilities, the FortiGuard IPS signature is available. 
  • To detect the known malware related to the Androxgh0st Malware, the FortiGuard Antivirus signatures are available.
  • To detect and respond to the attack, the FortiGuard Outbreak Detection service provides automatic event handler and reports via FortiAnalyzer.
  • To perform Threat Hunting, the Indicators of Compromise Service is available via FortiAnalyzer, FortiSIEM and FortiSOAR.
  • To detect and block unknown variants of Malware, FortiGuard behavior detection engine is available via FortiEDR/XDR and FortiSandbox.
  • To detect vulnerable systems related to AndroxGh0st Malware Attack, the Endpoint Vulnerability Service is provided by FortiClient.

Where can I find additional information? 

An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack.  Read less

icon adobe ColdFusion white
16.01.2024
Severity: hoch
Adobe ColdFusion Access Control Bypass Attack

What is Adobe ColdFusion Access Control Bypass Attack?
FortiGuard labs observed extremely widespread exploitation attempts relating to security bypass vulnerabilities in Adobe ColdFusion. With IPS detections reaching up- to 50,000+ unique detections in January 2024. Read more

What is the FortiGuard Labs analysis? 

The vulnerabilities (CVE-2023-26347, CVE-2023-38205, CVE-2023-29298) allow an attacker to bypass the Secure Profile feature that restricts external access to the ColdFusion Administrator. Successful exploitation could result in access to the ColdFusion Administration endpoints and attackers could further exploit and chain CVE-2023-38203 to achieve remote code execution attacks.

How does Fortinet detect and protect against the Adobe ColdFusion Access Control Bypass Attack? 

  • To detect and block any traffic targeting the Adobe ColdFusion Access Control Bypass, the FortiGuard IPS provides protection. 
  • To detect and respond to the attack, the FortiGuard Outbreak Detection service provides automatic event handler and reports.
  • To identify systems vulnerable to Adobe ColdFusion Access Control Bypass vulnerabilities, FortiClient provides the FortiGuard Endpoint Vulnerability Service.

Where can I find additional information? 

An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack.  Read less

 

Subscribe today to have outbreak alerts delivered to your inbox Cyberattacks can occur at any time. The number of outbreak alerts you receive can vary anywhere from once per month to several times per week.

FortiGuard Labs Media & Resources

Join Fortinet's top threat experts as they delve into today's critical cybersecurity topics and the ever-evolving cyber threat landscape.

      Threat Intelligence Podcast

Threat Intelligence Podcast

Latest Ransomware Trends and Strategies (Episode 59)

Join us for another episode of the FortiGuard Labs Threat Intelligence Podcast as Jonas Walker and Aamir Lakhani join forces to discuss the recent MOVEit vulnerability and how the Cl0p ransomware groups have orchestrated an extensive campaign around it, making over $100M in revenue.

Listen Now
Blog Posts

Blog Posts

Blogs
TicTacToe Dropper | FortiGuard Labs
TicTacToe Dropper | FortiGuard Labs »

FortiGuard has identified a grouping of malware droppers used to deliver various final-stage payloads throughout 2023. Learn more.

Python Info-stealer Distributed by Malicious Excel Document | FortiGuard Labs
Python Info-stealer Distributed by Malicious Excel Document | FortiGuard Labs »

FortiGuard Labs has uncovered a malware campaign involving a python info-stealer distributed by Excel document. Learn more.

Ransomware Roundup - Albabat | FortiGuard Labs
Ransomware Roundup - Albabat | FortiGuard Labs »

The financially motivated Albabat ransomware began distributing as a rogue program in late 2023, and has since evolved. Learn more.

Another Phobos Ransomware Variant Launches Attack – FAUST | FortiGuard Labs
Another Phobos Ransomware Variant Launches Attack – FAUST | FortiGuard Labs »

Fortiguard Labs unveils a recent FAUST ransomware attack, a variant of the Phobos family that exploits an Office document and deploys on Windows systems. Learn more.

Info Stealing Packages Hidden in PyPI | FortiGuard Labs
Info Stealing Packages Hidden in PyPI | FortiGuard Labs »

An info-stealing PyPI malware author was identified discreetly uploading malicious packages. Learn more.

Deceptive Cracked Software Spreads Lumma Variant on YouTube | FortiGuard Labs
Deceptive Cracked Software Spreads Lumma Variant on YouTube | FortiGuard Labs »

FortiGuard Labs uncovered a threat group using YouTube channels to spread Private .NET loader for Lumma Stealer 4.0. Learn more.

Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs
Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs »

FortiGuard Labs cover the attack phases of three new PyPI packages that bear a resemblance to the culturestreak PyPI package discovered earlier this year. Learn more.

Ransomware Roundup - 8base | FortiGuard Labs
Ransomware Roundup - 8base | FortiGuard Labs »

The 8base ransomware, a variant of Phobos, emerged in May 2023 and has been targeting organizations across various industries globally for financial gain. Learn more.

Latest Reports

Latest Reports

Latest Reports & On-demand Video

Berichte
White Papers

FortiGuard Labs Partners

FortiGuard Labs believes that sharing intelligence and working with other threat intelligence organizations improves protections for customers and enhances the effectiveness of the entire cybersecurity industry. Our leadership helps take the fight to our adversaries and produces a more successful disruption model by leveraging these relationships.

Cyber Threat Alliance: Solving Actionable Intelligence Through A Diverse Ecosystem

Cyber Threat Alliance: Solving Actionable Intelligence Through A Diverse Ecosystem

For decades we have been faced with the classic ‘last mile’ challenge when it comes to information sharing and threat intelligence.

Jetzt ansehen
Fortinet Elevates Its Commitment to MITRE Engenuity Center for Threat-Informed Defense

Fortinet Elevates Its Commitment to MITRE Engenuity Center for Threat-Informed Defense

Fortinet is now an official Research Partner with MITRE Engenuity’s Center for Threat-Informed Defense (Center).

Read Blog

Security Services

Our experts develop and utilize leading-edge machine learning (ML) and artificial intelligence (AI) technologies to provide timely and consistently top-rated protection and actionable threat intelligence. This enables IT and security teams to better secure their organizations. FortiGuard Labs is the driving force behind FortiGuard AI-powered Security Services. Its services counter threats in real-time with ML-powered, coordinated protection and are natively integrated into the Fortinet Security Fabric, enabling fast detection and enforcement across the entire attack surface.
Applikationsabsicherung

FortiGuard application security services protect, monitor, and optimize application performance and usage.

Informieren Sie sich umfassend mit unseren Solution Guides, E-Books, Datenblättern, Analystenberichten und vielen weiteren Ressourcen.

Contact Us

Still have questions? We’re here to help.