Fortiguard Labs

Latest News

outbreakalert-logo Outbreak Alert

D-Link Multiple Devices Attack
May 24, 2024

Multiple D-Link device vulnerabilities are being actively targeted. Many of them are Routers and NAS devices that are end-of-life (EOL) D-Link devices which does not have any patches available.

signalreport-logo Threat Signal Report

Genesis Market Malware Attack
May 22, 2024

 What is the attack?The FortiGuard Lab’s EDR team recently identified malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was...

signalreport-logo Threat Signal Report

NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)
May 21, 2024

 What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw...

outbreakalert-logo Outbreak Alert

Black Basta Ransomware
May 17, 2024

A new alert from CISA, the FBI, the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that Black Basta affiliates have...

events-logo Publications

[Insomni'hack 2024] The Accessibility Abyss: Navigating Android Malware Waters
May 16, 2024

This talk is about Android malware which abuse the Accessibility Service API.

events-logo Publications

[BlackAlps 2022] You wont ever write Frida scripts again... (actually, yes, you will, it's just a fancy title)
May 16, 2024

This talk explains how to unpack Android malware using either static unpackers, or dynamic unpacking with Medusa.

outbreakalert-logo Outbreak Alert

ConnectWise ScreenConnect Attack
May 13, 2024

Threat actors including ransomware gangs are seen exploiting newly discovered critical flaws in remote monitoring and management software called ScreenConnect.

signalreport-logo Threat Signal Report

Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
May 13, 2024

 What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible for rendering and displaying web content. This “use...

signalreport-logo Threat Signal Report

Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
May 07, 2024

 What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory...

signalreport-logo Threat Signal Report

GitLab Password Reset Vulnerability (CVE-2023-7028)
May 02, 2024

What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may...

signalreport-logo Threat Signal Report

Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315)
May 01, 2024

What is the vulnerability?The CVE-2023-32315 is a path traversal vulnerability that affects all Openfire versions since version 3.1.0. Successful exploitation of this vulnerability could allow...

outbreakalert-logo Outbreak Alert

C-DATA Web Management System RCE Attack
Apr 30, 2024

FortiGuard Labs observed a critical level of attack attempts in the wild targeting a 2-year-old vulnerability found on C-DATA Web Management System.

signalreport-logo Threat Signal Report

CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
Apr 26, 2024

What is the Vulnerability ? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being...

outbreakalert-logo Outbreak Alert

PAN-OS GlobalProtect Command Injection Vulnerability
Apr 26, 2024

The attack on PAN-OS GlobalProtect devices identified as CVE-2024-3400 allows a malicious actor to remotely exploit an unauthenticated command injection vulnerability that leads to remote code...

signalreport-logo Threat Signal Report

ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359)
Apr 24, 2024

What is the Attack? Cisco issued an advisory on 24th April, regarding its Adaptive Security Appliances, multifunctional devices combining firewall, VPN, and other security functions. It...

outbreakalert-logo Outbreak Alert

Akira Ransomware
Apr 22, 2024

FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has targeted over 250 organizations since the past year,...

signalreport-logo Threat Signal Report

Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259)
Apr 19, 2024

What is the Akira Ransomware Attack? The Akira ransomware attack has been actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250...

signalreport-logo Threat Signal Report

PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400)
Apr 12, 2024

What is the vulnerability/attack? A critical unauthenticated remote code injection vulnerability in the PAN-OS GlobalProtect Gateway was discovered. This vulnerability tracked under...

outbreakalert-logo Outbreak Alert

D-Link Multiple Devices Attack
May 24, 2024

Multiple D-Link device vulnerabilities are being actively targeted. Many of them are Routers and NAS devices that are end-of-life (EOL) D-Link devices which does not have any patches available.

signalreport-logo Threat Signal Report

Genesis Market Malware Attack
May 22, 2024

 What is the attack?The FortiGuard Lab’s EDR team recently identified malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was...

signalreport-logo Threat Signal Report

NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)
May 21, 2024

 What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw...

outbreakalert-logo Outbreak Alert

Black Basta Ransomware
May 17, 2024

A new alert from CISA, the FBI, the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that Black Basta affiliates have...

events-logo Publications

[Insomni'hack 2024] The Accessibility Abyss: Navigating Android Malware Waters
May 16, 2024

This talk is about Android malware which abuse the Accessibility Service API.

events-logo Publications

[BlackAlps 2022] You wont ever write Frida scripts again... (actually, yes, you will, it's just a fancy title)
May 16, 2024

This talk explains how to unpack Android malware using either static unpackers, or dynamic unpacking with Medusa.

outbreakalert-logo Outbreak Alert

ConnectWise ScreenConnect Attack
May 13, 2024

Threat actors including ransomware gangs are seen exploiting newly discovered critical flaws in remote monitoring and management software called ScreenConnect.

signalreport-logo Threat Signal Report

Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
May 13, 2024

 What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible for rendering and displaying web content. This “use...

signalreport-logo Threat Signal Report

Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
May 07, 2024

 What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory...

signalreport-logo Threat Signal Report

GitLab Password Reset Vulnerability (CVE-2023-7028)
May 02, 2024

What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may...

signalreport-logo Threat Signal Report

Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315)
May 01, 2024

What is the vulnerability?The CVE-2023-32315 is a path traversal vulnerability that affects all Openfire versions since version 3.1.0. Successful exploitation of this vulnerability could allow...

outbreakalert-logo Outbreak Alert

C-DATA Web Management System RCE Attack
Apr 30, 2024

FortiGuard Labs observed a critical level of attack attempts in the wild targeting a 2-year-old vulnerability found on C-DATA Web Management System.

signalreport-logo Threat Signal Report

CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
Apr 26, 2024

What is the Vulnerability ? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being...

outbreakalert-logo Outbreak Alert

PAN-OS GlobalProtect Command Injection Vulnerability
Apr 26, 2024

The attack on PAN-OS GlobalProtect devices identified as CVE-2024-3400 allows a malicious actor to remotely exploit an unauthenticated command injection vulnerability that leads to remote code...

signalreport-logo Threat Signal Report

ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359)
Apr 24, 2024

What is the Attack? Cisco issued an advisory on 24th April, regarding its Adaptive Security Appliances, multifunctional devices combining firewall, VPN, and other security functions. It...

outbreakalert-logo Outbreak Alert

Akira Ransomware
Apr 22, 2024

FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has targeted over 250 organizations since the past year,...

signalreport-logo Threat Signal Report

Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259)
Apr 19, 2024

What is the Akira Ransomware Attack? The Akira ransomware attack has been actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250...

signalreport-logo Threat Signal Report

PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400)
Apr 12, 2024

What is the vulnerability/attack? A critical unauthenticated remote code injection vulnerability in the PAN-OS GlobalProtect Gateway was discovered. This vulnerability tracked under...

outbreakalert-logo Outbreak Alert

D-Link Multiple Devices Attack
May 24, 2024

Multiple D-Link device vulnerabilities are being actively targeted. Many of them are Routers and NAS devices that are end-of-life (EOL) D-Link devices which does not have any patches available.

signalreport-logo Threat Signal Report

Genesis Market Malware Attack
May 22, 2024

 What is the attack?The FortiGuard Lab’s EDR team recently identified malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was...

signalreport-logo Threat Signal Report

NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)
May 21, 2024

 What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw...

outbreakalert-logo Outbreak Alert

Black Basta Ransomware
May 17, 2024

A new alert from CISA, the FBI, the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that Black Basta affiliates have...

events-logo Publications

[Insomni'hack 2024] The Accessibility Abyss: Navigating Android Malware Waters
May 16, 2024

This talk is about Android malware which abuse the Accessibility Service API.

events-logo Publications

[BlackAlps 2022] You wont ever write Frida scripts again... (actually, yes, you will, it's just a fancy title)
May 16, 2024

This talk explains how to unpack Android malware using either static unpackers, or dynamic unpacking with Medusa.

outbreakalert-logo Outbreak Alert

ConnectWise ScreenConnect Attack
May 13, 2024

Threat actors including ransomware gangs are seen exploiting newly discovered critical flaws in remote monitoring and management software called ScreenConnect.

signalreport-logo Threat Signal Report

Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
May 13, 2024

 What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible for rendering and displaying web content. This “use...

signalreport-logo Threat Signal Report

Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
May 07, 2024

 What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory...

signalreport-logo Threat Signal Report

GitLab Password Reset Vulnerability (CVE-2023-7028)
May 02, 2024

What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may...

signalreport-logo Threat Signal Report

Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315)
May 01, 2024

What is the vulnerability?The CVE-2023-32315 is a path traversal vulnerability that affects all Openfire versions since version 3.1.0. Successful exploitation of this vulnerability could allow...

outbreakalert-logo Outbreak Alert

C-DATA Web Management System RCE Attack
Apr 30, 2024

FortiGuard Labs observed a critical level of attack attempts in the wild targeting a 2-year-old vulnerability found on C-DATA Web Management System.

signalreport-logo Threat Signal Report

CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
Apr 26, 2024

What is the Vulnerability ? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being...

outbreakalert-logo Outbreak Alert

PAN-OS GlobalProtect Command Injection Vulnerability
Apr 26, 2024

The attack on PAN-OS GlobalProtect devices identified as CVE-2024-3400 allows a malicious actor to remotely exploit an unauthenticated command injection vulnerability that leads to remote code...

signalreport-logo Threat Signal Report

ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359)
Apr 24, 2024

What is the Attack? Cisco issued an advisory on 24th April, regarding its Adaptive Security Appliances, multifunctional devices combining firewall, VPN, and other security functions. It...

outbreakalert-logo Outbreak Alert

Akira Ransomware
Apr 22, 2024

FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has targeted over 250 organizations since the past year,...

signalreport-logo Threat Signal Report

Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259)
Apr 19, 2024

What is the Akira Ransomware Attack? The Akira ransomware attack has been actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250...

signalreport-logo Threat Signal Report

PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400)
Apr 12, 2024

What is the vulnerability/attack? A critical unauthenticated remote code injection vulnerability in the PAN-OS GlobalProtect Gateway was discovered. This vulnerability tracked under...

Certifications

  • av comparatives logo
  • common criteria logo
  • nss labs logo
  • vb logo
  • mitre logo