Skip to content Skip to navigation Skip to footer

AI-Powered Threat Intelligence for an Evolving Digital World

As cyber threats continue to grow and evolve, so does the need for innovative solutions and reliable threat intelligence. Using millions of global network sensors, FortiGuard Labs monitors the worldwide attack surface and employs artificial intelligence (AI) to mine that data for new threats, ensuring you are prepared for what’s coming.


Active Outbreak Alerts

When a cybersecurity attack with large ramifications affects numerous organizations, FortiGuard Outbreak Alerts are here to help you understand what happened, learn the technical details of the attack, and how you can protect yourself now and in the future.

Outbreak Alert Icon
Mar 27, 2024
Severity: medium
Nice Linear eMerge Command Injection Vulnerability
Attack Type: Vulnerability

What is the Nice Linear eMerge Command Injection Vulnerability?
The vulnerability tracked as CVE-2019-7256 is a command injection flaw that could allow an attacker to cause remote code execution and get full access to the system. The Nice Linear eMerge E3-Series is a popular access control system used in various commercial and industrial environments worldwide which underscores the importance of the potential widespread impact of this vulnerability. Read more

What is the FortiGuard Labs analysis? 

Since January of this year, the IPS signature designed to safeguard against CVE-2019-7256 has been intercepting attack attempts, blocking such incidents on around 1000 distinct IPS devices daily. FortiGuard Labs continues to see attack attempts targeting the CVE-2019-7256 and has an existing IPS signature to block any attack attempts. However, it is recommended to apply a firmware patch as recommended by the vendor to fully mitigate any risks.

How does Fortinet detect and protect against Nice Linear eMerge Command Injection?

  • To detect and block any traffic targeting the related vulnerability, the FortiGuard IPS signature is available. 
  • To detect and respond to the attack, the FortiGuard Outbreak Detection service provides an automatic event handler and reports via FortiAnalyzer.

Where can I find additional information? 

An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack.  Read less

Outbreak Alert Icon
Feb 27, 2024
Severity: critical
ConnectWise ScreenConnect Attack

What is ConnectWise ScreenConnect Attack?
Threat actors including ransomware gangs are seen exploiting newly discovered critical flaws in remote monitoring and management software called ScreenConnect. The first flaw, CVE-2024-1709 is an authentication bypass vulnerability that could let attackers gain administrative access to a ScreenConnect instance. The second flaw tracked as CVE-2024-1708 is a path traversal vulnerability that may allow an attacker to execute remote code. Read more

What is the FortiGuard Labs analysis? 

This widely used software could pose a significant threat to hundreds of thousands of end users' systems that could be targeted downstream and can allow hackers to remotely plant malicious code on vulnerable ConnectWise instances.

How does Fortinet detect and protect against ConnectWise ScreenConnect Attack?

  • To detect and block any traffic targeting the related vulnerability, the FortiGuard IPS signature is available. 
  • To detect and respond to the attack, the FortiGuard Outbreak Detection service provides automatic event handler and reports via FortiAnalyzer.
  • Indicators of Compromise Service is available for Threat Hunting via FortiAnalyzer, FortiSIEM and FortiSOAR.

Where can I find additional information? 

An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack.  Read less

icon zero day white
Jan 23, 2024
Severity: critical
Ivanti Connect Secure and Policy Secure Attack

What is Ivanti Connect Secure and Policy Secure Attack?
Ivanti disclosed two zero-day vulnerabilities in their Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways. CVE-2023-46805 is a vulnerability found in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure. This authentication bypass vulnerability allows a remote attacker to access restricted resources by bypassing control checks. While CVE-2024-21887 is a command injection vulnerability in the same web components. Read more

What is the FortiGuard Labs analysis? 

The CVE-2023-46805 and CVE-2024-21887 vulnerabilities are coupled together to perform exploitation on servers running on the Ivanti software. The attack does not require authentication and enables a threat actor to send malicious requests and execute arbitrary commands on the system for further exploitation. FortiGuard Labs has observed high exploitation attempts since the release of the signature to detect and block the Ivanti ICS Authentication Bypass vulnerability (CVE-2023-46805). FortiGuard Labs recommends administrators to follow vendor’s mitigation steps and apply patches as soon as they are provided.

How does Fortinet detect and protect against the Ivanti Connect Secure and Policy Secure Authentication Bypass Attack? 

  • To detect and block any traffic targeting the related vulnerability, the FortiGuard IPS signature is available. 
  • To detect and respond to the attack, the FortiGuard Outbreak Detection service provides automatic event handler and reports via FortiAnalyzer.
  • Indicators of Compromise Service is available for Threat Hunting via FortiAnalyzer, FortiSIEM, and FortiSOAR.

Where can I find additional information? 

An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack.  Read less

 

Subscribe today to have outbreak alerts delivered to your inbox Cyberattacks can occur at any time. The number of outbreak alerts you receive can vary anywhere from once per month to several times per week.

FortiGuard Labs Media & Resources

Join Fortinet's top threat experts as they delve into today's critical cybersecurity topics and the ever-evolving cyber threat landscape.

      Threat Intelligence Podcast

Threat Intelligence Podcast

Latest Ransomware Trends and Strategies (Episode 59)

Join us for another episode of the FortiGuard Labs Threat Intelligence Podcast as Jonas Walker and Aamir Lakhani join forces to discuss the recent MOVEit vulnerability and how the Cl0p ransomware groups have orchestrated an extensive campaign around it, making over $100M in revenue.

Listen Now
Blog Posts

Blog Posts

Blogs
Ransomware Roundup – RA World | FortiGuard Labs
Ransomware Roundup – RA World | FortiGuard Labs »

The RA World ransomware, which debuted late last year, claims to be holding more than 20 organizations worldwide hostage for financial gain. Learn more.

VCURMS: A Simple and Functional Weapon | FortiGuard Labs
VCURMS: A Simple and Functional Weapon | FortiGuard Labs »

ForitGuard Labs uncovers a rat VCURMS weapon and STRRAT in a phishing campaign. Learn more.

New Banking Trojan “CHAVECLOAK” Targets Brazil | FortiGuard Labs
New Banking Trojan “CHAVECLOAK” Targets Brazil | FortiGuard Labs »

FortiGuard Labs discovered a new banking Trojan targeting users in Brazil with stealthy tactics. Learn more.

FortiGuard Labs Outbreak Alerts Annual Report 2023: A Glimpse into the Evolving Threat Landscape | FortiGuard Labs
FortiGuard Labs Outbreak Alerts Annual Report 2023: A Glimpse into the Evolving Threat Landscape | FortiGuard Labs »

FortiGuard Labs annual report reviews critical Outbreak Alerts impacting organizations worldwide. Learn more.

Ransomware Roundup – Abyss Locker | FortiGuard Labs
Ransomware Roundup – Abyss Locker | FortiGuard Labs »

FortiGuard Labs highlights the Abyss Locker ransomware group that steals information from victims and encrypts files for financial gain. Learn more.

Android/SpyNote Moves to Crypto Currencies | FortiGuard Lab
Android/SpyNote Moves to Crypto Currencies | FortiGuard Lab »

FortiGuard investigates a hot new sample of Android/SpyNote, which shows the malware authors stealing crypto currencies from crypto wallets.

TicTacToe Dropper | FortiGuard Labs
TicTacToe Dropper | FortiGuard Labs »

FortiGuard has identified a grouping of malware droppers used to deliver various final-stage payloads throughout 2023. Learn more.

Python Info-stealer Distributed by Malicious Excel Document | FortiGuard Labs
Python Info-stealer Distributed by Malicious Excel Document | FortiGuard Labs »

FortiGuard Labs has uncovered a malware campaign involving a python info-stealer distributed by Excel document. Learn more.

Latest Reports

Latest Reports

Latest Reports & On-demand Video

Reports
White Papers

FortiGuard Labs Partners

FortiGuard Labs believes that sharing intelligence and working with other threat intelligence organizations improves protections for customers and enhances the effectiveness of the entire cybersecurity industry. Our leadership helps take the fight to our adversaries and produces a more successful disruption model by leveraging these relationships.

Cyber Threat Alliance: Solving Actionable Intelligence Through A Diverse Ecosystem

Cyber Threat Alliance: Solving Actionable Intelligence Through A Diverse Ecosystem

For decades we have been faced with the classic ‘last mile’ challenge when it comes to information sharing and threat intelligence.

Watch Now
Fortinet Elevates Its Commitment to MITRE Engenuity Center for Threat-Informed Defense

Fortinet Elevates Its Commitment to MITRE Engenuity Center for Threat-Informed Defense

Fortinet is now an official Research Partner with MITRE Engenuity’s Center for Threat-Informed Defense (Center).

Read Blog

Security Services

Our experts develop and utilize leading-edge machine learning (ML) and artificial intelligence (AI) technologies to provide timely and consistently top-rated protection and actionable threat intelligence. This enables IT and security teams to better secure their organizations. FortiGuard Labs is the driving force behind FortiGuard AI-powered Security Services. Its services counter threats in real-time with ML-powered, coordinated protection and are natively integrated into the Fortinet Security Fabric, enabling fast detection and enforcement across the entire attack surface.
Application Security

FortiGuard application security services protect, monitor, and optimize application performance and usage.

Find solution guides, eBooks, data sheets, analyst reports, and more.

Contact Us

Still have questions? We’re here to help.