Skip to content Skip to navigation Skip to footer

AI-Powered Threat Intelligence for an Evolving Digital World

As cyber threats continue to grow and evolve, so does the need for innovative solutions and reliable threat intelligence. Using millions of global network sensors, FortiGuard Labs monitors the worldwide attack surface and employs artificial intelligence (AI) to mine that data for new threats, ensuring you are prepared for what’s coming.


Active Outbreak Alerts

When a cybersecurity attack with large ramifications affects numerous organizations, FortiGuard Outbreak Alerts are here to help you understand what happened, learn the technical details of the attack, and how you can protect yourself now and in the future.

icon zero day white
23/01/2024
Severity: critical
Ivanti Connect Secure and Policy Secure Attack

What is Ivanti Connect Secure and Policy Secure Attack?
Ivanti disclosed two zero-day vulnerabilities in their Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways. CVE-2023-46805 is a vulnerability found in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure. This authentication bypass vulnerability allows a remote attacker to access restricted resources by bypassing control checks. While CVE-2024-21887 is a command injection vulnerability in the same web components. Read more

What is the FortiGuard Labs analysis? 

The CVE-2023-46805 and CVE-2024-21887 vulnerabilities are coupled together to perform exploitation on servers running on the Ivanti software. The attack does not require authentication and enables a threat actor to send malicious requests and execute arbitrary commands on the system for further exploitation. FortiGuard Labs has observed high exploitation attempts since the release of the signature to detect and block the Ivanti ICS Authentication Bypass vulnerability (CVE-2023-46805). FortiGuard Labs recommends administrators to follow vendor’s mitigation steps and apply patches as soon as they are provided.

How does Fortinet detect and protect against the Ivanti Connect Secure and Policy Secure Authentication Bypass Attack? 

  • To detect and block any traffic targeting the related vulnerability, the FortiGuard IPS signature is available. 
  • To detect and respond to the attack, the FortiGuard Outbreak Detection service provides automatic event handler and reports via FortiAnalyzer.
  • Indicators of Compromise Service is available for Threat Hunting via FortiAnalyzer, FortiSIEM, and FortiSOAR.

Where can I find additional information? 

An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack.  Read less

icon Androxgh0st1
17/01/2024
Severity: alta
Androxgh0st Malware Attack

What is Androxgh0st Malware Attack?
FortiGuard Labs continue to observe widespread activity of Androxgh0st Malware in the wild exploiting multiple vulnerabilities, specifically targeting- the PHPUnit (CVE-2017-9841), Laravel Framework (CVE-2018-15133) and Apache Web Server (CVE-2021-41773) to spread and conduct information gathering attacks on the target networks. Read more

What is the FortiGuard Labs analysis? 

AndroxGh0st malware is a python-based malware, which primarily targets user environment (.env) files. These files may contain credentials for various high-profile applications such as AWS, O365, SendGrid, and Twilio. AndroxGh0st has numerous malicious functions to abuse SMTP, scan and exploit exposed credentials and APIs, and deploy web shell to maintain persistent access to systems.

How does Fortinet detect and protect against the Androxgh0st Malware Attack? 

  • To detect and block any traffic targeting the related vulnerabilities, the FortiGuard IPS signature is available. 
  • To detect the known malware related to the Androxgh0st Malware, the FortiGuard Antivirus signatures are available.
  • To detect and respond to the attack, the FortiGuard Outbreak Detection service provides automatic event handler and reports via FortiAnalyzer.
  • To perform Threat Hunting, the Indicators of Compromise Service is available via FortiAnalyzer, FortiSIEM and FortiSOAR.
  • To detect and block unknown variants of Malware, FortiGuard behavior detection engine is available via FortiEDR/XDR and FortiSandbox.
  • To detect vulnerable systems related to AndroxGh0st Malware Attack, the Endpoint Vulnerability Service is provided by FortiClient.

Where can I find additional information? 

An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack.  Read less

icon adobe ColdFusion white
16/01/2024
Severity: alta
Adobe ColdFusion Access Control Bypass Attack

What is Adobe ColdFusion Access Control Bypass Attack?
FortiGuard labs observed extremely widespread exploitation attempts relating to security bypass vulnerabilities in Adobe ColdFusion. With IPS detections reaching up- to 50,000+ unique detections in January 2024. Read more

What is the FortiGuard Labs analysis? 

The vulnerabilities (CVE-2023-26347, CVE-2023-38205, CVE-2023-29298) allow an attacker to bypass the Secure Profile feature that restricts external access to the ColdFusion Administrator. Successful exploitation could result in access to the ColdFusion Administration endpoints and attackers could further exploit and chain CVE-2023-38203 to achieve remote code execution attacks.

How does Fortinet detect and protect against the Adobe ColdFusion Access Control Bypass Attack? 

  • To detect and block any traffic targeting the Adobe ColdFusion Access Control Bypass, the FortiGuard IPS provides protection. 
  • To detect and respond to the attack, the FortiGuard Outbreak Detection service provides automatic event handler and reports.
  • To identify systems vulnerable to Adobe ColdFusion Access Control Bypass vulnerabilities, FortiClient provides the FortiGuard Endpoint Vulnerability Service.

Where can I find additional information? 

An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack.  Read less

 

Subscribe today to have outbreak alerts delivered to your inbox Cyberattacks can occur at any time. The number of outbreak alerts you receive can vary anywhere from once per month to several times per week.

FortiGuard Labs Media & Resources

Join Fortinet's top threat experts as they delve into today's critical cybersecurity topics and the ever-evolving cyber threat landscape.

      Threat Intelligence Podcast

Threat Intelligence Podcast

Latest Ransomware Trends and Strategies (Episode 59)

Join us for another episode of the FortiGuard Labs Threat Intelligence Podcast as Jonas Walker and Aamir Lakhani join forces to discuss the recent MOVEit vulnerability and how the Cl0p ransomware groups have orchestrated an extensive campaign around it, making over $100M in revenue.

Listen Now
Blog Posts

Blog Posts

Blogs
Phishing Campaign Targeting Mobile Users in India Using India Post Lures | FortiGuard Labs
Phishing Campaign Targeting Mobile Users in India Using India Post Lures | FortiGuard Labs »

The FortiGuard Labs Threat Research team recently observed a number of social media posts commenting on a fraud campaign targeting India Post users. Learn more.

Exploiting CVE-2024-21412: A Stealer Campaign Unleashed | FortiGuard Labs
Exploiting CVE-2024-21412: A Stealer Campaign Unleashed | FortiGuard Labs »

FortiGuard Labs has observed a stealer campaign spreading multiple files that exploit CVE-2024-21412 to download malicious executable files. Read more.

Dark Web Shows Cybercriminals Ready for Olympics. Are You? | FortiGuard Labs
Dark Web Shows Cybercriminals Ready for Olympics. Are You? | FortiGuard Labs »

According to new FortiGuard Labs analysis, this year’s Olympics has been a target for a growing number of cybercriminals. This report provides a comprehensive view of planned attacks, such as third-party breaches, infostealers, phishing, and malware. Read more.

MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems | FortiGuard Labs
MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems | FortiGuard Labs »

FortiGuard Labs uncovers MerkSpy, a new spyware exploiting CVE-2021-40444 to steal keystrokes and sensitive data. Learn more.

The Growing Threat of Malware Concealed Behind Cloud Services | FortiGuard Labs
The Growing Threat of Malware Concealed Behind Cloud Services | FortiGuard Labs »

Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers. Over the past month, FortiGuard Labs has been monitoring botnets that have adopted this strategy. Learn more.

Fickle Stealer Distributed via Multiple Attack Chain | FortiGuard Labs
Fickle Stealer Distributed via Multiple Attack Chain | FortiGuard Labs »

FortiGuard Labs has uncovered a fresh threat, Fickle stealer, which is distributed via various strategies. Read more.

Ransomware Roundup – Shinra and Limpopo Ransomware | FortiGuard Labs
Ransomware Roundup – Shinra and Limpopo Ransomware | FortiGuard Labs »

Shinra and Limpopo are recent ransomware designed to encrypt files in Windows and VMWare ESXi environments respectively, and they demand payment from victims to decrypt the files.

New Agent Tesla Campaign Targeting Spanish-Speaking People | FortiGuard Labs
New Agent Tesla Campaign Targeting Spanish-Speaking People | FortiGuard Labs »

A new phishing campaign was recently captured by our FortiGuard Labs that spreads a new Agent Tesla variant targeting Spanish-speaking people. Learn more.

Latest Reports

Latest Reports

Latest Reports & On-demand Video

Rapporti
White Paper
Global Threat Landscape Report, 2H 2023
Global Threat Landscape Report, 2H 2023 »

FortiGuard Labs Global Threat Landscape Report offers a snapshot of the active threat landscape and highlights the latest industry trends.

FortiGuard Labs Outbreak Alerts Annual Report 2023
FortiGuard Labs Outbreak Alerts Annual Report 2023 »

Gain an in-depth understanding of various threat categories, including vulnerabilities, targeted attacks, ransomware campaigns, and OT- and IoT-related threats.

Cyber Threat Predictions for 2024
Cyber Threat Predictions for 2024 »

FortiGuard Labs’ threat predictions report examines a new era of advanced persistent cybercrime, discusses how AI is changing the attack game, and shares fresh trends to watch for in 2024.

FortiGuard Incident Response Report H1 – 2023
FortiGuard Incident Response Report H1 – 2023 »

The FortiGuard Incident Response team provides both proactive and reactive incident response services, which are platform-agnostic and available to all organizations across the globe. Incident response teams like ours get unique exposure to attacks and threat vectors compared to many teams working in the cybersecurity field as we are often involved in investigating incidents where the victim’s defenses have failed.

Global Threat Landscape Report, 1H 2023
Global Threat Landscape Report, 1H 2023 »

FortiGuard Labs 1H 2023 Global Threat Landscape Report provides valuable intelligence and early warning for potential threat activity.

Cyber Threat Predictions for 2023
Cyber Threat Predictions for 2023 »

An Annual Perspective by FortiGuard Labs

Global Threat Landscape Report, 2H 2022
Global Threat Landscape Report, 2H 2022 »

New vulnerabilities are on the rise, but don’t count out the old. Don’t become a statistic - get the latest Global Threat Landscape report.


FortiGuard Labs Partners

FortiGuard Labs believes that sharing intelligence and working with other threat intelligence organizations improves protections for customers and enhances the effectiveness of the entire cybersecurity industry. Our leadership helps take the fight to our adversaries and produces a more successful disruption model by leveraging these relationships.

Cyber Threat Alliance: Solving Actionable Intelligence Through A Diverse Ecosystem

Cyber Threat Alliance: Solving Actionable Intelligence Through A Diverse Ecosystem

For decades we have been faced with the classic ‘last mile’ challenge when it comes to information sharing and threat intelligence.

Guarda ora
Fortinet Elevates Its Commitment to MITRE Engenuity Center for Threat-Informed Defense

Fortinet Elevates Its Commitment to MITRE Engenuity Center for Threat-Informed Defense

Fortinet is now an official Research Partner with MITRE Engenuity’s Center for Threat-Informed Defense (Center).

Read Blog

Security Services

Our experts develop and utilize leading-edge machine learning (ML) and artificial intelligence (AI) technologies to provide timely and consistently top-rated protection and actionable threat intelligence. This enables IT and security teams to better secure their organizations. FortiGuard Labs is the driving force behind FortiGuard AI-powered Security Services. Its services counter threats in real-time with ML-powered, coordinated protection and are natively integrated into the Fortinet Security Fabric, enabling fast detection and enforcement across the entire attack surface.
Application Security

FortiGuard application security services protect, monitor, and optimize application performance and usage.

Consulta guide alle soluzioni, eBook, schede tecniche, rapporti degli analisti e altro ancora.

Contact Us

Still have questions? We’re here to help.