As cyber threats continue to grow and evolve, so does the need for innovative solutions and reliable threat intelligence. Using millions of global network sensors, FortiGuard Labs monitors the worldwide attack surface and employs artificial intelligence (AI) to mine that data for new threats, ensuring you are prepared for what’s coming.
When a cybersecurity attack with large ramifications affects numerous organizations, FortiGuard Outbreak Alerts are here to help you understand what happened, learn the technical details of the attack, and how you can protect yourself now and in the future.
What is the PAN-OS GlobalProtect Command Injection Attack?
The attack identified as CVE-2024-3400 allows a malicious actor to exploit an unauthenticated OS Command Injection vulnerability on PAN-OS GlobalProtect devices. The vulnerability has a CVSS score of 10.0. CISA has issued an alert adding the vulnerability to the Known Exploited Vulnerability catalog. Read more
The command injection vulnerability exists in the GlobalProtect of the PAN-OS devices. Once connection is established, the attacker can install a custom Python backdoor, pivot into the internal networks and exfiltrate data.
An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack. Read less
What is the Sunhillo SureLine Command Injection Attack?
The attack on Sunhillo SureLine identified as CVE-2021-36380 allows a malicious actor to exploit an unauthenticated OS Command Injection vulnerability. Once connection has been established, the attacker can gain command over the targeted system and potentially achieving full system compromise. The Sunhillo products handles the surveillance data distribution systems for the Federal Aviation Administration, US Military, civil aviation authorities, and national defense organizations. Read more
The vulnerability exists in the Sureline software due to improper input validation in the "ipAddr" and "dnsAddr" parameters. That allows an attacker to manipulate the resulting command by injecting a valid OS command input allowing the establishment of an interactive remote shell session.
Since October 2023, the FortiGuard has protection coverage against this vulnerability. Exploitation attempts has been intercepting attack attempts averaging at a thousand per day. Also, the Mirai malware is used as a payload for further infiltration. It is recommended to apply a firmware patch as recommended by the vendor to fully mitigate any risks.
CISA has issued an alert that the vulnerability has been added to the Known Exploited Vulnerability catalog.
An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack. Read less
What is the Nice Linear eMerge Command Injection Vulnerability?
The vulnerability tracked as CVE-2019-7256 is a command injection flaw that could allow an attacker to cause remote code execution and get full access to the system. The Nice Linear eMerge E3-Series is a popular access control system used in various commercial and industrial environments worldwide which underscores the importance of the potential widespread impact of this vulnerability. Read more
Since January of this year, the IPS signature designed to safeguard against CVE-2019-7256 has been intercepting attack attempts, blocking such incidents on around 1000 distinct IPS devices daily. FortiGuard Labs continues to see attack attempts targeting the CVE-2019-7256 and has an existing IPS signature to block any attack attempts. However, it is recommended to apply a firmware patch as recommended by the vendor to fully mitigate any risks.
An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack. Read less
Cyberattacks can occur at any time. The number of outbreak alerts you receive can vary anywhere from once per month to several times per week.
Join Fortinet's top threat experts as they delve into today's critical cybersecurity topics and the ever-evolving cyber threat landscape.
|
Join us for another episode of the FortiGuard Labs Threat Intelligence Podcast as Jonas Walker and Aamir Lakhani join forces to discuss the recent MOVEit vulnerability and how the Cl0p ransomware groups have orchestrated an extensive campaign around it, making over $100M in revenue.
Listen Now
FortiGuard Labs uncovered a threat actor using ScrubCrypt to spread VenomRAT along with multiple RATs. Learn more.
FortiGuard Labs has uncovered the Byakugan malware behind a recent malware campaign distributed by malicious PDF files. Learn more.
The RA World ransomware, which debuted late last year, claims to be holding more than 20 organizations worldwide hostage for financial gain. Learn more.
ForitGuard Labs uncovers a rat VCURMS weapon and STRRAT in a phishing campaign. Learn more.
FortiGuard Labs discovered a new banking Trojan targeting users in Brazil with stealthy tactics. Learn more.
FortiGuard Labs annual report reviews critical Outbreak Alerts impacting organizations worldwide. Learn more.
FortiGuard Labs highlights the Abyss Locker ransomware group that steals information from victims and encrypts files for financial gain. Learn more.
FortiGuard investigates a hot new sample of Android/SpyNote, which shows the malware authors stealing crypto currencies from crypto wallets.
FBI Warns against public phone charging stations
To address the talent shortage facing SOC teams Fortinet's enhanced services help SOC teams reduce their cyber risk concerns and allowing more time for higher-priority projects. View the details in the press release.
New research underscores the importance of effective cyber awareness training for employees to decrease cyber risks, with more than 50% of leaders indicating their employees lack proper knowledge
“Fortinet is honored to become a member of JCDC to build on our existing collaboration and trusted relationship with the U.S. government to help improve our nation’s cybersecurity.” - Ken Xie, Founder, Chairman of the Board, and Chief Executive Officer at Fortinet
By integrating current threat intelligence into defense strategies, cybersecurity staff can effectively anticipate, prevent, and respond to cyberattacks. This webinar will walk through the concept of Threat Informed Defense, the MITRE CTID, two recently published projects, and current projects in the works.
The threat landscape is changing faster than ever. Over the past six months, FortiGuard Labs identified 10,666 new ransomware variants—twice as many as in the previous 6 months. See what our experts had to say.
Our FortiGuard Labs experts discuss the cyber threat activity we saw in the second half of 2022, predictions for 2023, and smart strategies you can implement today.
Gain an in-depth understanding of various threat categories, including vulnerabilities, targeted attacks, ransomware campaigns, and OT- and IoT-related threats.
FortiGuard Labs’ threat predictions report examines a new era of advanced persistent cybercrime, discusses how AI is changing the attack game, and shares fresh trends to watch for in 2024.
The FortiGuard Incident Response team provides both proactive and reactive incident response services, which are platform-agnostic and available to all organizations across the globe. Incident response teams like ours get unique exposure to attacks and threat vectors compared to many teams working in the cybersecurity field as we are often involved in investigating incidents where the victim’s defenses have failed.
FortiGuard Labs 1H 2023 Global Threat Landscape Report provides valuable intelligence and early warning for potential threat activity.
An Annual Perspective by FortiGuard Labs
New vulnerabilities are on the rise, but don’t count out the old. Don’t become a statistic - get the latest Global Threat Landscape report.
FortiGuard Labs 1H 2023 Global Threat Landscape Report provides valuable intelligence and early warning for potential threat activity.
New vulnerabilities are on the rise, but don’t count out the old. Don’t become a statistic - get the latest Global Threat Landscape report.
FortiGuard Labs believes that sharing intelligence and working with other threat intelligence organizations improves protections for customers and enhances the effectiveness of the entire cybersecurity industry. Our leadership helps take the fight to our adversaries and produces a more successful disruption model by leveraging these relationships.
For decades we have been faced with the classic ‘last mile’ challenge when it comes to information sharing and threat intelligence.
Watch Now
Fortinet is now an official Research Partner with MITRE Engenuity’s Center for Threat-Informed Defense (Center).
Read Blog
FortiGuard application security services protect, monitor, and optimize application performance and usage.
Find solution guides, eBooks, data sheets, analyst reports, and more.
