FortiGuard Labs | FortiGuard Center - Outbreak Alerts

PHP RCE Attack

FortiGuard Labs has observed significant level of exploitation attempts targeting the new PHP vulnerability. The TellYouThePass ransomware gang has been leveraging CVE-2024-4577, a remote code execution vulnerability in PHP to deliver web shells and deploy ransomware on targeted systems.

Check Point Quantum Security Gateways Information Disclosure Attack

Attackers exploit a zero-day vulnerability affecting Check Point Security Gateways to gain remote access. The vulnerability can allow attackers to read sensitive information on Check Point Security Gateways enabled with remote Access VPN or Mobile Access Software Blades.

Oracle WebLogic Server Vulnerability

Known exploited vulnerabilities in the Oracle WebLogic Server. The vulnerabilities allows an unauthenticated attacker with network to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data on the Oracle WebLogic Server and attacker may further use it deploy malware such as cryptocurrency miners.

D-Link Multiple Devices Attack

Multiple D-link device vulnerabilities are being actively targeted. Many of the Routers and NAS devices are end-of-life (EOL) D-Link devices that do not have any patches available.

Black Basta Ransomware

A new alert from CISA, the FBI, the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that Black Basta affiliates have attacked 12 of the 16 critical infrastructure sectors, including healthcare organizations.

ConnectWise ScreenConnect Attack

Threat actors including ransomware gangs are seen exploiting newly discovered critical flaws in remote monitoring and management software called ScreenConnect.

C-DATA Web Management System RCE Attack

FortiGuard Labs observed a critical level of attack attempts in the wild targeting a 2-year-old vulnerability found on C-DATA Web Management System.

PAN-OS GlobalProtect Command Injection Vulnerability

The attack on PAN-OS GlobalProtect devices identified as CVE-2024-3400 allows a malicious actor to remotely exploit an unauthenticated command injection vulnerability that leads to remote code execution. Once established, the attacker can further collect configurations, deliver malware payloads and move laterally and internally.

Akira Ransomware

FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has targeted over 250 organizations since the past year, affecting numerous businesses and critical infrastructure entities across North America, Europe, and Australia. The gang has made over $42 million from the attacks as ransom payments.

Sunhillo SureLine Command Injection Attack

The attack on Sunhillo SureLine identified as CVE-2021-36380 allows a malicious actor to exploit an unauthenticated OS Command Injection vulnerability. Once established, the attacker can gain command over the targeted system and potentially achieving full system compromise.

Nice Linear eMerge Command Injection Vulnerability

The vulnerability tracked as CVE-2019-7256 affecting an access control system called Linear eMerge E3-Series is affected by an OS command injection flaw that could allow an attacker to cause remote code execution and full access to the system.

Ivanti Connect Secure and Policy Secure Attack

Outbreak Alert- Annual Report 2023

Androxgh0st Malware Attack

Adobe ColdFusion Access Control Bypass Attack

Lazarus RAT Attack

Microsoft SharePoint Server Elevation of Privilege Vulnerability

JetBrains TeamCity Authentication Bypass Attack

Apache ActiveMQ Ransomware Attack

Citrix Bleed Attack

Distributed by