PTZOptics NDI and SDI Cameras Attack
FortiGuard Labs has observed attack attempts aimed at PTZOptics cameras, with FortiGuard sensors detecting telemetry from as many as 4,000 devices. This surge in activity highlights the vulnerabilities present in these devices, which can be easily exploited by attackers seeking unauthorized access, potentially leading complete camera takeover, infection with bots, pivoting to other devices connected on the same network, or disruption of video feeds. |
Ivanti Cloud Services Appliance Zero-Day Attack
Threat actors chained and exploited multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance). If successful, this could lead an attacker to gain admin access, obtain credentials, bypass security measures, run arbitrary SQL commands, and execute code remotely. |
Mitel MiCollab Unauthorized Access Attack
Security flaws in Mitel MiCollab, CVE-2024-35286, CVE-2024-41713, and an arbitrary file read zero-day (still without a CVE number) have been found, putting many organizations at risk. These vulnerabilities allow attackers to bypass authentication and access files on affected servers, revealing sensitive information that could expose organizations to serious security risks. |
Apache Struts 2 RCE Attack
FortiGuard Labs has detected on-going exploit attempts targeting a recently patched Apache Struts 2 vulnerability. Attackers can manipulate file upload parameters to enable path traversal, potentially leading to malicious file upload. This may result in Remote Code Execution, allowing attackers to run arbitrary code, steal data, or compromise entire systems. |
Russian Cyber Espionage Attack
FortiGuard Labs continues to observe attack attempts exploiting the vulnerabilities highlighted in the recent CISA advisory about Russian military cyber actors. These actors are targeting U.S. and global critical infrastructure to conduct espionage, steal data, and compromise or destroy sensitive information. |
TBK DVR Authentication Bypass Attack
FortiGuard Labs observed "Critical" level of attack attempts to exploit an Authentication Bypass Vulnerability in TBK DVR devices (4104/4216) with upto more than 50,000+ unique IPS detections in the month of April 2023. The 5-year-old vulnerability (CVE-2018-9995) is due to an error when handling a maliciously crafted HTTP cookie. A remote attacker may be able to exploit this flaw to bypass authentication and obtain administrative privileges eventually leading access to camera video feeds. |
Palo Alto Networks Management Interface Attack
Palo Alto Networks has recently disclosed two zero-day vulnerabilities, CVE-2024-0012 and CVE-2024-9474, affecting the PAN-OS firewall and other products. Both flaws, which are actively being exploited in the wild, affect the Management Web Interface. Successful exploitations allows attackers to bypass authentication and gain administrator-level access without any user interaction. |
Progress Kemp LoadMaster OS Command Injection Vulnerability
FortiGuard network sensors detect attack attempts targeting the Progress Kemp LoadMaster. Successful exploitation of the CVE-2024-1212 vulnerability allows unauthenticated remote attackers to access the system through the management interface, potentially leading to data breaches, service disruptions, or further attacks |
Palo Alto Expedition Missing Authentication Vulnerability
FortiGuard sensors continue to detect and block attack attempts targeting the Palo Alto Expedition vulnerabilities that could allow attackers to take over administrative accounts, putting configuration secrets, credentials, and other imported data within Expedition at serious risk. |
Mallox Ransomware
FortiGuard Labs continue to see increase in Mallox ransomware related activities detecting Mallox ransomware on multiple hundred FortiGuard sensors. Ransomware infection may cause disruption, damage to daily operations, potential impact to an organization's reputation and extortion. |
GeoServer RCE Attack
A remote code execution vulnerability affecting GeoServer is under active exploitation, with recent attack attempts observed on 40,000+ FortiGuard sensors. This vulnerability (CVE-2024-36401) is suspected to be exploited by the Earth Baxia APT group, as reported by FortiGuard Recon and the root cause of the vulnerability lies in the absence of proper input validation during request handling, posing a significant risk of system compromise upon successful exploitation. |
Apache OFBiz RCE Attack
FortiGuard Labs continues to observe attack attempts targeting the recent Apache OFBiz vulnerabilities (CVE-2024-38856 and CVE-2024-36104) that can be exploited by threat actors through maliciously crafted unauthorized requests, leading to the remote code execution. |
Jenkins RCE Attack
Cyber threat actors target Jenkins Arbitrary File Read vulnerability (CVE-2024-23897) in ransomware attacks. FortiGuard Labs continues to see active attack telemetry targeting the vulnerability. |
ServiceNow Remote Code Execution Attack
FortiGuard Labs continue to observe attack attempts targeting the recent ServiceNow Platform vulnerabilities (CVE-2024-4879, CVE-2024-5217, & CVE-2024-5178). When chained together, could lead to Remote Code Execution and potential data breaches with unauthorized system access. |
PHP RCE Attack
FortiGuard Labs has observed significant level of exploitation attempts targeting the new PHP vulnerability. The TellYouThePass ransomware gang has been leveraging CVE-2024-4577, a remote code execution vulnerability in PHP to deliver web shells and deploy ransomware on targeted systems. |
Check Point Quantum Security Gateways Information Disclosure Attack
Attackers exploit a zero-day vulnerability affecting Check Point Security Gateways to gain remote access. The vulnerability can allow attackers to read sensitive information on Check Point Security Gateways enabled with remote Access VPN or Mobile Access Software Blades. |
D-Link Multiple Devices Attack
Multiple D-link device vulnerabilities are being actively targeted. Many of the Routers and NAS devices are end-of-life (EOL) D-Link devices that do not have any patches available. |
|