FortiGuard Outbreak Alerts

3CX Supply Chain Attack

Digitally signed 3CX desktop app is used in a supply chain attack against 3CX VOIP customers. A previously unknown infostealer was deployed to the victims at the end of the infection chain. At this time, Windows and MacOS versions were reportedly trojanized.

Microsoft Exchange 0-day

Two critical zero-day vulnerabilities (CVE-2022-41082 and CVE-2022-41040) that can allow the attacker to do a Remote Code Execution (RCE) on Microsoft Exchange Servers.

Confluence Vulnerability

A critical 0-day vulnerability on Atlassian Confluence Data Center and Server is actively being exploited in the wild. The vulnerability is established via the Object Graph Navigation Language (OGNL) injection that allows an unauthenticated user to execute arbitrary code.

Follina: MSDT 0-day

This vulnerability (CVE-2022-30190) is a 0-day vulnerability in Microsoft Support Diagnostic Tool that allows remote code execution and is being exploited in the wild. More attacks are expected as Proof-of-Concept code is available and a patch has not yet been released.

Log4j

A zero-day vulnerability was discovered in Log4j, a Java-based logging utility that is part of Apache Logging Services Project. Deployed on millions of servers, this vulnerability can be exploited to allow for remote code execution and total system control on vulnerable systems.

Kaseya VSA

A sophisticated supply-chain ransomware attack that leveraged a vulnerability in the Kaseya VSA software to infect multiple managed service providers (MSPs) and their customers. We provide Outbreak Alert analyses for both the initial exploitation and the subsequent ransomware attack.

Microsoft Print Spooler

A potentially new zero-day Microsoft vulnerability, dubbed "PrintNightmare," makes it possible for any authenticated attacker to remotely execute code with SYSTEM privileges on any machine that has the Windows Print Spooler service enabled (which is the default setting).

Colonial Pipeline

Operation Technology (OT) Attack. These actions temporarily halted all pipeline operations and affected some of their IT systems, causing gas shortages and taking weeks to recover.

F5 Big IP

F5 reported several new vulnerabilities under attack that could lead to complete system compromise.  F5 urged immediate upgrades.

Microsoft Exchange

The original Zero-Day vulnerabilities were exploited and used by the HAFNIUM group for the global Ransomware campaign

SolarWinds

A complex & targeted supply chain cyber attack, with the primary goal of inserting a malicious backdoor into trusted (signed) software, which could later be exploited in end-customer updates of the SolarWinds Orion platform.