FortiGuard Outbreak Alerts

Tactical steps to mitigate the latest cybersecurity attacks

Fortinet Named a Leader in the 2022 Gartner® Magic Quadrant™ for Network Firewalls

Outbreak Alerts

When a cybersecurity incident/attack/event occurs that has large ramifications to the cybersecurity industry and affects numerous organizations, FortiGuard Outbreak Alerts will be the mechanism for communicating important information to Fortinet's customers and partners. These Outbreak Alerts will help you understand what happened, the technical details of the attack and how organizations can protect themselves from the attack and others like it.

The Alert will include:

Details of the attack including timeline, technology affected, and where applicable patches/ mitigation recommendations can be found
Recommended Fortinet products that would break the attack sequence, and threat hunting tools to help you determine if you were affected
Additional related research from FortiGuard Labs

Click here to learn more about our FortiGuard suite of market-leading, AI-enabled security capabilities.

Sign up to receive updates on Outbreaks

Threat Signals and Outbreak Alerts

Threat Signals provide insight on emerging issues that are trending within the cyber threat landscape, and provide concise technical details about the issue, mitigation recommendations, and a perspective from the FortiGuard Labs team. This can include significant vulnerability disclosures such as high profile zero days, coordinated announcements with Cyber Threat Alliance partners, malware of significance, or any other threats making the news cycle.

Threat Signals

Click here to access all Threat Signals

Outbreak Alerts

Click here to access all Outbreak Alerts

Critical Outbreak Alerts

Sep 30, 2022

Microsoft Exchange 0-day

Attack Type: Vulnerability Exploitation
Threat Actor: Unidentified

Two critical zero-day vulnerabilities (CVE-2022-41082 and CVE-2022-41040) that can allow the attacker to do a Remote Code Execution (RCE) on Microsoft Exchange Servers.

Outbreak Alert Threat Signal Latest Blog Analysis

Jun 4, 2022

Confluence Vulnerability

Attack Type: Vulnerability Exploitation Leading to Remote Code Execution
Threat Actor: Unidentified

A critical 0-day vulnerability on Atlassian Confluence Data Center and Server is actively being exploited in the wild. The vulnerability is established via the Object Graph Navigation Language (OGNL) injection that allows an unauthenticated user to execute arbitrary code.

Outbreak Alert Threat Signal

Jun 1, 2022

Follina: MSDT 0-day

Attack Type: Vulnerability Exploitation
Threat Actor: Chinese APT actor TA413

This vulnerability (CVE-2022-30190) is a 0-day vulnerability in Microsoft Support Diagnostic Tool that allows remote code execution and is being exploited in the wild. More attacks are expected as Proof-of-Concept code is available and a patch has not yet been released.

MSDT Follina Outbreak Alert Latest Blog Analysis

Dec 9, 2021

Log4j

Attack Type: Vulnerability Exploitation Leading to Remote Code Execution
Threat Actor: Multiple unidentified attackers

A zero-day vulnerability was discovered in Log4j, a Java-based logging utility that is part of Apache Logging Services Project. Deployed on millions of servers, this vulnerability can be exploited to allow for remote code execution and total system control on vulnerable systems.

Log4j Outbreak Alert Latest Blog Analysis

July 1, 2021

Kaseya VSA

Attack Type: Vulnerability Exploitation and REvil Ransomware-as-a-Service
Threat Actor: REvil plus unidentified associate

A sophisticated supply-chain ransomware attack that leveraged a vulnerability in the Kaseya VSA software to infect multiple managed service providers (MSPs) and their customers. We provide Outbreak Alert analyses for both the initial exploitation and the subsequent ransomware attack.

Kaseya Outbreak Alert REvil Outbreak Alert

June 30, 2021

Microsoft Print Spooler

Attack Type: Vulnerability Exploitation
Threat Actor: Unidentified

A potentially new zero-day Microsoft vulnerability, dubbed "PrintNightmare," makes it possible for any authenticated attacker to remotely execute code with SYSTEM privileges on any machine that has the Windows Print Spooler service enabled (which is the default setting).

Outbreak Alert

May 6, 2021

Colonial Pipeline

Attack Type: Ransomware
Threat Actor: DarkSide

Operation Technology (OT) Attack. These actions temporarily halted all pipeline operations and affected some of their IT systems, causing gas shortages and taking weeks to recover.

Outbreak Alert

Mar 10, 2021

F5 Big IP

Attack Type: Vulnerability Exploitation
Threat Actor: Multiple

F5 reported several new vulnerabilities under attack that could lead to complete system compromise. F5 urged immediate upgrades.

Outbreak Alert

Jan 6, 2021

Microsoft Exchange

Attack Type: Vulnerability Exploitation and DearCry Ransomware
Threat Actor: HAFNIUM

The original Zero-Day vulnerabilities were exploited and used by the HAFNIUM group for the global Ransomware campaign

Outbreak Alert

Dec 2020

SolarWinds

Attack Type: Hack (Sunburst, Teardrop, Raindrop malware
Threat Actor: Russian Foreign Intelligence Service (SVR)

A complex & targeted supply chain cyber attack, with the primary goal of inserting a malicious backdoor into trusted (signed) software, which could later be exploited in end-customer updates of the SolarWinds Orion platform.

Outbreak Alert

Resources