FortiGuard Outbreak Alerts
Tactical steps to mitigate the latest cybersecurity attacks
Fortinet 獲選為Gartner®網路防火牆魔力象限™領導者Outbreak Alert
When a cybersecurity incident/attack/event occurs that has large ramifications to the cybersecurity industry and affects numerous organizations, FortiGuard Outbreak Alerts will be the mechanism for communicating important information to Fortinet's customers and partners. These Outbreak Alerts will help you understand what happened, the technical details of the attack and how organizations can protect themselves from the attack and others like it.
Sign up to receive updates on Outbreaks
Threat Signals and Outbreak Detection Service
Current Outbreak Alerts
Microsoft Exchange 0-day
Attack Type: Vulnerability Exploitation
Threat Actor: Unidentified
Two critical zero-day vulnerabilities (CVE-2022-41082 and CVE-2022-41040) that can allow the attacker to do a Remote Code Execution (RCE) on Microsoft Exchange Servers.
Confluence Vulnerability
Attack Type: Vulnerability Exploitation Leading to Remote Code Execution
Threat Actor: Unidentified
A critical 0-day vulnerability on Atlassian Confluence Data Center and Server is actively being exploited in the wild. The vulnerability is established via the Object Graph Navigation Language (OGNL) injection that allows an unauthenticated user to execute arbitrary code.
Follina: MSDT 0-day
Attack Type: Vulnerability Exploitation
Threat Actor: Chinese APT actor TA413
This vulnerability (CVE-2022-30190) is a 0-day vulnerability in Microsoft Support Diagnostic Tool that allows remote code execution and is being exploited in the wild. More attacks are expected as Proof-of-Concept code is available and a patch has not yet been released.
Log4j
Attack Type: Vulnerability Exploitation Leading to Remote Code Execution
Threat Actor: Multiple unidentified attackers
A zero-day vulnerability was discovered in Log4j, a Java-based logging utility that is part of Apache Logging Services Project. Deployed on millions of servers, this vulnerability can be exploited to allow for remote code execution and total system control on vulnerable systems.
Kaseya VSA
Attack Type: Vulnerability Exploitation and REvil Ransomware-as-a-Service
Threat Actor: REvil plus unidentified associate
A sophisticated supply-chain ransomware attack that leveraged a vulnerability in the Kaseya VSA software to infect multiple managed service providers (MSPs) and their customers. We provide Outbreak Alert analyses for both the initial exploitation and the subsequent ransomware attack.
Microsoft Print Spooler
Attack Type: Vulnerability Exploitation
Threat Actor: Unidentified
A potentially new zero-day Microsoft vulnerability, dubbed "PrintNightmare," makes it possible for any authenticated attacker to remotely execute code with SYSTEM privileges on any machine that has the Windows Print Spooler service enabled (which is the default setting).
Colonial Pipeline
Attack Type: Ransomware
Threat Actor: DarkSide
Operation Technology (OT) Attack. These actions temporarily halted all pipeline operations and affected some of their IT systems, causing gas shortages and taking weeks to recover.
F5 Big IP
Attack Type: Vulnerability Exploitation
Threat Actor: Multiple
F5 reported several new vulnerabilities under attack that could lead to complete system compromise. F5 urged immediate upgrades.
Microsoft Exchange
Attack Type: Vulnerability Exploitation and DearCry Ransomware
Threat Actor: HAFNIUM
The original Zero-Day vulnerabilities were exploited and used by the HAFNIUM group for the global Ransomware campaign
SolarWinds
Attack Type: Hack (Sunburst, Teardrop, Raindrop malware
Threat Actor: Russian Foreign Intelligence Service (SVR)
A complex & targeted supply chain cyber attack, with the primary goal of inserting a malicious backdoor into trusted (signed) software, which could later be exploited in end-customer updates of the SolarWinds Orion platform.
FortiGuard Outbreak Alerts
FortiGuard Outbreak Alerts will be the mechanism for communicating important information to customers and partners. When a cybersecurity incident/attack/event occurs that has large ramifications to the cybersecurity industry and affects numerous organizations, this page will be updated with a link to the individual FortiGuard Outbreak Alert. That Alert will include:
- An explanation of the attack, its timeline and what specific technology was affected
- Where applicable patches and/or mitigation recommendations can be found
- What Fortinet products, if deployed, would break the attack sequence
- What specific versions those Fortinet products need to be at to provide the protection
- Threat Hunting tools from Fortinet to help you determine if you were affected
- Related research from FortiGuard Labs
