Your blog category
FortiGuard Labs is aware of a newly disclosed vulnerability in Zyxel network attached storage (NAS) devices in an advisory published today by CERT/CC. Multiple Zyxel devices contain a pre authentication command injection vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on the device. The vulnerability was reported by security journalist Brian…
UPDATE February 17: Added reference to CVE-2022-24087, which Adobe disclosed and issues an out-of-band patch for on February 17th, 2022.FortiGuard Labs is aware of reports that Magento Open Source and Adobe Commerce are actively being targeted and exploited through CVE-2022-24086. This vulnerability can lead to remote code execution (RCE) on an exploited server which means…
FortiGuard Labs is aware that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-22718 to the Known Exploited Vulnerabilities Catalog. CVE-2022-24481 is a local privilege escalation vulnerability in the Windows Print Spooler and affects multiple versions of Windows OS. Microsoft issued a patch for the vulnerability as part of the February 2022 Patch…
FortiGuard Labs is aware of a report that CVE-2022-30190 is exploited in the wild to deliver Qakbot malware. Currently, a patch is not available for CVE-2022-30190. Also known as Qbot and Pinkslipbot, Qakbot started off as a banking malware. In recent years, Qakbot was seen as a delivery vehicle for other malware, which often results…
FortiGuard Labs is aware that the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability), CVE-2022-33891 (Apache Spark Command Injection Vulnerability) and CVE-2022-35914 (Teclib GLPI Remote Code Execution Vulnerability) to their Known Exploited Vulnerabilities catalog on March 7, 2023. The catalog lists vulnerabilities that are being actively exploited…
FortiGuard Labs is aware that the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2020-5741 (Plex Media Server remote code execution vulnerability) and CVE-2021-39144 (XStream Remote Code Execution Vulnerability) to their Known Exploited Vulnerabilities (KEV) catalog on March 10, 2023. The catalog lists vulnerabilities that are being actively exploited in the wild and require federal agencies…
UPDATE 04/26/2023: Updated protection section for IPS protection.FortiGuard Labs is aware that a recently disclosed vulnerability in PaperCut MF/NG (CVE-2023-27350) is susceptible to a remote code execution attack and is currently being exploited in the wild. Various remote management and maintenance software and Truebot malware were reportedly to have been deployed to unpatched severs. As…
UPDATE April 19 2023: Updated to include another sandbox vulnerability in vm2 (CVE-2023-30547).Earlier this week, an update was released for a critical sandbox escape vulnerabilities in vm2 (CVE-2023-29017 and CVE-2023-29199) , which ultimately allows for remote code execution by an attacker. vm2 is a widely used module within the Node.js library that provides a sandbox…
rnWhat is the Attack?rnCisco issued an advisory on 24th April, regarding its Adaptive Security Appliances, multifunctional devices combining firewall, VPN, and other security functions. It reported that these appliances had become the focus of state-sponsored espionage, with attackers exploiting two previously unknown vulnerabilities to infiltrate government entities worldwide. In this campaign, two backdoors were deployed:…