What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-05-07 14:00:00 | La vie à Fortinet: faire une différence en protégeant la société Life at Fortinet: Making a Difference by Protecting Society (lien direct) |
Rencontrez Amandine Bouguessa, un ingénieur de sécurité des produits Fortinet qui bénéficie du défi d'identifier les vulnérabilités et de trouver les solutions pour y remédier.
Meet Amandine Bouguessa, a Fortinet product security engineer who enjoys the challenge of identifying vulnerabilities and finding the solutions to address them. |
Vulnerability | ★★★ | |
|
2025-04-10 13:00:00 | Analyse de l'activité des acteurs de la menace Analysis of Threat Actor Activity (lien direct) |
Fortinet équilibre avec diligence notre engagement envers la sécurité de nos clients et notre culture de transparence responsable et s'engage à partager des informations avec cet objectif à l'esprit. Bien que les efforts des acteurs de menace pour exploiter les vulnérabilités connues ne soient pas nouvelles, les enquêtes de Fortinet récentes ont découvert une technique post-exploitation utilisée par un acteur de menace. Ce blog offre une analyse de cette constatation pour aider nos clients à prendre des décisions éclairées.
Fortinet diligently balances our commitment to the security of our customers and our culture of responsible transparency and commits to sharing information with that goal in mind. While efforts by threat actors to exploit known vulnerabilities are not new, recent Fortinet investigations have discovered a post exploitation technique used by a threat actor. This blog offers analysis of that finding to help our customers make informed decisions. |
Vulnerability Threat | ★★★ | |
|
2025-03-11 13:00:00 | Avançant des efforts de divulgation responsables: A Q&A avec Michael Daniel de Cyber Threat Alliance Advancing Responsible Disclosure Efforts: A Q&A with Michael Daniel of Cyber Threat Alliance (lien direct) |
La Cyber Threat Alliance a introduit sa politique de communication de vulnérabilité responsable, présentant des directives pour la gestion de manière responsable, a révélé des vulnérabilités dans tout produit ou système d'une manière qui optimise les résultats sécurisés. Fortinet soutient fièrement l'adoption par CTA \\ de cette politique dans le cadre de notre engagement continu à faire progresser la divulgation de vulnérabilité transparente et responsable pour aider à mieux protéger les clients et renforcer la confiance dans l'industrie.
The Cyber Threat Alliance introduced its Responsible Vulnerability Communication Policy, laying out guidelines for responsibly handling disclosed vulnerabilities in any product or system in a way that optimizes secure outcomes. Fortinet proudly supports CTA\'s adoption of this policy as part of our ongoing commitment to advancing transparent and responsible vulnerability disclosure to help better protect customers and build trust across the industry. |
Vulnerability Threat | ★★ | |
|
2025-03-10 13:00:00 | Fortinet identifie les forfaits malveillants dans la nature: idées et tendances à partir de novembre 2024 Fortinet Identifies Malicious Packages in the Wild: Insights and Trends from November 2024 Onward (lien direct) |
Fortiguard Labs analyse les packages de logiciels malveillants détectés de novembre 2024 à nos jours et a identifié diverses techniques utilisées pour exploiter les vulnérabilités du système. Apprendre encore plus.
FortiGuard Labs analyzes malicious software packages detected from November 2024 to the present and has identified various techniques used to exploit system vulnerabilities. Learn more. |
Vulnerability Threat | ★★ | |
|
2024-12-26 21:42:00 | Botnets Continue to Target Aging D-Link Vulnerabilities (lien direct) | FortiGuard Labs recently noticed that attackers still use and deliver two different botnets via D-Link exposing a HNAP interface weakness. Learn more.
FortiGuard Labs recently noticed that attackers still use and deliver two different botnets via D-Link exposing a HNAP interface weakness. Learn more. |
Vulnerability | ★★ | |
|
2024-10-22 13:00:00 | Gérer les opérations de sécurité dans un environnement complexe Managing Security Operations in a Complex Environment (lien direct) |
Un opérateur de réseau électrique a déployé une solution Fortinet SECOPS pour protéger contre les attaques zéro-jour, converger la sécurité informatique / OT et centraliser la gestion du système.
A power grid operator has deployed a Fortinet SecOps solution to protect against zero-day attacks, converge IT/OT security, and centralize system management. |
Vulnerability Threat Industrial | ★★★ | |
|
2024-10-11 15:00:00 | Burning Zero Days: Adversary de l'État-nation suspecté Ivanti CSA Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA (lien direct) |
Un cas où un adversaire avancé a été observé exploitant trois vulnérabilités affectant l'appareil de services cloud Ivanti (CSA).Cet incident est un excellent exemple de la façon dont les acteurs menacent la chaîne des vulnérabilités zéro-jour pour obtenir un accès initial à un réseau de victime.Apprendre encore plus.
A case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). This incident is a prime example of how threat actors chain zero-day vulnerabilities to gain initial access to a victim\'s network. Learn more. |
Vulnerability Threat Cloud | ★★★ | |
|
2024-09-05 13:00:00 | Les acteurs de la menace exploitent la vulnérabilité GeoServer CVE-2024-36401 Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401 (lien direct) |
Lorsque la vulnérabilité du géoserver CVE-2024-36401 a émergé, les laboratoires Fortiguard ont rassemblé des renseignements connexes.Ce blog met en évidence les acteurs de la menace et la façon dont ils exploitent et utilisent la vulnérabilité.
When the GeoServer vulnerability CVE-2024-36401 emerged, the FortiGuard Labs gathered related intelligence. This blog highlights the threat actors and how they exploit and use the vulnerability. |
Vulnerability Threat | ★★★ | |
|
2024-08-22 13:00:00 | L'écart de compétences laisse les organisations ouvertes à de nouvelles menaces et vulnérabilités The Skills Gap Leaves Organizations Open to New Threats and Vulnerabilities (lien direct) |
Fermez les lacunes de la stratégie de gestion des risques et relevez les défis de la dotation en cybersécurité pour mieux protéger votre organisation contre les violations.Apprendre encore plus.
Close risk management strategy gaps and address cybersecurity staffing challenges to better protect your organization against breaches. Learn more. |
Vulnerability | ★★★ | |
|
2024-05-03 14:27:00 | La divulgation responsable proactive est un moyen crucial Fortinet renforce la sécurité du client Proactive Responsible Disclosure is One Crucial Way Fortinet Strengthens Customer Security (lien direct) |
L'industrie de la cybersécurité continue de croître et de mûrir.Dans le cadre de ce processus, nous devons collectivement soulever le sujet de la nécessité de la nécessité de régler les règles pour gérer la divulgation des vulnérabilités, en particulier compte tenu des nombreux avantages de fournir une telle intelligence dans la protection des clients contre les cyber-adversaires.
The cybersecurity industry continues to grow and mature. As a part of this process, we must collectively raise the topic of-and discuss the need for-ethical rules for handling the disclosure of vulnerabilities, especially given the many benefits of providing such intelligence in protecting customers against cyber adversaries. |
Vulnerability | ★★★ | |
|
2024-05-01 15:00:00 | Nouveau botnet «Goldoon» ciblant les appareils D-Link New “Goldoon” Botnet Targeting D-Link Devices (lien direct) |
Fortiguard Labs a découvert le nouveau botnet «Goldoon» ciblant les dispositifs D-Link grâce à la vulnérabilité connexe CVE-2015-2051.Apprendre encore plus.
FortiGuard Labs discovered the new botnet “Goldoon” targeting D-Link devices through related vulnerability CVE-2015-2051. Learn more. |
Vulnerability | ★★ | |
|
2024-04-16 15:00:00 | Les botnets continuent d'exploiter le CVE-2023-1389 pour une propagation à grande échelle Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread (lien direct) |
Fortiguard Labs dévoile Moobot, Miroi, Agoent, Gafgyt et plus exploitant TP-Link Archer AX21 Vulnérabilité CVE-2023-1389.Apprendre encore plus.
FortiGuard Labs unveils Moobot, Miroi, AGoent, Gafgyt and more exploiting TP-Link Archer AX21 vulnerability CVE-2023-1389. Learn more. |
Vulnerability | ★★ | |
|
2024-02-07 17:15:00 | L'importance du correctif: une analyse de l'exploitation des vulnérabilités des jours The Importance of Patching: An Analysis of the Exploitation of N-Day Vulnerabilities (lien direct) |
Une analyse de l'exploitation des vulnérabilités de Fortinet à la journée résolues par un acteur inconnu.
An analysis of the exploitation of resolved N-Day Fortinet vulnerabilities by an unknown actor. |
Vulnerability Patching | ★★ | |
|
2023-11-28 15:00:00 | GOTITAN BOTNET - Exploitation continue sur Apache ActiveMQ GoTitan Botnet - Ongoing Exploitation on Apache ActiveMQ (lien direct) |
FortiguardLabs découvre les exploits en cours ciblant le CVE-2023-46604, avec l'émergence d'un nouveau botnet Golang "Gotitan".Apprendre encore plus.
FortiGuardLabs uncovers the ongoing exploits targeting CVE-2023-46604, with the emergence of a new Golang botnet "GoTitan". Learn more. |
Vulnerability | ★★ | |
|
2023-09-05 20:24:00 | Nouvel agent Tesla Variant en cours de propagation par document Excel fabriqué New Agent Tesla Variant Being Spread by Crafted Excel Document (lien direct) |
Une analyse approfondie d'une campagne de phishing qui continue d'exploiter une vulnérabilité connue avec une nouvelle variante d'agent Tesla.Apprendre encore plus.
An in-depth analysis of a phishing campaign that continues to exploit a known vulnerability with a new Agent Tesla variant. Learn more. |
Vulnerability | ★★ | |
|
2023-08-30 15:00:00 | Plusieurs menaces ciblent les vulnérabilités d’Adobe ColdFusion Multiple Threats Target Adobe ColdFusion Vulnerabilities (lien direct) |
Une analyse détaillée de la manière dont un groupe de menaces continue d'exploiter la vulnérabilité d'Adobe ColdFusion par le biais d'attaques comprenant des sondages, l'établissement de shells inversés et le déploiement de logiciels malveillants pour des actions ultérieures.Apprendre encore plus.
A detailed analysis of how a threat group continues to exploit the Adobe ColdFusion vulnerability through attacks including probing, establishing reverse shells, and deploying malware for subsequent actions. Learn more. |
Malware Vulnerability Threat | ★★ | |
|
2023-07-24 08:10:00 | Fortiguard Labs découvre plusieurs vulnérabilités dans le service de file d'attente de messages Microsoft FortiGuard Labs Discovers Multiple Vulnerabilities in Microsoft Message Queuing Service (lien direct) |
Obtenez un aperçu des surfaces d'attaque du MSMQ, des approches adoptées pour relever les défis rencontrés lors du fuzzing et des détails supplémentaires sur les vulnérabilités.Apprendre encore plus.
Get an overview of the attack surfaces of MSMQ, the approaches taken to tackle the challenges encountered during fuzzing, and additional details of the vulnerabilities. Learn more. |
Vulnerability | ★ | |
|
2023-07-21 13:06:00 | Ransomware Roundup - CL0P (lien direct) | Découvrez les activités passées du CL0P Ransomware Group \\, y compris l'utilisation de la vulnérabilité de transfert Moveit aux organisations de compromis.
Learn about the Cl0p ransomware group\'s past activities including using the MOVEit Transfer vulnerability to compromise organizations. |
Ransomware Vulnerability | ★★ | |
|
2023-07-19 15:17:00 | Les botnets DDOS ciblent la vulnérabilité zyxel CVE-2023-28771 DDoS Botnets Target Zyxel Vulnerability CVE-2023-28771 (lien direct) |
Obtenez une explication détaillée de la charge utile livrée via CVE-2023-28771 et des botnets associés.Se pencher davantage.
Get a detailed explanation of the payload delivered through CVE-2023-28771 and associated botnets. Lean more. |
Vulnerability | ★★ | |
|
2023-07-13 07:42:00 | Fortiguard Labs découvre plusieurs vulnérabilités dans Adobe InDesign FortiGuard Labs Discovers Multiple Vulnerabilities in Adobe InDesign (lien direct) |
Fortiguard Labs jette quelques détails sur plusieurs vulnérabilités zéro-jours dans Adobe InDesign qui ont reçu une gravité critique ou importante.Apprendre encore plus.
FortiGuard Labs sheds some details on several zero-day vulnerabilities in Adobe InDesign that have been assigned a Critical or Important severity. Learn more. |
Vulnerability | ★★★ | |
|
2023-06-08 13:15:00 | Vulnérabilité critique de transfert Moveit (CVE-2023-34362) exploitée comme 0 jour MOVEit Transfer Critical Vulnerability (CVE-2023-34362) Exploited as a 0-day (lien direct) |
Plusieurs organisations auraient été affectées par une vulnérabilité de transfert de déplacement de 0 jours (CVE-2023-34362) conduisant au déploiement de la porte dérobée et au vol de données.En savoir plus.
Multiple organizations were believed to be affected by a 0-day MOVEit Transfer vulnerability (CVE-2023-34362) leading to backdoor deployment and data theft. Read more. |
Vulnerability | ★★ | |
|
2023-05-08 10:17:00 | AndoryUbot & # 8211;Une nouvelle campagne de botnet cible la vulnérabilité d'exécution du code à distance de l'administrateur sans fil de chahut (CVE-2023-25717) AndoryuBot – New Botnet Campaign Targets Ruckus Wireless Admin Remote Code Execution Vulnerability (CVE-2023-25717) (lien direct) |
Fortiguard Labs détaille comment un botnet unique exploite une vulnérabilité de chahut et examine son comportement une fois à l'intérieur d'un appareil infecté.Apprendre encore plus.
FortiGuard Labs details how a unique botnet leverages a Ruckus vulnerability and examines its behavior once inside an infected device. Learn more. |
Vulnerability | ★★★ | |
|
2023-04-12 12:27:00 | Exploration d'une récente vulnérabilité Microsoft Outlook: CVE-2023-23397 Exploring a Recent Microsoft Outlook Vulnerability: CVE-2023-23397 (lien direct) |
Fortiguard Labs met en évidence une élévation de la vulnérabilité des privilèges dans Microsoft Outlook qui peut être exploitée en envoyant un e-mail conçu à une version vulnérable du logiciel.En savoir plus.
FortiGuard Labs highlights an Elevation of Privilege Vulnerability in Microsoft Outlook that can be exploited by sending a crafted email to a vulnerable version of the software. Read more. |
Vulnerability | ★★ | |
|
2023-02-23 02:30:59 | Perspectives: FortiNAC and CVE-2022-39952 (lien direct) | Fortinet published a Critical Advisory (FG-IR-22-300 / CVE-2022-39952) for FortiNAC on February 16, 2023. This article adds perspective to that Advisory to provide customers with additional and accurate details. | Vulnerability | ★★★ | |
|
2022-10-20 20:23:00 | Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability (lien direct) | In April, VMware patched a vulnerability CVE-2022-22954, which causes server-side template injection. Read our blog to learn more about how malware is attempting to leverage the vulnerability and the behavior after exploitation in more detail. | Malware Vulnerability | ||
|
2022-09-30 10:02:00 | Microsoft Exchange 0-Day Vulnerability Updates (lien direct) | FortiGuard Labs is aware of reports that an unpatched Microsoft Exchange Remote Command Execution (RCE) vulnerability is being exploited in the wild. Learn what organizations need to know about these vulnerabilities. | Vulnerability | ||
|
2022-06-01 13:59:00 | (Déjà vu) CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE Vulnerability “Follina” (lien direct) | FortiGuard Labs researchers provide an analysis and assessment of CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE vulnerability “Follina.” Read to learn more about this critical vulnerability and how to take quick corrective action until Microsoft releases a patch.
|
Tool Vulnerability | ||
|
2022-04-29 00:00:00 | Using EPSS to Predict Threats and Secure Your Network (lien direct) | In our latest blog, FortiGuard Labs reviews valuable tools to help understand what threats organizations might face next including the Common Vulnerability Scoring System (CVSS) and the Exploit Prediction Scoring System (EPSS). We also recap some of the unique benefits of each for better vulnerability prioritization.
|
Vulnerability | ||
|
2022-02-15 00:00:00 | Analysis of Microsoft CVE-2022-21907 (lien direct) | Microsoft released a patch for CVE-2022-21907 as part of Microsoft's Patch Tuesday. In this blog, FortiGuard Labs researchers analyze the cause of the vulnerability and how attackers can exploit it.
|
Vulnerability | ||
|
2021-12-21 00:00:00 | Critical Apache Log4j (Log4Shell) Vulnerability Updates: What You Need to Know (lien direct) | FortiGuard Labs provides important updates about the Apache Log4j vulnerabilities, including details, campaigns associated with Log4j, and an alleged “wormable” Mirai malware variant. Read to learn more.
|
Malware Vulnerability | ||
|
2021-12-12 00:00:00 | CVE-2021-44228 - Apache Log4j Vulnerability (lien direct) | Read for an update from Fortinet about the Apache Log4j vulnerability and mitigating issues.
|
Vulnerability | ||
|
2021-12-08 00:00:00 | MANGA aka Dark Mirai-based Campaign Targets New TP-Link Router RCE Vulnerability (lien direct) | FortiGuard Labs encountered a malware sample that's currently being distributed in the wild targeting TP-link wireless routers. Learn more on MANGA aka Dark Mirai-based Campaign.
|
Malware Vulnerability | ||
|
2021-12-06 00:00:00 | Mirai-based Botnet - Moobot Targets Hikvision Vulnerability (lien direct) | FortiGuard Labs analyzes how an attacker can leverage CVE-2021-36260 to create targets for Moobot which is a DDoS botnet based on Mirai. In this blog we explain how an attacker delivers this payload along with details of the botnet.
|
Vulnerability | ||
|
2021-10-21 00:00:00 | Recent Attack Uses Vulnerability on Confluence Server (lien direct) | FortiGuard Labs analyzes attack payloads leveraging the Atlassian Confluence Server vulnerability, deep dives into the attack and provides IOCs to help determine if a network was affected by CVE-2021-26084. Read more.
|
Vulnerability | ||
|
2021-09-09 00:00:00 | Microsoft MSHTML Remote Code Execution Vulnerability Exploited in the Wild (CVE-2021-40444) (lien direct) | FortiGuard Labs takes a look into Microsoft MSHTML remote code execution vulnerability. Learn how the attack works and the Fortinet product protections in place to address this vulnerability.
|
Vulnerability | ||
|
2021-09-08 00:00:00 | Malicious Actor Discloses FortiGate SSL-VPN Credentials (lien direct) | Fortinet is aware that a malicious actor has disclosed SSL-VPN credentials to access FortiGate SSL-VPN devices. This incident is related to an old vulnerability resolved in May 2019. We continue to strongly recommend that customers implement the patch upgrade and password reset as soon as possible.
|
Vulnerability | ||
|
2021-07-20 00:00:00 | Fortinet Provides Immediate Patch Update and Mitigations for Critical FortiManager and FortiAnalyzer Vulnerability - CVE-2021-32589 (lien direct) | Fortinet has issued a patch and mitigations and is proactively communicating to customers, strongly urging them to immediately update their FortiManager and FortiAnalyzer products. Read more.
|
Vulnerability | ||
|
2021-07-01 00:00:00 | Fortinet Releases IPS Signature for Microsoft PrintNightmare Vulnerability (lien direct) | FortiGuard Labs provides initial information on a new vulnerability, known as Microsoft PrintNightmare. Learn how the FortiGuard Labs IPS team has developed a signature to mitigate against proof-of-concept code currently in the wild.
|
Vulnerability | ||
|
2021-04-03 00:00:00 | Patch and Vulnerability Management (lien direct) | At Fortinet, we are on a constant journey with our customers to best protect and secure their organizations. Read to learn more about the importance of patching and vulnerability management.
|
Vulnerability Patching |
1
We have: 39 articles.
We have: 39 articles.
To see everything:
Our RSS (filtrered)
