FortiSOAR Discussions
Anonymous
Not applicable

Responding to Recent Outbreaks with FortiSOAR

Recent cybersecurity threats demand a comprehensive and proactive response, and FortiSOAR stands at the forefront by integrating with dedicated solution packs. Here's a detailed overview:

Lazarus RAT Attack (CVE-2021-44228):

  • Lazarus Group targets manufacturing, agriculture, and security firms leveraging the Log4j vulnerability.
  • DLang-based RATs exploit Log4j, establishing a Command and Control channel for malicious activities.
  • Solution Pack Reference Link: FortiSOAR - Lazarus RAT Attack

JetBrains TeamCity Authentication Bypass (CVE-2023-42793):

  • Critical vulnerability in JetBrains TeamCity exposes CI/CD servers to unauthenticated remote code execution.
  • Threat actors can compromise source code, service secrets, and gain control over build agents.
  • Solution Pack Reference Link: FortiSOAR - JetBrains TeamCity Authentication Bypass

Microsoft SharePoint Server Elevation of Privilege (CVE-2023-29357):

Ivanti Connect Secure and Policy Secure Attack:

  • Ivanti Connect Secure is an SSL VPN solution enabling secure remote access to corporate resources.
  • Widespread exploitation of two zero-day vulnerabilities affecting Ivanti Connect Secure (ICS) and Policy Secure gateways is underway.
  • Solution Pack Reference Link: FortiSOAR - Ivanti Connect Secure and Policy Secure Attack

For an in-depth overview of the FortiSOAR Outbreak Response Framework, visit FortiSOAR - Outbreak Response Framework Overview.

2 REPLIES 2
Anonymous
Not applicable

This thread will serve as a platform to showcase recent outbreak updates since our last communication.
Here, we present two newly released versions from FortiSOAR.

  1. Adobe ColdFusion Security Alert:

    • FortiGuard Labs detected critical exploitation attempts on Adobe ColdFusion, targeting vulnerabilities like CVE-2023-38203.
    • Users are urged to apply Adobe's security updates and patches promptly to mitigate risks.
    • For detailed information and solution pack, visit here.
  2. Androxgh0st Malware Outbreak:

    • Androxgh0st malware exploits vulnerabilities in PHPUnit, Laravel Framework, and Apache Web Server for information gathering attacks.
    • FortiGuard Labs actively blocks Androxgh0st on over 40,000 FortiGate devices daily.
    • A joint advisory by the FBI and CISA provides insights and protection measures against Androxgh0st. For details, see here.

For an in-depth overview of the FortiSOAR Outbreak Response Framework, visit FortiSOAR - Outbreak Response Framework Overview.

Anonymous
Not applicable

This thread will serve as a platform to showcase recent outbreak updates since our last communication.

  1. Outbreak Response - Nice Linear eMerge Command Injection Vulnerability

  2. Outbreak Response - Sunhillo SureLine Command Injection Attack

  3. Outbreak Response - PAN-OS GlobalProtect Command Injection Vulnerability

These solutions, integrated with the Outbreak Response Framework, enable efficient threat hunts and the investigation of potential Indicators of Compromise (IOCs) across supported operational environments such as FortiSIEM, FortiAnalyzer, QRadar, Splunk, and Azure Log Analytics. FortiSOAR's proactive measures aim to mitigate vulnerabilities and enhance overall security posture.

 

For an in-depth overview of the FortiSOAR Outbreak Response Framework, visit FortiSOAR - Outbreak Response Framework Overview.