Rewterz Threat Alert – Latest Update Regarding JSOutProx Malware and Its Impact on Financial Institutions – Active IOCs

October 6, 2023

Rewterz Threat Alert -Tofsee Malware – Active IOCs

October 9, 2023

Rewterz Threat Advisory – CVE-2023-25606 – Fortinet FortiAnalyzer and FortiManager Vulnerability

October 9, 2023

Severity

Medium

Analysis Summary

CVE-2023-25606

Fortinet FortiAnalyzer and FortiManager could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.

Impact

Information Theft

Indicators Of Compromise

CVE

CVE-2023-25606

Affected Vendors

Fortinet

Affected Products

Fortinet FortiManager 7.0.0
Fortinet FortiAnalyzer 7.0.0
Fortinet FortiManager 6.4.0
Fortinet FortiAnalyzer 7.2.0

Remediation

Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.

FortiGuard Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Group aka Rattlesnake – Active IOCs

Microsoft Bookings Vulnerability Allowed Attackers to Modify Meeting Details

ClickFix Scheme Used by Russian Hackers to Deploy Espionage Malware – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Latest Update Regarding JSOutProx Malware and Its Impact on Financial Institutions – Active IOCs

Rewterz Threat Alert -Tofsee Malware – Active IOCs

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.