Back to BlogSecurity Detection Update – 2024-3-26
Welcome to our weekly security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we’ve made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we’ll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you’re lucky.
Introduction and Overview
Ya know, sometimes detections just don’t work out. The IDE team strives to give you high-fidelity detections that lead to actionable data. As our processes mature, so does our testing, automation, and knowledge. Sometimes the parsing or logs aren’t just right, the false positives are too high, or we want to spend a little extra time getting the analysis and workflows right. I’m sure you’ve been there before, too, but with every ticket closed we get a little bit better.
So even though we don’t have a list of shiny new detections to give you this week, we’ll be back again next week trying just as hard, but with a little more experience and learnings to help us all out.
IDE Content
Of course we’re going to sneak some of our other content into detection updates!
CVE-2023-48788 – FortiClientEMS Pervasive SQL injection in DAS component
Fortinet disclosed a critical vulnerability (FG-IR-24-007) on March 12, 2024, which has been identified in the FortiClient Enterprise Management Server (FortiClientEMS). FortiClientEMS is a product designed for centralized management of endpoints within an organization’s network, offering a broad suite of security and management features. This is an SQL injection flaw that could allow an unauthenticated, remote attacker to execute arbitrary code through specially crafted requests.