Cyber Threat Report: 'Holding down the Fortinet vulnerability'

This report from Red Canary outlines activity they have observed related to the exploitation of CVE-2023-48788 in FortiClient enterprise management servers (FortiClient EMS). According to the report, adversaries have been observed exploiting the vulnerability to install unauthorised RMM (remote management and monitoring) tools and PowerShell backdoors. The report includes technical details of adversary behaviour and recommendations for protection (patching) and detection.