Threat Research

Detailed Analysis of macOS Vulnerability CVE-2019-8507

On March 25, 2019, Apple released macOS Mojave 10.14.4 and iOS 12.2. These two updates fixed a number of security vulnerabilities, including CVE-2019-8507 in QuartzCore (aka CoreAnimation), which was reported to Apple on January 3, 2019 using our FortiGuard Labs responsible disclosure process. Find out more in this detailed analysis of the macOS vulnerability CVE-2019-8507.

By Kai LuApril 23, 2019

Industry Trends

Securing the New Network Edge

A single, holistic security strategy comprised of interconnected solutions provides a comprehensive approach that is not only manageable and cost effective, but also fluid enough to adapt as networks undergo constant change.

By FortinetApril 18, 2019

Threat Research

Predator the Thief: New Routes of Delivery

FortiGuard Labs discovered a running campaign against Russian-speakers using a new version of “Predator the Thief” stealer malware. The same actor was using one set of dummy files to deliver the stealer via different forms of phishing, including Zipped files, fake documents, fake pdfs, and the WinRAR exploit described in CVE-2018-20250.

Business and Technology

Preparing for the Cy-Phy Future

We are entering the era of Cy-Phy — the convergence of cyber space with a plethora of devices and data in our physical spaces. Organizations need to start preparing today by developing security strategies designed around the principles of speed, integration, adaptability, and automation.

By FortinetApril 18, 2019

Threat Research

Silence Group Playbook

Silence Group is a cybercriminal organization that targets banks, specifically stealing information used in the payment card industry. The aim of this playbook is to provide first responders with relevant, up-to-date analysis, samples, and indicators of compromise which should help security professionals better protect their infrastructures.

By FortiGuard SE TeamApril 15, 2019

Threat Research

Looking Into Anatova Ransomware

Anatova is a fairly new ransomware. It avoids infecting computers that are used in analysis and research labs. It systematically avoids infecting files and folders that are important to the stability of the computer system it is infecting.

By Raul AlvarezApril 11, 2019

Threat Research

LockerGoga: Ransomware Targeting Critical Infrastructure

LockerGoga is not at all exceptional in terms of sophistication, especially when compared to other ransomware families. However, it has a unique way of iterating through the files of the victim.

Threat Research

Patch Your Adobe Shockwave Player: Fortinet Discovers Seven Zero-Day Remote Code Execution Vulnerabilities

Adobe released security bulletin APSB19-20, which patches seven Adobe Shockwave Player vulnerabilities. All of them were discovered by FortiGuard Labs researcher Honggang Ren and reported to Adobe by following Fortinet’s responsible disclosure process.

By Honggang RenApril 11, 2019

Partners

Celebrating Our Partner of the Year Winners at Accelerate 2019

Fortinet recognized a few of our most dedicated partners of 2018 at this year’s Accelerate conference.

By FortinetApril 11, 2019

Threat Research

Patch Your Microsoft Windows and Office: Fortinet Discovers Three Zero-Day Remote Code Execution Vulnerabilities

On the April 9, 2019 Patch Tuesday, Microsoft released patches for several vulnerabilities in Windows and Office. Three of them were discovered and reported by FortiGuard Labs researcher Honggang Ren by following Fortinet’s responsible disclosure process.

By Honggang Ren April 10, 2019