Detailed Analysis of macOS Vulnerability CVE-2019-8507
On March 25, 2019, Apple released macOS Mojave 10.14.4 and iOS 12.2. These two updates fixed a number of security vulnerabilities, including CVE-2019-8507 in QuartzCore (aka CoreAnimation), which was reported to Apple on January 3, 2019 using our FortiGuard Labs responsible disclosure process. Find out more in this detailed analysis of the macOS vulnerability CVE-2019-8507.
Securing the New Network Edge
A single, holistic security strategy comprised of interconnected solutions provides a comprehensive approach that is not only manageable and cost effective, but also fluid enough to adapt as networks undergo constant change.
Predator the Thief: New Routes of Delivery
FortiGuard Labs discovered a running campaign against Russian-speakers using a new version of “Predator the Thief” stealer malware. The same actor was using one set of dummy files to deliver the stealer via different forms of phishing, including Zipped files, fake documents, fake pdfs, and the WinRAR exploit described in CVE-2018-20250.
Preparing for the Cy-Phy Future
We are entering the era of Cy-Phy — the convergence of cyber space with a plethora of devices and data in our physical spaces. Organizations need to start preparing today by developing security strategies designed around the principles of speed, integration, adaptability, and automation.
Silence Group Playbook
Silence Group is a cybercriminal organization that targets banks, specifically stealing information used in the payment card industry. The aim of this playbook is to provide first responders with relevant, up-to-date analysis, samples, and indicators of compromise which should help security professionals better protect their infrastructures.
Looking Into Anatova Ransomware
Anatova is a fairly new ransomware. It avoids infecting computers that are used in analysis and research labs. It systematically avoids infecting files and folders that are important to the stability of the computer system it is infecting.
LockerGoga: Ransomware Targeting Critical Infrastructure
LockerGoga is not at all exceptional in terms of sophistication, especially when compared to other ransomware families. However, it has a unique way of iterating through the files of the victim.
Patch Your Adobe Shockwave Player: Fortinet Discovers Seven Zero-Day Remote Code Execution Vulnerabilities
Adobe released security bulletin APSB19-20, which patches seven Adobe Shockwave Player vulnerabilities. All of them were discovered by FortiGuard Labs researcher Honggang Ren and reported to Adobe by following Fortinet’s responsible disclosure process.
Celebrating Our Partner of the Year Winners at Accelerate 2019
Fortinet recognized a few of our most dedicated partners of 2018 at this year’s Accelerate conference.
Patch Your Microsoft Windows and Office: Fortinet Discovers Three Zero-Day Remote Code Execution Vulnerabilities
On the April 9, 2019 Patch Tuesday, Microsoft released patches for several vulnerabilities in Windows and Office. Three of them were discovered and reported by FortiGuard Labs researcher Honggang Ren by following Fortinet’s responsible disclosure process.
