Results for

Threat Research

Incomplete Patch: Another Joomla! Core XSS Vulnerability Is Discovered

A new vulnerability affects Joomla! CMS versions 3.0.0 through 3.8.7. In this blog, I’ll share my analysis of this vulnerability.

By Zhouyuan YangMay 25, 2018

Threat Research

Shinoa, Owari, Mirai: What's with All the Anime References?

In September 2016, the Mirai source code was leaked on Hack Forums. Ever since, there has been an explosion of malware targeting IoT devices, each bearing the name of a protagonist found in Japanese anime. FortiGuard Labs has been tracking these IoT botnets in order to provide the best possible protection for our customers.

By Minh TranMay 25, 2018

Business and Technology

Closing the Sandbox Generation Gap

Changing times call for evolved security. 7 reasons why next-generation sandboxing is a requisite.

By Damien LimMay 24, 2018

Threat Research

Defending Against the New VPNFilter Botnet

A newly reported botnet named VPNFilter targets SCADA/ICS environments by monitoring MODBUS SCADA protocols and exfiltrating website credentials.

By FortiGuard SE TeamMay 23, 2018

Threat Research

I’ve Got Trickbot Under My Screen

FortiGuard Labs spotted yet another new module being distributed by the very active Trickbot banking malware using a technique called “Hidden VNC” (virtual network computer) to stealthily take control of a victim’s machine.

Threat Research

Buffer Overflow Attack Targeting Microsoft IIS 6.0 Returns

FortiGuard Labs has been documenting a spike in new attacks targeting a buffer overflow vulnerability in the WebDAV service in Microsoft IIS 6.0, peaking on Apr 13, 2018 when we logged over 4 million triggers.

By Bing LiuMay 23, 2018

Business and Technology

Fortinet Fabric Connectors: Enabling Deep Fabric Integration With Third Party Solutions

New Fabric Connectors tie traditionally disparate security solutions into a single, integrated system to automate security workflows, tighten SOC environments, correlate threat feeds, and seamlessly enforce consistent security across the distributed security infrastructure, including multi-cloud environments.

By Rajoo NagarMay 22, 2018

Business and Technology

Realizing the Full Potential of Secure SD-WAN

The decision to deploy an SD-WAN may be straightforward, extracting the full range of benefits requires an in-depth evaluation of a variety of other supporting components. If ignored, it is all too easy for the enticements of speed and agility to overshadow some of the more fundamental needs of a corporate environment, such as security.

By John MaddisonMay 21, 2018

Threat Research

An Analysis of Microsoft Edge Chakra NewScObjectNoCtor Array Type Confusion (CVE-2018-0838)

CVE-2018-0838 is one of the ‘type confusion’ bugs in the Microsoft Edge Chakra Engine that was fixed by Microsoft three months ago. This bug causes memory corruption and can possibly be exploited to execute arbitrary code when a vulnerable system browses a malicious web page via Microsoft Edge.

By Dehui YinMay 18, 2018

Threat Research

A Wicked Family of Bots

As we continue to keep track of the latest IoT botnets, the FortiGuard Labs team has seen an increasing number of Mirai variants, thanks to the source code being made public two years ago. Since then, threat actors have been adding their own flavours to the original recipe.