Results for David Maciejak

Threat Research

Yet Another Crypto Mining Botnet?

In February 2018, several Russian nuclear scientists were arrested for allegedly mining cryptocurrencies using computing resources located at a Russian nuclear warhead facility. Globally, cryptominers are rapidly increasing and spreading for an obvious reason: it’s lucrative.

By David MaciejakMay 03, 2018

FortiGuard Labs Discovers Vulnerability in Asus Router

Over the last few weeks, ASUS released a series of patches aimed at addressing a number of vulnerabilities discovered in their RT routers running AsusWRT firmware. The models listed at the end of this post are known to be vulnerable. If you are not sure which model or firmware you are using, I recommend double-checking the ASUS support website to get the latest information and updates.

By David MaciejakJanuary 30, 2018

Threat Research

Rise of One More Mirai Worm Variant

Not long after a new strain of the Akuma malware was discovered targeting ZyXEL devices with a new series of login/password attacks, FortiGuard Labs last week also began detecting strange scanning activities on uncommon TCP ports 52869 and 37215. We and other threat research teams quickly began to suspect that these were tied together, and that there was a new botnet out there.

By David MaciejakDecember 12, 2017

Threat Research

Cryptojacking: Digging for your own Treasure

Do you ever feel the Internet is especially slow these days? Or do you ever wonder if maybe it’s just your computer that’s getting slower? Don’t rush to the IT shop to buy a new computer yet … you may have been a victim of a new trick used by malevolent hackers called browser “cryptojacking.” What is cryptojacking? It’s a trick used to mine cryptocurrencies on your computer using your CPU resources in the background without your knowledge. All that a cybercriminal has to do is load a script...

By David MaciejakOctober 19, 2017

Threat Research

WebAssembly 101: Bringing Bytecode to the Web

FortiGuard Labs has put together answers to some of the most frequently asked questions you may have about the new emerging technology called WebAssembly (WA). What is WebAssembly? WebAssembly is a low-level, portable, binary format for the web that aims to speed up web apps. It is designed to parse faster (up to 20X), and execute faster than JavaScript (JS). When was it announced? The WebAssembly Community Group was created in April 2015, with the mission of “promoting early-stage cross-browser collaboration on a new, portable,...

By David MaciejakApril 13, 2017

Threat Research

Next Gen Lock: the Good, the Bad, and the Smart, Part II: Fortinet Analysis

Part II: Fortinet Analysis Developing our own opinion In part one of this two-part series, I provided an overview of smart lock technology and some of its vulnerabilities and risks. We also decided to ‘try our luck’ with the security of these solutions in the Fortinet FortiGuard Lab, so we ordered some random brand smart locks for testing. Two of our main vulnerability researchers, Tony Loi and Tien Phan, were able to do some in-depth analysis these last few weeks. Not only were they able to confirm the attacks demonstrated by...

By David MaciejakOctober 07, 2016

Threat Research

Next Gen Lock: the Good, the Bad, and the Smart, Part I: The Problem

Part I: The Problem About 4000 years ago, as we began the development of our modern way of life, people started to also want their own privacy and the ability to safeguard their possessions. The lock and key concept was created at that time. The first were made with hardwoods, then metals. Some were amazingly intricate. But eventually, they evolved to become the latest iteration of that ancient concept, something we have seen developing over the last few years: the smart lock. The key has been replaced by your smartphone or smartwatch, but the...

By David MaciejakOctober 06, 2016

Threat Research

Black Hat US 2016 Wraps Up

Black Hat US 2016 Wraps Up     Once again, Black Hat US 2016 was held in Las Vegas in the huge Mandalay Bay resort conference center. This is the biggest Black Hat event of the year, and for sure the largest computer security conference as well. In fact, this year it broke its attendance record as its largest USA show in Black Hat’s 19-year history. To give you a better picture, we are talking about more than 15,000 of the most security savvy professionals gathering from all over the world. I spent some time wandering...

By David MaciejakAugust 16, 2016

Threat Research

Ransomware – From Fins to Wings

The FBI recently published a report claiming that ransomware victims paid out over US$209 million just in the first quarter of 2016, compared to US$24 million for all of 2015. Ransomware has very quickly become the most fashionable malware on the market, flooding the threat landscape in ways never seen before. We are seeing new strains of ransomware almost every single day. What is Ransomware? Ransomware is malware that locks access or functionality on your computer and then demands payment in exchange for restoring normal operations...

By David MaciejakJune 24, 2016

Industry Trends

Annual FiRST Conference Wrap-up

The 28th FiRST security event was held in “the land of morning calm’s” capital, Seoul this past June 12-17, 2016. This is the yearly conference for all CERT and CSIRT teams to gather to share ideas and feedback of their work. This year the FiRST event again successfully brought together the best speakers to discuss such issues as threat actor hunting, threat intelligence sharing, and incident response. While we can’t review all of the talks here, we will go over some that the Fortinet team in attendance found to be...

By David MaciejakJune 23, 2016