Results for exploit

Industry Trends

Nine Top Priority Cybersecurity Threats Active in the Education Sector Today – and Why Everyone Should Care

Educational institution networks continue to be a favorite playground for cybercriminals. Because of the age and interests of the majority of educational users, these networks tend to incorporate cutting edge technologies and strategies.

By Anthony GiandomenicoJanuary 31, 2018

Threat Research

Meltdown/Spectre Update

In addition to establishing an aggressive and proactive patch-and-replace protocol, it is essential that organizations have layers of security in place designed to detect malicious activity and malware, and to protect vulnerable systems.

By FortiGuard SE TeamJanuary 30, 2018

Threat Research

Rehashed RAT Used in APT Campaign Against Vietnamese Organizations

Early last week, FortiGuard Labs came across several malicious documents that exploit the vulnerability CVE-2012-0158. To evade suspicion from the victim, these RTF files drop decoy documents containing politically themed texts about a variety of Vietnamese government-related information.

By Jasper Manuel, Artem SemenchenkoSeptember 05, 2017

Threat Research | Industry Trends

We Have Seen the Enemy, and It Is Us

Fortinet just released its Global Threat Landscape Report for Q2. Much of the data it provides is just what you’d expect. For example, FortiGuard Labs detected 184 billion total exploit attempts in Q2 from 6,300 unique and active exploits. Not only is this is an increase of 30% over Q1, with the growth of IoT and Shadownet resources we expect these numbers to continue to rise dramatically. In addition, 7 in 10 organizations experienced high or critical exploits during the quarter. By any measure, these are alarming numbers. 

By Derek MankyAugust 23, 2017

Threat Research

WINS Server Remote Memory Corruption Vulnerability in Microsoft Windows Server

Summary In December 2016, FortiGuard Labs discovered and reported a WINS Server remote memory corruption vulnerability in Microsoft Windows Server. In June of 2017, Microsoft replied to FortiGuard Labs, saying, "a fix would require a complete overhaul of the code to be considered comprehensive. The functionality provided by WINS was replaced by DNS and Microsoft has advised customers to migrate away from it." That is, Microsoft will not be patching this vulnerability due to the amount of work that would be required. Instead, Microsoft...

By Honggang RenJune 14, 2017

Threat Research

Deep Analysis of Esteemaudit

A Windows 2003 RDP Zero Day Exploit In this blog, the FortiGuard team takes a look at Esteemaudit, which is an exploit that was included in the set of cybertools leaked by the hacker group known as "Shadow Brokers." They claim that they collected this set of cybertools from the compromised data of "Equation Group," a threat actor alleged to be tied to the United States National Security Agency (NSA). Esteemaudit is a Remote Desktop Protocol (RDP) exploit that targets Microsoft Windows Server 2003 / Windows XP. The vulnerability...

By Dehui YinMay 11, 2017

Threat Research

What's cooking? Dridex’s New and Undiscovered Recipes

Because of the recent outbreak of the Locky ransomware, Dridex has become synonymous with the distribution of ransomware more generally. However, Dridex is still taking good care of its notorious original business– banking Trojans. While preparing the materials for my upcoming HITBAMS2016 talk on Kernel Exploit hunting and mitigation, I came across this new variant of Dridex (SHA1: 455817A04F9D0A7094038D006518C85BE3892C99), which is rather interesting. The Master of Antivirus Killers Based on some simple string checks, we assumed...

By Wayne Chin Yick LowMarch 23, 2016

Industry Trends

Java Browser Plugin is Dead, Long Live HTML5!

A few days ago, Oracle announced on their blog that they plan to kill the Java browser plugin in their next major version of JDK, scheduled for release in Q1 2017. What does this mean? Should we worry about our browsing experience? This really just means that it won’t be possible to run Java applets in the browser anymore. The infamous “applet” is a technology that was developed by Sun Microsystems in the 90’s and went on to be acquired by Oracle. This technology was still popular in many exploit kits over the...

By David MaciejakFebruary 05, 2016

Industry Trends

A Quick Look at a Recent RIG Exploit Kit Sample

RIG Exploit Kit was upgraded to v3.0 a while back. While RIG EK was never as active as other exploit kits such as Angler or Nuclear, it is one of the more 'stable' EKs in terms of its near constant presence on the Internet. We will talk about a recent RIG EK sample. Here is the landing page information captured by our automated system in FortiGuard Labs. Type Exploit Kit Name RIG.Exploit.Kit Attack ID 52114 Referrer...

By Tim LauSeptember 30, 2015

Threat Research

CryptoGirl on StageFright: A Detailed Explanation

Update Aug 28, 2015: Typos in the final table: CVE-2015-3864 does not concern covr but tx3g. CVE-2015-3828 does not occur for yrrc. Detecting the PoCs published by Zimperium is not difficult: you can fingerprint the PoCs, for example. Detecting variants of the PoCs, i.e., MP4s that use one of the discovered vulnerabilities, is far more difficult. I'll explain why in a moment. First, apart from here (in Chinese), there hasn't been so much in the way of technical details. Getting into the guts of StageFright...

By Axelle ApvrilleAugust 25, 2015