Results for vulnerability

Threat Research

Searching for the Reuse of Mirai Code: Hide ‘N Seek Bot

At FortiGuard Labs we were interested in searching out other malware that leverages Mirai code modules. Interestingly, one of the families that showed up in our search was the Hide ‘N Seek (HNS) bot, which was discovered in January of 2018. HNS is a complex botnet that uses P2P to communicate with peers/other infected devices to receive commands. In this article, I will discuss how the Mirai bot code was used in this HNS bot.

By Jasper ManuelApril 16, 2018

Threat Research

Microsoft Windows JET Database Engine Heap Overflow Vulnerability

At the end of 2017, the FortiGuard Labs team discovered a heap overflow vulnerability in Microsoft Windows JET Database Engine and reported it to Microsoft following Fortinet’s responsible disclosure process. On April 10, 2018, Microsoft released an advisory that contains the fix for this vulnerability and identifies it as CVE-2018-1003.

By Honggang RenApril 11, 2018

Threat Research

Third Time Is a Charm: Patch Redux

In a previous blog post, the FortiGuard Labs team analyzed the implementation of Spectre and detailed the technical implementation of Kernel Virtual Address Shadow (KVAS), which is a key feature used to block the Meltdown attack. We decided to perform a deep dive analysis of the new patch (particularly the patch for x86) and share the results in this blog post.

By Minh TranApril 06, 2018

Threat Research

A root cause analysis of CVE-2018-0797 - Rich Text Format Stylesheet Use-After-Free vulnerability

Over the last few months, the Microsoft Security Response Centre (MSRC) has released a number of Windows updates to fix multiple Use-After-Free (UAF) vulnerabilities discovered by FortiGuard Labs. As stated in our previous blog post, we will provide a technical write-up for one of the UAF issues that was rated as critical by MSRC. The issue is assigned to CVE-2018-0797. In this blog post we will share our methodologies in identifying the root cause of the issue, as well as an analysis of the mitigation deployed by Microsoft to address the UAF vulnerability.

By Wayne Chin Yick LowApril 01, 2018

Threat Research

FortiGuard Labs Discovers Vulnerability in D-Link Router DIR868L

In August of 2017, FortiGuard Labs discovered a pre-authenticated remote code execution vulnerability on D-Link router DIR868L. This vulnerability is specific to a local ISP’s customized firmware.

By Tony LoiMarch 30, 2018

Industry Trends

Nine Top Priority Cybersecurity Threats Active in the Education Sector Today – and Why Everyone Should Care

Educational institution networks continue to be a favorite playground for cybercriminals. Because of the age and interests of the majority of educational users, these networks tend to incorporate cutting edge technologies and strategies.

By Anthony GiandomenicoJanuary 31, 2018

FortiGuard Labs Discovers Vulnerability in Asus Router

Over the last few weeks, ASUS released a series of patches aimed at addressing a number of vulnerabilities discovered in their RT routers running AsusWRT firmware. The models listed at the end of this post are known to be vulnerable. If you are not sure which model or firmware you are using, I recommend double-checking the ASUS support website to get the latest information and updates.

By David MaciejakJanuary 30, 2018

Into the Implementation of Spectre

In this blog post, we will get into the details of the implementation of Spectre, the exploit that targets the vulnerbilities found in CPUs built by AMD, ARM, and Intel. We assume you are familiar with the concept of the attack, and you can inspect the Proof of Concept source code provided in the Appendix of the paper linked above. You might also find it easier to read this blog post with the source code side by side.

By Axelle ApvrilleJanuary 17, 2018

Threat Research

Incomplete Patch: More Joomla! Core XSS Vulnerabilities Are Found

Joomla! is one of the world's most popular content management systems (CMS). It enables users to build Web sites and powerful online applications. More than 3 percent of Web sites are running Joomla!, and it accounts for more than 9 percent of CMS market share. As of July 2017, Joomla! has been downloaded over 82 million times. Over 7,800 free and commercial extensions are available from the official Joomla! Extension Directory, and more are available from other sources. In my last blog, I discovered 2 Cross-Site Scripting (XSS) vulnerabilities...

By Zhouyuan YangJuly 12, 2017

Threat Research

In-Depth Analysis of A New Variant of .NET Malware AgentTesla

FortiGuard Labs recently captured some malware which was developed with the Microsoft .Net framework. I analyzed one of them, and in this blog, I’m going to show you how it is able to steal information from a victim’s machine. The malware was spread via a Microsoft Word document that contained an auto-executable malicious VBA Macro. Figure 1 below shows how it looks when it’s opened. Figure 1. When the malicious Word document is opened What the VBA code does Once you click the “Enable Content”...

By Xiaopeng ZhangJune 28, 2017