We have recently been engaged in deep security research on macOS for FortiGuard Labs focused on the discovery and analysis of IPC vulnerabilities. In this blog, we uncover the XPC internals data types to help researchers not only quickly analyze the root causes of XPC vulnerabilities, but to also assist with deep analysis of exploits targeted at those vulnerabilities.
The FortiGuard Labs research team recently captured a malware sample, an EXE file, which was signed by an invalid certificate. Once a victim opens the exe file, it installs two drivers to control the victim’s Windows system as well as monitors the Internet activities of the victim’s Web browser.
We live in exciting times. Digital Transformation (DX) is the integration of digital technology into all areas of the business. This is resulting in fundamental changes both to how businesses operate and how they deliver value to their customers. Organizations are looking to expand their market, and digital transformation is one of the key strategies they are utilizing to achieve growth as well as associated business objectives.
In this blog post, we will discuss the history of sandbox detection. We will then unveil the malware families that KTIS has observed from spear-phishing emails that attempt to bypass the user-mode API hook in order to evade sandbox detection. And finally, we will share the mitigation method we use to harden the Cuckoo sandbox against this bypass technique.
PowerDNS Recursor is a high-end, high-performance resolving name server that powers the DNS resolution of at least a hundred million subscribers. The “Recursor” is one of two name server products whose primary goal is to act as resolving DNS server. On Aug. 7, 2017, I reported an XSS (cross-site scripting) vulnerability to PowerDNS and its Security Team. They assigned it the identifier CVE-2017-15092. In this report I will explain how I was able to identify and trigger the vulnerability.
Recently, FortiGuard Labs found an interesting malware campaign using the recently documented vulnerability CVE-2017-11826 that was patched by Microsoft in October of this year. A detailed analysis of this exploit is also included in this article.
Fortinet’s John Maddison offers some perspective following our Security Fabric and Fabric Ready announcements earlier this year. Can you talk about why “open” is such a critical element of our GTM selling strategy? An “open” strategy demonstrates the maturity of a vendor in their evolution towards developing a complete ecosystem of partnerships. This...
On September 26th, Fortinet announced our new Fortinet Fabric Ready Program, which delivers on the “Open” attribute of the Fortinet Security Fabric by providing threat intelligence visibility across multi-vendor cybersecurity solutions. Cross-product coordination (regardless of vendor) is a critical capability for today’s enterprises, as it is rare for an organization to completely source all IT security components from a single vendor across the entirety of their network and covering all attack vectors. Leaving...