Results for api

Threat Research

A Look into XPC Internals: Reverse Engineering the XPC Objects

We have recently been engaged in deep security research on macOS for FortiGuard Labs focused on the discovery and analysis of IPC vulnerabilities. In this blog, we uncover the XPC internals data types to help researchers not only quickly analyze the root causes of XPC vulnerabilities, but to also assist with deep analysis of exploits targeted at those vulnerabilities.

By Kai LuDecember 14, 2018

Threat Research

Deep Analysis of a Driver-Based MITM Malware: iTranslator

The FortiGuard Labs research team recently captured a malware sample, an EXE file, which was signed by an invalid certificate. Once a victim opens the exe file, it installs two drivers to control the victim’s Windows system as well as monitors the Internet activities of the victim’s Web browser.

By Xiaopeng ZhangSeptember 21, 2018

Partners

Fortinet Welcomes 11 Leading Technology Partners to its Fabric-Ready Partner Ecosystem

We live in exciting times. Digital Transformation (DX) is the integration of digital technology into all areas of the business. This is resulting in fundamental changes both to how businesses operate and how they deliver value to their customers. Organizations are looking to expand their market, and digital transformation is one of the key strategies they are utilizing to achieve growth as well as associated business objectives.

By Neil PrasadFebruary 28, 2018

Prevalent Threats Targeting Cuckoo Sandbox Detection and Our Mitigation

In this blog post, we will discuss the history of sandbox detection. We will then unveil the malware families that KTIS has observed from spear-phishing emails that attempt to bypass the user-mode API hook in order to evade sandbox detection. And finally, we will share the mitigation method we use to harden the Cuckoo sandbox against this bypass technique.

By Floser Bacurio and Wayne LowJanuary 03, 2018

Threat Research

PowerDNS Recursor HTML/Script Injection Vulnerability – A Walkthrough

PowerDNS Recursor is a high-end, high-performance resolving name server that powers the DNS resolution of at least a hundred million subscribers. The “Recursor” is one of two name server products whose primary goal is to act as resolving DNS server. On Aug. 7, 2017, I reported an XSS (cross-site scripting) vulnerability to PowerDNS and its Security Team. They assigned it the identifier CVE-2017-15092. In this report I will explain how I was able to identify and trigger the vulnerability.

By Chris NavarreteDecember 02, 2017

Threat Research

CVE-2017-11826 Exploited in the Wild with Politically Themed RTF Document

Recently, FortiGuard Labs found an interesting malware campaign using the recently documented vulnerability CVE-2017-11826 that was patched by Microsoft in October of this year. A detailed analysis of this exploit is also included in this article.

Business and Technology | Partners

Q&A: Defining a Holistic Strategy for Customers

Fortinet’s John Maddison offers some perspective following our Security Fabric and Fabric Ready announcements earlier this year. Can you talk about why “open” is such a critical element of our GTM selling strategy? An “open” strategy demonstrates the maturity of a vendor in their evolution towards developing a complete ecosystem of partnerships. This...

By John WeltonNovember 28, 2016

Industry Trends

Fortinet Fabric Ready Program- More Open than Ever

On September 26th, Fortinet announced our new Fortinet Fabric Ready Program, which delivers on the “Open” attribute of the Fortinet Security Fabric by providing threat intelligence visibility across multi-vendor cybersecurity solutions. Cross-product  coordination (regardless of vendor) is a critical capability for today’s enterprises, as it is rare for an organization to completely source all IT security components from a single vendor across the entirety of their network and covering all attack vectors.  Leaving...

By David FingerOctober 18, 2016