Silence Group is a cybercriminal organization that targets banks, specifically stealing information used in the payment card industry. The aim of this playbook is to provide first responders with relevant, up-to-date analysis, samples, and indicators of compromise which should help security professionals better protect their infrastructures.
LockerGoga is not at all exceptional in terms of sophistication, especially when compared to other ransomware families. However, it has a unique way of iterating through the files of the victim.
Adobe released security bulletin APSB19-20, which patches seven Adobe Shockwave Player vulnerabilities. All of them were discovered by FortiGuard Labs researcher Honggang Ren and reported to Adobe by following Fortinet’s responsible disclosure process.
Learn about key threat findings from Fortinet's Q4 2018 Threat Landscape Report and what they mean for security teams today.
We have recently been engaged in deep security research on macOS for FortiGuard Labs focused on the discovery and analysis of IPC vulnerabilities. In this blog, we uncover the XPC internals data types to help researchers not only quickly analyze the root causes of XPC vulnerabilities, but to also assist with deep analysis of exploits targeted at those vulnerabilities.
FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS.
More and more Smart TVs are connected to the Internet than ever before, with an estimated 760 million of them now connected globally. As new threats increasingly target IoT devices, such as Smart TVs, that include always-on connectivity and high-performance GPUs that can be hijacked for malicious purposes, FortiGuard Labs took the opportunity to look at the current security status of these devices.
FortiGuard Labs recently encountered malicious traffic traveling to a C2 server located in China. The connection was established by a domain using a name that closely resembled one of Japan’s most famous express post delivery services. Our analysis showed that the website making this connection is fake, and moreover, it is spreading an Android malware.
The FortiGuard Labs research team recently captured a malware sample, an EXE file, which was signed by an invalid certificate. Once a victim opens the exe file, it installs two drivers to control the victim’s Windows system as well as monitors the Internet activities of the victim’s Web browser.
During the past two months, FortiGuard Labs has been monitoring an onslaught of updates from GandCrab as a result of their agile development method. Some of these updates included major changes, while some only had minimal. In the midst of this, a series of tit-for-tat exchanges were witnessed by many researchers between the ransomware authors and the South Korean-based security company Ahnlab over the vaccine tools that the latter released in mid-July.