Results for FortiGuards Labs

Threat Research

Silence Group Playbook

Silence Group is a cybercriminal organization that targets banks, specifically stealing information used in the payment card industry. The aim of this playbook is to provide first responders with relevant, up-to-date analysis, samples, and indicators of compromise which should help security professionals better protect their infrastructures.

By FortiGuard SE TeamApril 15, 2019

Threat Research

LockerGoga: Ransomware Targeting Critical Infrastructure

LockerGoga is not at all exceptional in terms of sophistication, especially when compared to other ransomware families. However, it has a unique way of iterating through the files of the victim.

Threat Research

Patch Your Adobe Shockwave Player: Fortinet Discovers Seven Zero-Day Remote Code Execution Vulnerabilities

Adobe released security bulletin APSB19-20, which patches seven Adobe Shockwave Player vulnerabilities. All of them were discovered by FortiGuard Labs researcher Honggang Ren and reported to Adobe by following Fortinet’s responsible disclosure process.

By Honggang RenApril 11, 2019

Industry Trends

Q4 Threat Report: 2018 Attacks Highlighted the Need for Advanced Threat Intelligence

Because cyber threats often evolve along with the expanding attack surface, access to regular threat research is essential. Learn about key threat findings from 2018 and what they mean for security teams. today.

By Jeannette JarvisMarch 04, 2019

Threat Research

A Look into XPC Internals: Reverse Engineering the XPC Objects

We have recently been engaged in deep security research on macOS for FortiGuard Labs focused on the discovery and analysis of IPC vulnerabilities. In this blog, we uncover the XPC internals data types to help researchers not only quickly analyze the root causes of XPC vulnerabilities, but to also assist with deep analysis of exploits targeted at those vulnerabilities.

By Kai LuDecember 14, 2018

Threat Research

Cookie Maker: Inside the Google Docs Malicious Network

FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS.

By Artem SemenchenkoNovember 21, 2018

Threat Research

The Sony Smart TV Exploit: An Inside View of Hijacking Your Living Room

More and more Smart TVs are connected to the Internet than ever before, with an estimated 760 million of them now connected globally. As new threats increasingly target IoT devices, such as Smart TVs, that include always-on connectivity and high-performance GPUs that can be hijacked for malicious purposes, FortiGuard Labs took the opportunity to look at the current security status of these devices.

By Tony LoiOctober 04, 2018

Threat Research

FakeSpy Comes Back. New Wave Hits Japan

FortiGuard Labs recently encountered malicious traffic traveling to a C2 server located in China. The connection was established by a domain using a name that closely resembled one of Japan’s most famous express post delivery services. Our analysis showed that the website making this connection is fake, and moreover, it is spreading an Android malware.

By Dario Durando, Evgeny AnaninOctober 02, 2018

Threat Research

Deep Analysis of a Driver-Based MITM Malware: iTranslator

The FortiGuard Labs research team recently captured a malware sample, an EXE file, which was signed by an invalid certificate. Once a victim opens the exe file, it installs two drivers to control the victim’s Windows system as well as monitors the Internet activities of the victim’s Web browser.

By Xiaopeng ZhangSeptember 21, 2018

Threat Research

A Chronology of GandCrab v4.x

During the past two months, FortiGuard Labs has been monitoring an onslaught of updates from GandCrab as a result of their agile development method. Some of these updates included major changes, while some only had minimal. In the midst of this, a series of tit-for-tat exchanges were witnessed by many researchers between the ransomware authors and the South Korean-based security company Ahnlab over the vaccine tools that the latter released in mid-July.

By Joie SalvioAugust 27, 2018