Results for vulnerabilities

Industry Trends

New Attacks and Old Attacks Made New

Although cybercriminals depend on innovation in order to stay ahead of security safeguards, they are still subject to maximizing ROI. Generally, new attacks are outnumbered by reconfigured malware and the resurrection of old attacks in a new wrapper.

By FortinetApril 25, 2019

Threat Research

RPC Bug Hunting Case Studies – Part 2

In this final installment of the blog post series, we will show you our alternative approach to narrowing down the RPC services that should be looked into in the effort of finding local privilege escalation. This approach has proven to be quite effective so far, as we ended up finding similar vulnerabilities but in different components.

By Wayne Chin Yick Low April 02, 2019

Threat Research

New Stealth Worker Campaign Creates a Multi-platform Army of Brute Forcers

A brute force attack is very resource intensive, but when using the collective processing power of a bot army, like the one used by this StealthWorker campaign, the task can be efficiently distributed for a much higher rate of success.

By Rommel JovenMarch 06, 2019

Threat Research

A Look into XPC Internals: Reverse Engineering the XPC Objects

We have recently been engaged in deep security research on macOS for FortiGuard Labs focused on the discovery and analysis of IPC vulnerabilities. In this blog, we uncover the XPC internals data types to help researchers not only quickly analyze the root causes of XPC vulnerabilities, but to also assist with deep analysis of exploits targeted at those vulnerabilities.

By Kai LuDecember 14, 2018

Threat Research

The Sony Smart TV Exploit: An Inside View of Hijacking Your Living Room

More and more Smart TVs are connected to the Internet than ever before, with an estimated 760 million of them now connected globally. As new threats increasingly target IoT devices, such as Smart TVs, that include always-on connectivity and high-performance GPUs that can be hijacked for malicious purposes, FortiGuard Labs took the opportunity to look at the current security status of these devices.

By Tony LoiOctober 04, 2018

Threat Research

How Much Malware Can You Stuff Into An Attack?

Last week, a new threat known as Mylobot was trending that included multiple evasions and a large number of separate malware variants blended into a single threat. Read more.

By FortiGuard SE TeamJune 27, 2018

Threat Research

Multiple Plone Cross-Site Scripting Vulnerabilities

Plone is a free and open source content management system, and is ranked among the top 2% of all open source projects worldwide. More than 350 solution providers in more than 100 countries currently support it. The project has been actively developed since 2001, is available in more than 40 languages, and has the best security track record of any major CMS. The users (https://plone.com/about/they-use-plone) include the Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA), the Intellectual Property Rights Center, and so on. Earlier...

By Zhouyuan YangDecember 05, 2017

Industry Trends

The Future of Cybersecurity Part II: The Need for Automation

The growing complexity of today’s networks and the growing sophistication of today’s threats has outpaced the ability of most traditional security devices to keep up. Until now, the approach of far too many IT teams has been to simply throw more money at the problem by adding yet another device into their security wiring closet. Billions have been spent on this approach every year for decades, and we really don’t have much to show for it. If cybersecurity is an arms race, the good guys aren’t winning. Instead, security...

By Aamir LakhaniNovember 06, 2017

Threat Research

FortiGuard Labs Discovers Multiple Vulnerabilities in Microsoft Word

Over the last few months we discovered and reported multiple vulnerabilities found in different versions of Microsoft Word. These vulnerabilities were patched in the January (MS17-002) and March (MS17-014) security updates. These patches are rated as important, and as always, we suggest users update Microsoft Office as soon as possible.