Results for windows

Threat Research

Offense and Defense – A Tale of Two Sides: (Windows) OS Credential Dumping

Learn about the 3rd installment of the “Offense and Defense – A Tale of Two Sides” blog series, where FortiGuard Labs focuses on different tactics and techniques malicious actors use to complete their cyber missions—and how organizations can detect and prevent them.

By Anthony GiandomenicoMay 21, 2020

Threat Research

FortiGuard Labs Discovers Multiple Critical Vulnerabilities in Adobe Illustrator CC 2020

Following best practices of Responsible Disclosure, FortiGuard Labs discovered and reported multiple critical vulnerabilities in Adobe Illustrator CC 2020. Adobe Inc. released several urgent out-of-band patches to fix these issues. Learn more.

By Kushal Arvind ShahMay 05, 2020

Threat Research

NetWire RAT Targeting Taxpayers is Spreading via Legacy Microsoft Excel 4.0 Macro

A few days ago, FortiGuard Labs harvested a fresh Excel sample and found that it was spreading a new NetWire RAT variant. In this post, we will look at how this Excel 4.0 Macro executes in an Excel file, how the NetWire RAT is installed on the victim’s system, as well as what this NetWire RAT variant actually does once it is installed.

By Xiaopeng Zhang April 14, 2020

Threat Research

Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries

Read about the malware family of the Metamorfo targeting financial organizations, in this analysis from FortiGuard Labs.

By Xiaopeng ZhangFebruary 04, 2020

Threat Research

Patch Your Microsoft Windows and Office: Fortinet Discovers Three Zero-Day Remote Code Execution Vulnerabilities

On the April 9, 2019 Patch Tuesday, Microsoft released patches for several vulnerabilities in Windows and Office. Three of them were discovered and reported by FortiGuard Labs researcher Honggang Ren by following Fortinet’s responsible disclosure process.

By Honggang Ren April 10, 2019

Threat Research

Microsoft Windows JET Engine Msrd3x Code Execution Vulnerability

Fortinet's FortiGuard Labs discovered a code execution vulnerability in Windows JET Engine Msrd3x40 and reported it to Microsoft. On patch Tuesday of January 2019, Microsoft released a Security Bulletin that contains the fix for this vulnerability and identifies it as CVE-2019-0538.

By Honggang Ren January 11, 2019

Threat Research

Cookie Maker: Inside the Google Docs Malicious Network

FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS.

By Artem SemenchenkoNovember 21, 2018

Threat Research

FakeSpy Comes Back. New Wave Hits Japan

FortiGuard Labs recently encountered malicious traffic traveling to a C2 server located in China. The connection was established by a domain using a name that closely resembled one of Japan’s most famous express post delivery services. Our analysis showed that the website making this connection is fake, and moreover, it is spreading an Android malware.

By Dario Durando, Evgeny AnaninOctober 02, 2018

Threat Research

Deep Analysis of a Driver-Based MITM Malware: iTranslator

The FortiGuard Labs research team recently captured a malware sample, an EXE file, which was signed by an invalid certificate. Once a victim opens the exe file, it installs two drivers to control the victim’s Windows system as well as monitors the Internet activities of the victim’s Web browser.

By Xiaopeng ZhangSeptember 21, 2018

Threat Research

Microsoft Windows Remote Kernel Crash Vulnerability

At the end of January 2018, the FortiGuard Labs team discovered a remote kernel crash vulnerability in Microsoft Windows and reported it to Microsoft by following Fortinet’s responsible disclosure process. On June 12, Microsoft released an advisory that contains the fix for this vulnerability and identifies it as CVE-2018-1040.

By Honggang RenJune 14, 2018