Learn about the 3rd installment of the “Offense and Defense – A Tale of Two Sides” blog series, where FortiGuard Labs focuses on different tactics and techniques malicious actors use to complete their cyber missions—and how organizations can detect and prevent them.
Following best practices of Responsible Disclosure, FortiGuard Labs discovered and reported multiple critical vulnerabilities in Adobe Illustrator CC 2020. Adobe Inc. released several urgent out-of-band patches to fix these issues. Learn more.
A few days ago, FortiGuard Labs harvested a fresh Excel sample and found that it was spreading a new NetWire RAT variant. In this post, we will look at how this Excel 4.0 Macro executes in an Excel file, how the NetWire RAT is installed on the victim’s system, as well as what this NetWire RAT variant actually does once it is installed.
Read about the malware family of the Metamorfo targeting financial organizations, in this analysis from FortiGuard Labs.
On the April 9, 2019 Patch Tuesday, Microsoft released patches for several vulnerabilities in Windows and Office. Three of them were discovered and reported by FortiGuard Labs researcher Honggang Ren by following Fortinet’s responsible disclosure process.
Fortinet's FortiGuard Labs discovered a code execution vulnerability in Windows JET Engine Msrd3x40 and reported it to Microsoft. On patch Tuesday of January 2019, Microsoft released a Security Bulletin that contains the fix for this vulnerability and identifies it as CVE-2019-0538.
FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS.
FortiGuard Labs recently encountered malicious traffic traveling to a C2 server located in China. The connection was established by a domain using a name that closely resembled one of Japan’s most famous express post delivery services. Our analysis showed that the website making this connection is fake, and moreover, it is spreading an Android malware.
The FortiGuard Labs research team recently captured a malware sample, an EXE file, which was signed by an invalid certificate. Once a victim opens the exe file, it installs two drivers to control the victim’s Windows system as well as monitors the Internet activities of the victim’s Web browser.
At the end of January 2018, the FortiGuard Labs team discovered a remote kernel crash vulnerability in Microsoft Windows and reported it to Microsoft by following Fortinet’s responsible disclosure process. On June 12, Microsoft released an advisory that contains the fix for this vulnerability and identifies it as CVE-2018-1040.