FortiGuard Labs Threat Research
FortiGuard Labs Discovers Multiple Use-After-Free Vulnerabilities in Microsoft Word
During the last few months, FortiGuard Labs discovered and reported multiple use-after-free (UAF) vulnerabilities found in different versions of Microsoft Word. These vulnerabilities were patched in the January and March security updates, respectively. These patches are rated as critical/important, and as always, we urge users update Microsoft Office as soon as possible.
FortiGuard Labs Threat Research
An Inside Look at CVE-2017-0199 – HTA and Scriptlet File Handler Vulnerability
FortiGuard Labs recently came across a new strain of samples exploiting the CVE-2017-0199 vulnerability. This vulnerability was fixed by Microsoft and the patch was released in April 2017. Due to its simplicity, it can be easily exploited by attackers. It has also been found in-the-wild by other vendors. We have also blogged about some samples recently found in spear phishing attack. While there are plenty of articles discussing this vulnerability, most of them are intended for technical readers and primarily focus on how to create proof-of-concept...
FortiGuard Labs Threat Research
In-Depth Look at New Variant of MONSOON APT Backdoor, Part 1
Three weeks ago, FortiGuard Labs, along with @_ddoxer (Roland de la Paz), using VirusTotal Intelligence queries, spotted a document with the politically themed file name (Senate_panel.doc). This malicious RTF file takes advantage of the vulnerability CVE-2015-1641.
FortiGuard Labs Threat Research
In-Depth Look at New Variant of MONSOON APT Backdoor, Part 2
In part 1 of FortiGuard Labs’ analysis of a new variant of the BADNEWS backdoor, which is actively being used in the MONSOON APT campaign, we did a deep technical analysis of what this backdoor of capable of and how the bad guys control it using the command and control server. In this part of the analysis, we will try to discover who might be behind the distribution of these files.
