Threat Research
Deep Analysis of a QBot Campaign - Part II
In part two of the analysis of a recently discovered QBot campaign, discover how the core module collects data from a victim’s device, how it extracts submodules, how it injects its injection-module into other processes, and other malicious behaviors.
Into the Rabbit Hole – Offensive DNS Tunneling Rootkits
Learn how DNS tunneling works, how to configure well-known DNS tunneling attack rootkits to test the security and detection capabilities in your environment, and get industry best practices for mitigating this attack.
EKANS Ransomware Targeting OT ICS Systems
FortiGuard Labs analyzes the latest EKANS ransomware. Learn more about it as well as general TTP trends and related protections.
Taking a Big Picture Look at the Cyber Threat Landscape
Read insights from two of our FortiGuard Labs researchers about the evolution of cyberattacks and how organizations can get out ahead of threats as their digital attack surface expands.
Multiple Critical Vulnerabilities in Adobe Illustrator and After Effects Products
Following best practices of responsible disclosure, FortiGuard Labs discovered and reported vulnerabilities in Adobe Illustrator and After Effects, which Adobe addressed with out-of-band security updates. Learn more.
Global Malicious Spam Campaign Using Black Lives Matter as a Lure
Explore how a global malicious spam campaign is targeting users who may be sympathetic to the Black Lives Matter movement.
FortiGuard Labs Discovers Privilege Escalation Vulnerability in Windows 10 Platform
Read more about the details of a privilege escalation vulnerability (CVE-2020-1296) in the Windows 10 platform discovered by FortiGuard Labs, which was recently patched by Microsoft.
Deep Analysis of a QBot Campaign – Part I
FortiGuard Labs recently captured an MS Office Word document in the wild that was spreading a variant of QBot. Learn more about this.
Offense and Defense – A Tale of Two Sides: (Windows) OS Credential Dumping
Learn about the 3rd installment in this blog series, focusing on different tactics and techniques malicious actors use to complete their cyber missions and how organizations can prevent them.
The Use – and Abuse – of DotNet Files, and the Value of FortiResponder Automation in the Threat Analysis Process
Learn about the manual analysis of two DotNET use cases and how leveraging automated analysis technology can drastically reduce analysis time, and ultimately, response time.
