Threat Research

Threat Research

A Look into XPC Internals: Reverse Engineering the XPC Objects

We have recently been engaged in deep security research on macOS for FortiGuard Labs focused on the discovery and analysis of IPC vulnerabilities. In this blog, we uncover the XPC internals data types to help researchers not only quickly analyze the root causes of XPC vulnerabilities, but to also assist with deep analysis of exploits targeted at those vulnerabilities.

By Kai LuDecember 14, 2018

Threat Research

The Weaponization of PUAs

In this FortiGuard Labs article we will define what a PUA is, describe its inherent risks, and how malware makes use of them by showcasing a malware sample.

By Chris Navarrete December 06, 2018

Threat Research

RPC Bug Hunting Case Studies – Part 1

FortiGuard Labs believes that understanding how this attack works will significantly help other researchers find vulnerabilities similar to the bug that SandboxEscaper found in the Windows Task Scheduler. In this blog post, we will discuss our approach to finding privilege escalation by abusing a symbolic link on an RPC server.

By Wayne Chin Yick LowDecember 05, 2018

Threat Research

Exploiting an RCE bug in the UDP Protocol implemented in FreeRTOS

Recently, we saw a report about several bugs that were found on FreeRTOS. Curiosity got the best of us, and we started to take a look to see what can be done from the IPS side to protect our customers because of the importance of IoT devices and the popularity of this operating system.

By Amir ZaliDecember 04, 2018

Threat Research

Cookie Maker: Inside the Google Docs Malicious Network

FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS.

By Artem SemenchenkoNovember 21, 2018

Threat Research

New Loki Variant Being Spread By Phishing Email

After a quick analysis of a new phishing email, FortiGuard Labs found that it was spreading a new variant of the Loki malware. In this blog we walk through what it does.

By Xiaopeng ZhangNovember 15, 2018

Threat Research

Patch Your Microsoft Outlook: Fortinet Discovered Four Outlook Remote Code Execution Vulnerabilities

This Patch Tuesday, November 13, 2018, Microsoft patched six vulnerabilities discovered in Microsoft Outlook. Four of them were discovered and reported on by Fortinet researcher Yonghui Han by following Fortinet’s responsible disclosure process.

By Yonghui HanNovember 13, 2018

Threat Research

Dharma Ransomware: What It’s Teaching Us

FortiGuard Labs has been monitoring the Dharma (also named CrySiS) malware family for a few years. As we demonstrate in our blog, even though the Dharma ransomware continues to be active, the attackers are not really updating their mode of operation, but continue to rely on a proven tactic to find and infect new victims, which is to leverage badly secured RDP services to gain access to the network.

Threat Research

Analyzing the New non-Beta Version of the Kraken Cryptor Ransomware

FortiGuard Labs recently detected new versions of Kraken Cryptor Ransomware. While the beta tag has been removed from its configuration, there are still numerous bugs in this ransomware, and the author is still continuously modifying its basic functions.

By Yueh-Ting ChenNovember 12, 2018

Threat Research

Deep Analysis of TrickBot New Module pwgrab

FortiGuard Labs found a new TrickBot variant, with a new module pwgrab, which attempts to steal credentials, autofill data, history and so on. We did a deep analysis on this pwgrab module to explain how it works on a victim’s system.

By Xiaopeng ZhangNovember 08, 2018