Threat Research

Threat Research

.Net RAT Malware Being Spread by MS Word Documents

Fortinet’s FortiGuard Labs captured a malicious MS Word document from the wild that contains auto-executable malicious VBA code that can spread and install NanoCore RAT software on a victim’s Windows system.

By Xiaopeng ZhangJanuary 15, 2019

Threat Research

Microsoft Windows JET Engine Msrd3x Code Execution Vulnerability

Fortinet's FortiGuard Labs discovered a code execution vulnerability in Windows JET Engine Msrd3x40 and reported it to Microsoft. On patch Tuesday of January 2019, Microsoft released a Security Bulletin that contains the fix for this vulnerability and identifies it as CVE-2019-0538.

By Honggang Ren January 11, 2019

Threat Research

Magento Commerce Widget Form (Core) XSS Vulnerability

The FortiGuard Labs team discovered a Cross-Site Scripting (XSS) vulnerability in Magento. This XSS vulnerability is caused by Magento failing to sanitize user-supplied data before inserting it into a dynamically generated widget form.

By Zhouyuan YangJanuary 07, 2019

Threat Research

Fake Tsunami Alert Brings Malware to Japan

In November, FortiGuard Labs uncovered a spam campaign that included a tsunami alert for Japanese citizens. In this article, we analyze the malware downloaded from the fake JMA website and research another campaign by the same actor.

By Yueh-Ting Chen, Evgeny AnaninDecember 19, 2018

Threat Research

A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587

This blog is a detailed analysis of a Heap Corruption vulnerability in Office Outlook assigned the vulnerability identifier CVE-2018-8587.

By Yonghui Han December 16, 2018

Threat Research

A Look into XPC Internals: Reverse Engineering the XPC Objects

We have recently been engaged in deep security research on macOS for FortiGuard Labs focused on the discovery and analysis of IPC vulnerabilities. In this blog, we uncover the XPC internals data types to help researchers not only quickly analyze the root causes of XPC vulnerabilities, but to also assist with deep analysis of exploits targeted at those vulnerabilities.

By Kai LuDecember 14, 2018

Threat Research

The Weaponization of PUAs

In this FortiGuard Labs article we will define what a PUA is, describe its inherent risks, and how malware makes use of them by showcasing a malware sample.

By Chris Navarrete December 06, 2018

Threat Research

RPC Bug Hunting Case Studies – Part 1

FortiGuard Labs believes that understanding how this attack works will significantly help other researchers find vulnerabilities similar to the bug that SandboxEscaper found in the Windows Task Scheduler. In this blog post, we will discuss our approach to finding privilege escalation by abusing a symbolic link on an RPC server.

By Wayne Chin Yick LowDecember 05, 2018

Threat Research

Exploiting an RCE bug in the UDP Protocol implemented in FreeRTOS

Recently, we saw a report about several bugs that were found on FreeRTOS. Curiosity got the best of us, and we started to take a look to see what can be done from the IPS side to protect our customers because of the importance of IoT devices and the popularity of this operating system.

By Amir ZaliDecember 04, 2018

Threat Research

Cookie Maker: Inside the Google Docs Malicious Network

FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS.

By Artem SemenchenkoNovember 21, 2018