Threat Research

Threat Research

Threat Landscape Report: Virtually No Firm is Immune from Severe Exploits

Highlights from the latest Fortinet Threat Landscape Report, a valuable resource for any organization looking to stay ahead of today’s latest threat challenges.

By FortiGuard SE TeamAugust 13, 2018

Threat Research

An Analysis of the DLL Address Leaking Trick used by the “Double Kill” Internet Explorer Zero-Day exploit (CVE-2018-8174)

“Double Kill” is an Internet Explorer(IE) Zero-Day exploit which was discovered in the wild and fixed in the Microsoft May Patch. It exploits a use-after-free vulnerability of vbscript.dll to execute arbitrary code when a vulnerable system browses a malicious web page via IE. Multiple exploit kits have already added this exploit, and it is still active in the wild.

By Dehui YinAugust 06, 2018

Threat Research

Critical SamSam Ransomware Update

An overview of how to defend your organization from SamSam and other ransomware.

By FortiGuard SE TeamJuly 31, 2018

Threat Research

Malvertising, Input Validation, and New IoT Botnet Variants

What do malvertising, input validation, and new IoT botnet variants have in common? Well, they’re all part of our Weekly Threat Intelligence Brief.

By Anthony GiandomenicoJuly 27, 2018

Threat Research

Debugging PostScript with Ghostscript

PostScript is a simple interpretive programming language with powerful graphics capabilities that has been integrated into most of today’s modern printers. Over the last couple of years, the software has been targeted by attackers to carry out a number notorious attacks, including a campaign discovered by FortiGuard Labs last year that exploited the CVE-2015-2545 Encapsulated PostScript (EPS) vulnerability.

By Wayne Chin Yick LowJuly 26, 2018

Threat Research

IcedID & Trickbot: A Give-and-Take Relationship

FortiGuard Labs recently caught one of Trickbot’s C2 (Command and Control) servers sending commands to its victims that instructed its bots to download what turned out to be an updated variant of the IcedID banking Trojan.

By Floser Bacurio Jr.July 25, 2018

Threat Research

Hide ‘N Seek: From Home Routers to Smart Home Insecurities

In this report we will take a look at HNS evolution and how it was able to add exploits on a regular basis over the past several months without making headlines.

Threat Research

Copy-pasting Thief from a Copy-pasted Code

Recently, we noticed an unusual sample. It triggered our sensors because of the Japan encoding in one of its resources. Further analysis showed that it is not only targeting Japanese users, but any holder of Bitcoin assets.

Threat Research

GandCrab v4.1 Ransomware and the Speculated SMB Exploit Spreader

Only two days after the release of GandCrab 4.0, FortiGuard Labs found a newer version (v4.1) being distributed using the same method, which is through compromised websites disguised as download sites for cracked applications.

By Joie SalvioJuly 12, 2018

Threat Research

GandCrab V4.0 Analysis: New Shell, Same Old Menace

It has been over two months since GandCrab has undergone a major update. While this latest version includes an overhaul in terms of the code structure, its major purposes are practically the same.

By Joie SalvioJuly 09, 2018