We have recently been engaged in deep security research on macOS for FortiGuard Labs focused on the discovery and analysis of IPC vulnerabilities. In this blog, we uncover the XPC internals data types to help researchers not only quickly analyze the root causes of XPC vulnerabilities, but to also assist with deep analysis of exploits targeted at those vulnerabilities.
FortiGuard Labs believes that understanding how this attack works will significantly help other researchers find vulnerabilities similar to the bug that SandboxEscaper found in the Windows Task Scheduler. In this blog post, we will discuss our approach to finding privilege escalation by abusing a symbolic link on an RPC server.
Recently, we saw a report about several bugs that were found on FreeRTOS. Curiosity got the best of us, and we started to take a look to see what can be done from the IPS side to protect our customers because of the importance of IoT devices and the popularity of this operating system.
FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS.
This Patch Tuesday, November 13, 2018, Microsoft patched six vulnerabilities discovered in Microsoft Outlook. Four of them were discovered and reported on by Fortinet researcher Yonghui Han by following Fortinet’s responsible disclosure process.
FortiGuard Labs has been monitoring the Dharma (also named CrySiS) malware family for a few years. As we demonstrate in our blog, even though the Dharma ransomware continues to be active, the attackers are not really updating their mode of operation, but continue to rely on a proven tactic to find and infect new victims, which is to leverage badly secured RDP services to gain access to the network.
FortiGuard Labs recently detected new versions of Kraken Cryptor Ransomware. While the beta tag has been removed from its configuration, there are still numerous bugs in this ransomware, and the author is still continuously modifying its basic functions.