Threat Research

Threat Research

Thrip ATP Attack Update

In conjunction with the Cyber Threat Alliance, Symantec today released their blog post on an APT (advanced persistent threat) group codenamed "Thrip.” As part of our membership with the Cyber Threat Alliance (CTA), we have received these indicators ahead of publication to ensure that FortiGuard customers are protected from this latest disclosure.

By FortiGuard SE TeamJune 19, 2018

Threat Research

Microsoft Windows Remote Kernel Crash Vulnerability

At the end of January 2018, the FortiGuard Labs team discovered a remote kernel crash vulnerability in Microsoft Windows and reported it to Microsoft by following Fortinet’s responsible disclosure process. On June 12, Microsoft released an advisory that contains the fix for this vulnerability and identifies it as CVE-2018-1040.

By Honggang RenJune 14, 2018

Threat Research

PyRoMineIoT: NSA Exploit, Monero(XMR) Miner, & IoT Device Scanner

In this article, we will discuss the changes made to PyRoMine, as well as how the ETERNALROMANCE exploit was used to distribute yet another Monero miner we have dubbed PyRoMineIoT.

By Jasper ManuelJune 12, 2018

Threat Research

Non-Russian Matryoshka: Russian Service Centers Under Attack

With the help of FortiGuard’s in-house Threat Intelligence Platform (Kadena), FortiGuard Labs discovered a series of attacks targeted at service centers in Russia. These service centers provide maintenance and support for a variety of electronic goods.

Threat Research

VPNFilter Malware - Critical Update

As a member of the Cyber Threat Alliance (CTA), FortiGuard Labs received critical information and additional findings showing the VPNFilter campaign is targeting significantly more devices than initially thought, and contains additional capabilities, including the ability to deliver exploits to endpoints.

By FortiGuard SE TeamJune 06, 2018

Threat Research

Android Spyware Now Dropping Legit Apps?

Building on some previous research in the industry, FortiGuard Labs recently took a closer look at some Android malware impersonating the mobile version of the very popular game Fortnite.

By Dario DurandoJune 03, 2018

Threat Research

Incomplete Patch: Another Joomla! Core XSS Vulnerability Is Discovered

A new vulnerability affects Joomla! CMS versions 3.0.0 through 3.8.7. In this blog, I’ll share my analysis of this vulnerability.

By Zhouyuan YangMay 25, 2018

Threat Research

Shinoa, Owari, Mirai: What's with All the Anime References?

In September 2016, the Mirai source code was leaked on Hack Forums. Ever since, there has been an explosion of malware targeting IoT devices, each bearing the name of a protagonist found in Japanese anime. FortiGuard Labs has been tracking these IoT botnets in order to provide the best possible protection for our customers.

By Minh TranMay 25, 2018

Threat Research

Defending Against the New VPNFilter Botnet

A newly reported botnet named VPNFilter targets SCADA/ICS environments by monitoring MODBUS SCADA protocols and exfiltrating website credentials.

By FortiGuard SE TeamMay 23, 2018

Threat Research

I’ve Got Trickbot Under My Screen

FortiGuard Labs spotted yet another new module being distributed by the very active Trickbot banking malware using a technique called “Hidden VNC” (virtual network computer) to stealthily take control of a victim’s machine.