Threat Research

FortiGuard Labs Weekly Threat Update – October 18, 2019

By Jeannette Jarvis | October 18, 2019

Each week, FortiGuard Labs publishes our Threat Intelligence Brief that profiles some of the more interesting and impactful security events from the week. Here are some of the topics that we covered this week:

  • An Iran-linked advanced persistent threat (APT) group, with ties to attacks on the U.S. presidential reelection campaign, recently added new techniques to its stockpile in an apparent ramp-up of their operations. Charming Kitten, also known as Phosphorus, APT35, and Ajax Security Team, is escalating their volume of spear-phishing attempts as well as adding new impersonation vectors to its campaign. We detail the new tactics and show the relation to an attack Microsoft recently observed.

  • We discuss a new vulnerability discovered in the Linux sudo command that could allow unprivileged users to execute commands as root. When executing commands on a Linux operating system, unprivileged users can use the sudo (superuser do) command to execute commands as root as long as they have been given permission or know the root user's password.

  • Read more about the "Professional Certification Program of the Year" award that Fortinet recently received. Fortinet offers extensive certification learning courses that start with an introduction to the threat landscape, followed by the evolution of cybersecurity, and more.

  • This week we profile new research on analysis of the Winnti Group's backdoor dubbed "PortReuse." This is an interesting white paper that is worth a read as it discusses, among other things, some of the methods used to stay covert.

  • We also discuss how smartphone users are being phished via calendar app invitations. A feature of this emailing and calendar application allows users to see event invitations in emails in their calendars without adding it themselves. A smartphone user using this calendar application will then get push notifications. Scammers are using this feature to lure victims into clicking on a phishing link.

You can find more details about these and other issues in the FortiGuard Labs Weekly Threat Intelligence Brief. Read this week's issue and subscribe to the weekly email distribution.

Learn more about FortiGuard Labs and the FortiGuard Security Services portfolio

Read about the FortiGuard Security Rating Service, which provides security audits and best practices.