On this page you will find an archive of our weekly Threat Intelligence Briefs, as well as the ability to sign up to receive these briefs every Friday. Join the thousands of other security-minded professionals who receive these weekly briefs!

FortiGuard Threat Intelligence Brief - May 03, 2019

More Tricks -- On Friday, April 26, 2019, FortiGuard Labs captured a suspicious email. After a quick analysis, it was discovered that it was spreading the malware TrickBot. This piece of malware is a kind of component loader, which can download other malicious components and execute them in TrickBot...

FortiGuard Threat Intelligence Brief - April 26, 2019

Predator the Thief -- In March 2019, FortiGuard Labs discovered a running campaign against Russian-speakers using a new version of 'Predator the Thief' stealer malware. The same actor was using one set of dummy files to deliver the stealer via different forms of phishing, including Zipped files, fak...

FortiGuard Threat Intelligence Brief - April 19, 2019

Activity Summary - Week Ending April 19, 2019 Ransomware continues to be impactful.  Below, FortiGuard Labs researchers provide detailed research into two of these interesting attacks. 

FortiGuard Threat Intelligence Brief - April 12, 2019

FortiGuard Labs has recently discovered a stored cross site scripting (XSS) vulnerability in Magento.

FortiGuard Threat Intelligence Brief - April 05, 2019

Last week, Canadian police executed a search warrant and arrested the author behind the Orcus RAT. Interestingly, the software author posted an official 'press release' to pastebin.com on March 31st detailing the actions taken by the Roy...

FortiGuard Threat Intelligence Brief - March 29, 2019

Apple released security updates on Tuesday this week. Some of the vulnerabilities being addressed are quite serious, so we do recommend you apply the updates immediately. The ReplayKit API flaw allows a malicious application to spy on you through accessi...

FortiGuard Threat Intelligence Brief - March 22, 2019

FortiGuard Labs Web Filtering team continues to log the Andromeda botnet as one of our more prevalent detections. In fact, over the last week it recorded the second most unique IPV4 addresses, only the Emotet botnet had more.

FortiGuard Threat Intelligence Brief - March 15, 2019

FortiGuard Lab researchers continue to monitor malicious connections associated with the Emotet Trojan. Within the last couple of days, we discovered three new modules from the botnet C&C sever. The C&C server replies with a response packet when an infected system sends it information about the vict...

FortiGuard Threat Intelligence Brief - March 08, 2019

FortiGuard SE team recently discovered a targeted attack aimed at an unknown individual working for a government department in Queensland State in Australia. Within a span of a few days, we had observed additional activity targeting various members of this organization, specifically in the form of s...

FortiGuard Threat Intelligence Brief - March 01, 2019

WordPress WooCommerce Vulnerability -- Fortinet's FortiGuard Labs researcher, Zhouyuan Yang, discovered a stored Cross-Site Scripting (XSS) vulnerability in Automattic WordPress WooCommerce Plugin. The vulnerability was submitted to Automattic and confirmed in February, 2019, with a patch released o...

FortiGuard Threat Intelligence Brief - February 22, 2019

On February 20th, Fortinet released our 2018 Q4 Global Threat Landscape Report. Fortinet is in a unique position to report on the global threat landscape. We have the #1 most adopted network security solution, having 4.4 million devices deployed, coupled with our seasoned threat intelligence and mac...

FortiGuard Threat Intelligence Brief - February 15, 2019

February's Patch Tuesday brought a bevy of updates from Microsoft and Adobe, each releasing updates for over 70 vulnerabilities affecting their respective products. Yes, you read that right, that is over 140 vulnerabilities overall.

FortiGuard Threat Intelligence Brief - February 08, 2019

Jaff Ransomware -- FortiGuard Labs recently published analysis on the Jaff ransomware. This ransomware has been around since early 2017 but was overlooked because the WannaCry ransomware was getting all the attention. However, since that time, the Jaff ransomware has lurked in the shadows while infe...

FortiGuard Threat Intelligence Brief - February 01, 2019

FortiGuard Labs researchers discovered a remote code execution vulnerability in some routers shipped by Cerio (CVE-2018-18852). Cerio manufactures a series of network routers directly competing with Asus and Linksys routers. A malicious authenticated user can forge a HTTP request to inject operating...

FortiGuard Threat Intelligence Brief - January 25, 2019

FortiGuard Labs has a dedicated team of researchers that look for vulnerabilities and weaknesses in high-impacting programs and applications. The intent is to find the vulnerabilities before the bad actors, and work with the affected vendors to get an effective patch released before the vulnerabilit...

FortiGuard Threat Intelligence Brief - January 18, 2019

FortiGuard Labs Research Team recently captured a malicious Microsoft Word document that contains auto-executable malicious VBA code that can spread and install NanoCore RAT software on a victim's Windows system. NanoCore RAT was developed in the .Net framework. The sample we analyzed uses NanoCore...

FortiGuard Threat Intelligence Brief - January 11, 2019

FortiGuard Labs researchers recently discovered a Cross-Site Scripting vulnerability in Magento that could allow a remote attacker to execute arbitrary code on a victim's browser, granting them access to sensitive data, or take control of the vulnerable website. This XSS vulnerability affects Magent...

FortiGuard Threat Intelligence Brief - January 04, 2019

The Ryuk ransomware caused a major disruption for some high-profile print media organizations in the United States. This malware is typically used in targeted attacks carried out via phishing or through planted files on insecure remote desktops. While the code appears to have similarities with Herme...

FortiGuard Threat Intelligence Brief - December 21, 2018

For our last FortiGuard Threat Intelligence Brief of 2018 we are going to take a quick look back at the year. And what a year it has been!

FortiGuard Threat Intelligence Brief - December 14, 2018

Microsoft's Patch Tuesday came with 39 updates, with 9 rated critical and 1 under active attack. Two of this month's patches were vulnerabilities discovered by FortiGuard Labs researchers. Our researchers discovered both vulnerabilities in September this year, and have worked closely with Microsoft...

FortiGuard Threat Intelligence Brief - December 07, 2018

Since first being discovered in 2014, Emotet has become one of the most dangerous advanced, modular banking Trojans that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the costliest and more destructive malware affecting state, local, tribal, an...

FortiGuard Threat Intelligence Brief - November 30, 2018

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a joint Technical Alert (TA) this week to provide information about a major online ad fraud operation named '3ve'.

FortiGuard Threat Intelligence Brief - November 16, 2018

This week Fortinet released our latest Quarterly Threat Landscape Report. Every second of every day FortiGuard Labs is collecting data gathered from millions of devices and sensors around the world. The sheer volume of data we analyze gives us a distinct and unparalleled perspective of the global th...The sheer volume of data we analyze gives us a distinct and unparalleled perspective of the global th...

FortiGuard Threat Intelligence Brief - November 09, 2018

The TrickBot malware family has been around for many years, initially focused on stealing victim's online banking credentials. However, FortiGuard Labs has analyzed some new samples where we have found TrickBot, utilizing a new module, has evolved to much more trickery.

FortiGuard Threat Intelligence Brief - November 02, 2018

Cybercrime-as-a Service has created an entry point for novice distributed denial-of-service (DDoS) attackers by offering simple options to anonymously attack nearly any website and forcing it offline. Due to the public release of source code for some popular bots, building a botnet to provide these...

FortiGuard Threat Intelligence Brief - October 26, 2018

Attackers have always been seeking new avenues for exploitation; short of discovering zero days themselves. Many attackers have relied on known vulnerabilities either disclosed responsibly or irresponsibly to a vendor. Also, even if there is a patch available, such as the industry standard Patch Tue...

FortiGuard Threat Intelligence Brief - October 19, 2018

Recognizing and preventing modern cyber scams is difficult. As FortiGuard Sr. Security Strategist, Ladi Adefala, points out in his blog post, cybercriminals use a wide variety of scam tactics to gain access to your devices and networks to steal information or extort money. It is important to underst...

FortiGuard Threat Intelligence Brief - October 12, 2018

A zero-day bug being actively exploited in the wild was patched by Microsoft this week. CVE-2018-8453 addresses an elevation of privilege flaw in the way that Win2K handles drivers, thereby allowing bad actors to run their code with kernel mode access. This would allow the attacker to install progra...

FortiGuard Threat Intelligence Brief - October 05, 2018

FortiGuard Labs recently encountered malicious traffic traveling to a C2 server located in China. The connection was established by a domain using a name that closely resembled one of Japan's most famous express post delivery services. Our analysis showed that the website making this connection is f...