On this page you will find an archive of our weekly Threat Intelligence Briefs, as well as the ability to sign up to receive these briefs every Friday. Join the thousands of other security-minded professionals who receive these weekly briefs!

FortiGuard Threat Intelligence Brief - September 06, 2019

Activity Summary - Week Ending Sep 06, 2019 iOS 0-Days – Earlier this year Apple released an urgent out-of-band update (12.1.4). Now we know the backstory. Google's Project Zero researcher, Ian Beer, posted the detailed analysis behind some iOS exploit chains found in the wild.

FortiGuard Threat Intelligence Brief - August 30, 2019

  FortiGuard Labs Threat Analysis Report: WordPress Vulnerabilities – In July 2019, Fortinet's FortiGuard Labs discovered and reported nine SQL injection vulnerabilities in nine different popular WordPress plugins across a variety of categories, including advertisement, donation, gallery, forms, new...

FortiGuard Threat Intelligence Brief - August 23, 2019

Activity Summary - Week Ending Aug 23, 2019   Ransomware is a serious threat. Attacks are becoming more and more targeted. This was never more evident when last Friday, twenty-two small governments across the state of Texas were hit with a coordinated ransomware attack. According to the Texas Depart...

FortiGuard Threat Intelligence Brief - August 16, 2019

Activity Summary - Week Ending Aug 16, 2019   Fortinet has released our 2019 Q2 Threat Landscape Report. Due to the sheer volume of data that Fortinet analyses, representing everything from IOT devices to the Cloud, we have an unparalleled perspective of the threat landscape. That view and data is d...

FortiGuard Threat Intelligence Brief - August 09, 2019

Activity Summary - Week Ending Aug 09, 2019   Pastebin Misuse – One way to share plain-text data over the internet is to post it on Pastebin and then share it anywhere you want with just a link. But not everyone uses this service in the same way or for innocent purposes. The FortiGuard Labs threat r...

FortiGuard Threat Intelligence Brief - August 02, 2019

Activity Summary - Week Ending August 02, 2019   Breach Alert – This week, Capital One Financial Corporation announced that they were the target of a large-scale data breach, estimated to have affected over 100 million customers in the United States and Canada. Apparently the data was primarily rela...

FortiGuard Threat Intelligence Brief - July 26, 2019

 Zegost Campaign -- The FortiGuard Labs SE team discovered a recent spearphishing email campaign containing the Zegost info stealing malware. What is interesting about this specific campaign is that the target victim is a governmental entity in China that provides statistical collection efforts foc...

FortiGuard Threat Intelligence Brief - July 19, 2019

Activity Summary - Week Ending July 19, 2019   GandCrab Saga -- After collaborating with law enforcement from 8 countries, as well as industry, the FBI identified and released the master decryption keys for all new versions of GandCrab introduced since July 2018. Decryption keys can be found at No M...

FortiGuard Threat Intelligence Brief - July 12, 2019

Last week, the United States Cyber National Mission Force (CNMF), aka USCYBERCOM, tweeted a notification for samples seen in the wild actively exploiting CVE-2017-11774, which is a security bypass vulnerability in Microsoft Outlook. These samples were provided to us in advance via our partnership wi...

FortiGuard Threat Intelligence Brief - June 28, 2019

Quit While You Are Ahead --Two weeks ago, the GandCrab authors announced their abrupt retirement from the ransomware industry, specifically the ransomware-as-a-service (RaaS) vertical (if one exists). GandCrab, if you recall, was the most prolific ransomware of 2018, and it appeared that the trend w...

FortiGuard Threat Intelligence Brief - June 21, 2019

HawkEye -- FortiGuard Labs researchers recently discovered a new HawkEye malware variant being distributed via a phishing email. HawkEye is known as a keylogger and application credential stealing malware. Past variants spread through email using common Microsoft Office documents (Word, Excel, etc.)...

FortiGuard Threat Intelligence Brief - June 14, 2019

Activity Summary - Week Ending June 14, 2019 Get Patching -- Microsoft recently released a patch for a critical Remote Desktop Protocol (RDP) vulnerability (CVE-2019-0708). This vulnerability, codenamed BlueKeep, if exploited, could be turned into a self-replicating worm that could impact computers...

FortiGuard Threat Intelligence Brief - June 07, 2019

MageCart Analysis -- FortiGuard Labs has been monitoring the development on the e-commerce threat landscape. Recently, we delved into deeper analysis of MageCart, a name given to numerous cybercriminal groups that embed digital skimmers on compromised e-commerce sites in order to steal payment card...

FortiGuard Threat Intelligence Brief - May 31, 2019

Activity Summary - Week Ending May 31, 2019 FortiGuard Labs has been monitoring a Linux coin mining campaign from "Rocke", a malware threat group specializing in cryptomining. This active malware campaign has been leveraging a multi-stage and agile approach. Often the threat group pushes out multipl...

FortiGuard Threat Intelligence Brief - May 24, 2019

Activity Summary - Week Ending May 24, 2019 On May 21st, Fortinet released our Quarterly Threat Landscape Report. This report represents the collective intelligence of FortiGuard Labs, gleaned from the vast array of sensors collecting billions of threat events in production environments around the w...

FortiGuard Threat Intelligence Brief - May 17, 2019

Activity Summary - Week Ending May 17, 2019 Profusion of Patches -- Microsoft patched 79 vulnerabilities in the May Patch Tuesday release. Three of these vulnerabilities were discovered by FortiGuard Labs researchers, Honggang Ren and Wayne Low.

FortiGuard Threat Intelligence Brief - May 10, 2019

Activity Summary - Week Ending May 10, 2019 Fareit/Pony -- FortiGuard Labs Researchers have discovered an ongoing malicious spam campaign that has been targeting a critical infrastructure energy provider in Romania over the last several weeks. The campaign uses a combination of the Fareit/Pony down...

FortiGuard Threat Intelligence Brief - May 03, 2019

More Tricks -- On Friday, April 26, 2019, FortiGuard Labs captured a suspicious email. After a quick analysis, it was discovered that it was spreading the malware TrickBot. This piece of malware is a kind of component loader, which can download other malicious components and execute them in TrickBot...

FortiGuard Threat Intelligence Brief - April 26, 2019

Predator the Thief -- In March 2019, FortiGuard Labs discovered a running campaign against Russian-speakers using a new version of 'Predator the Thief' stealer malware. The same actor was using one set of dummy files to deliver the stealer via different forms of phishing, including Zipped files, fak...

FortiGuard Threat Intelligence Brief - April 19, 2019

Activity Summary - Week Ending April 19, 2019 Ransomware continues to be impactful.  Below, FortiGuard Labs researchers provide detailed research into two of these interesting attacks. 

FortiGuard Threat Intelligence Brief - April 12, 2019

FortiGuard Labs has recently discovered a stored cross site scripting (XSS) vulnerability in Magento.

FortiGuard Threat Intelligence Brief - April 05, 2019

Last week, Canadian police executed a search warrant and arrested the author behind the Orcus RAT. Interestingly, the software author posted an official 'press release' to pastebin.com on March 31st detailing the actions taken by the Roy...

FortiGuard Threat Intelligence Brief - March 29, 2019

Apple released security updates on Tuesday this week. Some of the vulnerabilities being addressed are quite serious, so we do recommend you apply the updates immediately. The ReplayKit API flaw allows a malicious application to spy on you through accessi...

FortiGuard Threat Intelligence Brief - March 22, 2019

FortiGuard Labs Web Filtering team continues to log the Andromeda botnet as one of our more prevalent detections. In fact, over the last week it recorded the second most unique IPV4 addresses, only the Emotet botnet had more.

FortiGuard Threat Intelligence Brief - March 15, 2019

FortiGuard Lab researchers continue to monitor malicious connections associated with the Emotet Trojan. Within the last couple of days, we discovered three new modules from the botnet C&C sever. The C&C server replies with a response packet when an infected system sends it information about the vict...

FortiGuard Threat Intelligence Brief - March 08, 2019

FortiGuard SE team recently discovered a targeted attack aimed at an unknown individual working for a government department in Queensland State in Australia. Within a span of a few days, we had observed additional activity targeting various members of this organization, specifically in the form of s...

FortiGuard Threat Intelligence Brief - March 01, 2019

WordPress WooCommerce Vulnerability -- Fortinet's FortiGuard Labs researcher, Zhouyuan Yang, discovered a stored Cross-Site Scripting (XSS) vulnerability in Automattic WordPress WooCommerce Plugin. The vulnerability was submitted to Automattic and confirmed in February, 2019, with a patch released o...