New NetWire RAT Variant Being Spread Via Phishing

A FortiGuard Labs Threat Analysis Background NetWire is a Remote Access Trojan (RAT) malware that has been widely used for many years. Recently, FortiGuard Labs noticed a malware spreading via phishing email, and during the analysis on it, we discovered that it was a new variant of NetWire RAT. In Continue Reading

Another Local Privilege Escalation (LPE) Vulnerability Using Process Creation Impersonation

Introduction Over the past few months, FortiGuard Labs has been working closely with the Microsoft Security Response Centre (MSRC) to address multiple local privilege escalation (LPE) vulnerabilities that we discovered on the Windows platform. One of the most notable LPE vulnerabilities we reported to MSRC was found on the Windows Continue Reading

mysqlbinlog: support for protocol compression

We are happy to share with you that the mysqlbinlog tool has been enhanced. Starting on 8.0.17, the user can instruct the mysqlbinlog tool to negotiate, with the server that it connects to, whether to use protocol compression or not. Since MySQL 5.6, the mysqlbinlog tool can connect to a Continue Reading

LooCipher: Can Encrypted Files Be Recovered From Hell?

LooCipher is a new ransomware being distributed in the wild. While there have been articles discussing its main behaviour, how this new ransomware is being spread, and how it communicates with its command and control server to send victim machine information, this blog will focus on LooCipher’s file encryption mechanism Continue Reading

Undocumented Excel Variable Used in Malicious Spam Run Targeting Japanese Users

Over the course of the past few months, the FortiGuard SE group has been utilizing and enhancing the Fortinet machine learning systems to detect emerging threats. Recently, one of those machines detected an anomalous spike that led us to discover a malware campaign that had been using social engineering techniques Continue Reading

New Rocke Variant Ready to Box Any Mining Challengers

FortiGuard Labs Breaking Threat Research FortiGuard Labs has been monitoring a Linux coin mining campaign from “Rocke” – a malware threat group specializing in cryptomining. Over the past month we have seen new features constantly being added to the malware. For instance, in their latest major update, they have added Continue Reading

Change group_replication_exit_state_action default option to READ_ONLY

In MySQL 8.0.16, the Group Replication plugin variable group_replication_exit_state_action default value has been changed to READ_ONLY. The group_replication_exit_state_action plugin variable was introduced in MySQL 8.0.12 to allow the user to configure how Group Replication behaves when a server instance leaves the group unintentionally. The group_replication_exit_state_action has following two values: ABORT_SERVER: Continue Reading

Closing the Cybersecurity Skills Gap with Programs for Veterans

People have been talking about the cybersecurity skills gap for almost as long as they have been talking about the rise in data breaches. It’s easy to get “gap” fatigue and ignore the problem, but the facts warn against that approach. The 2018 (ISC)2 Cybersecurity Workforce Study reports that the Continue Reading

MySQL 8.0.16 Replication Enhancements

MySQL 8.0.16 has been released last Thursday. In it, you can find some new replication features. Here is a quick summary. Follow-up blog posts will provide details about these features. Large Messages Fragmentation Layer for Group Replication. Tiago Vale’s work, introduces message fragmentation to the Group Communication Framework. Group Replication’s Paxos Continue Reading

CentOS News

#CentOS15 – Manuel “Wolfy” Wolfshant – Blog.CentOS.org

For our next #CentOS15 profile, I spoke with Manuel “Wolfy” Wolfshant, who has been an active member of our community since the very beginning, shortly after we started working with the WhiteBox Linux community. (You can see some of the other #CentOS15 interviews on YouTube.) When Red Hat moved the Continue Reading

>