WordPress (Core) Stored XSS Vulnerability

FortiGuard Labs Breaking Threat Research Overview WordPress is the world’s most popular Content Management System (CMS). It has 60.4% of the global CMS market share, which is far higher than the second-place Joomla!, which only has 5.2% of the market share. As a result, over a third of all of Continue Reading

Fake Indian Income Tax Calculator Delivers xRAT Variant

A FortiGuard Labs Breaking Threat Report Tax-themed phishing and malware attacks rise during the tax filing season. FortiGuard Labs recently came upon an interesting Excel file claiming to provide an income tax calculator that purports to be from India’s Income Tax Department. It’s not. Instead, it’s a malicious file containing Continue Reading

New Ursnif Variant Spreading by Word Document

Breaking FortiGuard Labs Threat Research  NOTE: This threat is actively spreading. During my analysis, which started with just a few samples, the volume of captured samples and the number of triggers this new variant set off in our global network of sensors kept growing. Because of this, we highly recommend Continue Reading

LiveZilla Live Chat Technical Advisory

Breaking Threat Research from FortiGuard Labs Introduction In June 2019, Fortinet’s FortiGuard Labs discovered and reported 7 vulnerabilities in Live Chat, the Next Generation Live Help and Live Support System from LiveZilla that connects organizations to their website visitors. LiveZilla is a software company trusted by Fortune 500 companies and Continue Reading

BianLian: A New Wave Emerges

FortiGuard Labs Breaking Threat Research Recently, during our daily malware analysis routine, members of the FortiGuard Labs team encountered an Android sample that did not look familiar.  Analysis At a first look, it seemed clear that the APK was heavily obfuscated, and was possibly packed using some technique we had Continue Reading

New Rocke Variant Ready to Box Any Mining Challengers

FortiGuard Labs Breaking Threat Research FortiGuard Labs has been monitoring a Linux coin mining campaign from “Rocke” – a malware threat group specializing in cryptomining. Over the past month we have seen new features constantly being added to the malware. For instance, in their latest major update, they have added Continue Reading

Quick Analysis of New Method for Spreading TrickBot

Breaking Threat Research from FortiGuard Labs On Friday, April 26, 2019, FortiGuard Labs captured a suspicious email. After a quick analysis, I discovered that it was spreading the malware TrickBot. This piece of malware is a kind of component loader, which can download other malicious components and execute them in Continue Reading

Patch Your Adobe Shockwave Player: Fortinet Discovers Seven Zero-Day Remote Code Execution Vulnerabilities

A FortiGuard Labs Breaking Threat Research Report On the April 9, 2019, Adobe released security bulletin APSB19-20, which patches seven Adobe Shockwave Player vulnerabilities. All of them were discovered by FortiGuard Labs researcher Honggang Ren and reported to Adobe by following Fortinet’s responsible disclosure process. The CVE numbers assigned to Continue Reading

Patch Your Microsoft Windows and Office: Fortinet Discovers Three Zero-Day Remote Code Execution Vulnerabilities

A FortiGuard Labs Breaking Threat Research Report On the April 9, 2019 Patch Tuesday, Microsoft released patches for several vulnerabilities in Windows and Office. Three of them were discovered and reported by FortiGuard Labs researcher Honggang Ren by following Fortinet’s responsible disclosure process. The CVE numbers assigned to them are Continue Reading

Analysis of a Fresh Variant of the Emotet Malware

Breaking Threat Analysis research paper by FortiGuard Labs     Emotet is not a new malware family. In fact, it’s been around for several years. We captured a JS file spreading Emotet in 2017, which I then analyzed it and published two research papers on it, Part I and Part II. Continue Reading

>