TrickBot or Treat – Knocking on the Door and Trying to Enter

The FortiGuard SE Team discovered a particularly interesting targeted attack towards the end of August in Virus Total. The attack targeted a supplier for a distribution/logistics provider to a nation state. The email contained an attachment that appeared to have been sent by a company that manufactures and distributes electrical Continue Reading

Multiple WordPress Plugins SQL Injection Vulnerabilities

Introduction In July 2019, Fortinet’s FortiGuard Labs discovered and reported nine SQL injection vulnerabilities in nine different popular WordPress plugins across a variety of categories, including advertisement, donation, gallery, forms, newsletter, and video player. These plugins are being actively used by hundreds of thousands of WordPress websites, with some of Continue Reading

The Gamaredon Group: A TTP Profile Analysis

A FortiGuard Labs Threat Analysis FortiGuard Labs recently discovered a fresh malicious campaign being run by the Gamaredon Group possibly targeting Ukrainian law enforcement and government agencies. We decided to provide an analysis of the current campaign, particularly focusing on the tools and methods used by these malicious actors to Continue Reading

FortiGuard Labs Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop

This past May I discovered and reported multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2019 to the software developer, Adobe Inc. Last Tuesday (Aug 13, 2019), Adobe released several security patches to fix those issues as part of their Patch Tuesday Initiative. These vulnerabilities are identified as CVE-2019-7990, CVE-2019-7991, Continue Reading

New Spam Attack Targets Romanian Corporation

A FortiGuard SE Team Threat Analysis Report The FortiGuard SE team has discovered an ongoing malicious spam campaign targeting a critical infrastructure energy provider in Romania over the past few weeks. It uses a combination of a variant of the Fareit/Pony downloader together with the Formbook infostealer malware. While we Continue Reading

Predator the Thief: New Routes of Delivery

A FortiGuard Labs Threat Analysis Paper Introduction In March 2019, FortiGuard Labs discovered a running campaign against Russian-speakers using a new version of “Predator the Thief” stealer malware. The same actor was using one set of dummy files to deliver the stealer via different forms of phishing, including Zipped files, Continue Reading

New Stealth Worker Campaign Creates a Multi-platform Army of Brute Forcers

A Threat Analysis Report from FortiGuard Labs FortiGuard Labs recently discovered a new campaign of StealthWorker malware, also called GoBrut, that was first reported by Malwarebytes just a few days ago. This malware is written in Golang. Although uncommonly seen being used by malware, it is the same programming language Continue Reading

WordPress WooCommerce XSS Vulnerability – Hijacking a Customer Account with a Crafted Image

Overview The FortiGuard Labs team recently discovered a Cross-Site Scripting (XSS) vulnerability in WooCommerce. WooCommerce is an open-source eCommerce platform built on WordPress. According to BuiltWith statistics, WooCommerce is the No. 1 eCommerce platform, owning 22% of global market share in 2018. This XSS vulnerability (CVE-2019-9168) exists in the zoom Continue Reading

Breakdown of a Targeted DanaBot Attack

A FortiGuard SE Team Threat Analysis Report On Feb 5th, 2019, the FortiGuard SE team discovered a targeted attack aimed at an unknown individual working for a governmental organization located in the city of Gold Coast, Australia. Within a span of a few days, we had observed additional activity targeting Continue Reading

Remote Password Change Vulnerability in HPE Vertica Analytic Database

Summary On March 24 2017, I discovered and reported on a remote password change vulnerability in Hewlett-Packard Enterprise’s (HPE) Vertica Analytic Database. This week, HPE released Security Bulletin HPESBGN03734, which contains the fix for this vulnerability and identifies it as CVE-2017-5802. Fueled by ever-growing volumes of Big Data found in Continue Reading