New Apple Push Service Requires HTTP/2. Check Your Windows OS

Posted on: January 13th, 2020 A heads-up from our development labs: The latest update to the Apple Push Notification service (APNs) requires the use of HTTP/2 and will be included in the upcoming V16 Update 5. This essentially makes Apple Push Notification service only compatible with operating systems that support Continue Reading

Get Ready for the New iOS App Coming Swiftly in the New Year

A heads-up from our development labs: Our coding team is hard at work rewriting the new iOS app in Swift, adding all the cool features already enjoyed by Android app users. The new iOS app will offer end-to-end secured calls, video capability, and the ability to reconnect calls while roaming Continue Reading

FortiGuard Labs Weekly Threat Update – Week of 27 September 2019

Each week, FortiGuard Labs publishes a Threat Brief to subscribers that profile notable hot topics and threats that were discovered or discussed during the week. Here is a recap of what we are covering in this week’s Threat Brief: Malware and Zero Day Attacks We breakdown our analysis of a Continue Reading

New NetWire RAT Variant Being Spread Via Phishing

A FortiGuard Labs Threat Analysis Background NetWire is a Remote Access Trojan (RAT) malware that has been widely used for many years. Recently, FortiGuard Labs noticed a malware spreading via phishing email, and during the analysis on it, we discovered that it was a new variant of NetWire RAT. In Continue Reading

Get 3CX V16 Update 3 BETA for more security and availability

Posted on: September 20th, 2019 A word from our Development Labs: Work on the latest v16 Update has reached Beta stage! Update 3 Beta has just been released with new security options for SIP trunks, higher availability, per profile Push messages and group chat customization. Download and try this Beta Continue Reading

Nemty Ransomware 1.0: A Threat in its Early Stage

FortiGuard Labs was investigating the Sodinokibi ransomware family, when we came across the newly discovered Nemty Ransomware. Interestingly, as we analyzed this new malware, we also encountered an artifact embedded in its binary that we were very much familiar with since it was also used by the GandCrab ransomware before Continue Reading

WordPress (Core) Stored XSS Vulnerability

FortiGuard Labs Breaking Threat Research Overview WordPress is the world’s most popular Content Management System (CMS). It has 60.4% of the global CMS market share, which is far higher than the second-place Joomla!, which only has 5.2% of the market share. As a result, over a third of all of Continue Reading

Another Local Privilege Escalation (LPE) Vulnerability Using Process Creation Impersonation

Introduction Over the past few months, FortiGuard Labs has been working closely with the Microsoft Security Response Centre (MSRC) to address multiple local privilege escalation (LPE) vulnerabilities that we discovered on the Windows platform. One of the most notable LPE vulnerabilities we reported to MSRC was found on the Windows Continue Reading

Newly Discovered Infostealer Attack Uses LokiBot

The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. It targeted a large US manufacturing company utilizing the well documented infostealer LokiBot. Interestingly enough, this also has a compilation date of August 21st, Continue Reading

FunkyBot: A New Android Malware Family Targeting Japan

Last year, FortiGuard Labs identified a malware campaign targeting Japanese users. The campaign impersonated a logistics company and deployed an Android malware called FakeSpy. We have been monitoring these actors and the phishing websites they created, and recently we noticed that they have started deploying a different Android payload. As Continue Reading