FortiGuard Labs Weekly Threat Update – Week of 27 September 2019

Each week, FortiGuard Labs publishes a Threat Brief to subscribers that profile notable hot topics and threats that were discovered or discussed during the week. Here is a recap of what we are covering in this week’s Threat Brief: Malware and Zero Day Attacks We breakdown our analysis of a Continue Reading

New NetWire RAT Variant Being Spread Via Phishing

A FortiGuard Labs Threat Analysis Background NetWire is a Remote Access Trojan (RAT) malware that has been widely used for many years. Recently, FortiGuard Labs noticed a malware spreading via phishing email, and during the analysis on it, we discovered that it was a new variant of NetWire RAT. In Continue Reading

Get 3CX V16 Update 3 BETA for more security and availability

Posted on: September 20th, 2019 A word from our Development Labs: Work on the latest v16 Update has reached Beta stage! Update 3 Beta has just been released with new security options for SIP trunks, higher availability, per profile Push messages and group chat customization. Download and try this Beta Continue Reading

Nemty Ransomware 1.0: A Threat in its Early Stage

FortiGuard Labs was investigating the Sodinokibi ransomware family, when we came across the newly discovered Nemty Ransomware. Interestingly, as we analyzed this new malware, we also encountered an artifact embedded in its binary that we were very much familiar with since it was also used by the GandCrab ransomware before Continue Reading

WordPress (Core) Stored XSS Vulnerability

FortiGuard Labs Breaking Threat Research Overview WordPress is the world’s most popular Content Management System (CMS). It has 60.4% of the global CMS market share, which is far higher than the second-place Joomla!, which only has 5.2% of the market share. As a result, over a third of all of Continue Reading

Another Local Privilege Escalation (LPE) Vulnerability Using Process Creation Impersonation

Introduction Over the past few months, FortiGuard Labs has been working closely with the Microsoft Security Response Centre (MSRC) to address multiple local privilege escalation (LPE) vulnerabilities that we discovered on the Windows platform. One of the most notable LPE vulnerabilities we reported to MSRC was found on the Windows Continue Reading

Newly Discovered Infostealer Attack Uses LokiBot

The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. It targeted a large US manufacturing company utilizing the well documented infostealer LokiBot. Interestingly enough, this also has a compilation date of August 21st, Continue Reading

FunkyBot: A New Android Malware Family Targeting Japan

Last year, FortiGuard Labs identified a malware campaign targeting Japanese users. The campaign impersonated a logistics company and deployed an Android malware called FakeSpy. We have been monitoring these actors and the phishing websites they created, and recently we noticed that they have started deploying a different Android payload. As Continue Reading

Multiple WordPress Plugins SQL Injection Vulnerabilities

Introduction In July 2019, Fortinet’s FortiGuard Labs discovered and reported nine SQL injection vulnerabilities in nine different popular WordPress plugins across a variety of categories, including advertisement, donation, gallery, forms, newsletter, and video player. These plugins are being actively used by hundreds of thousands of WordPress websites, with some of Continue Reading

The Gamaredon Group: A TTP Profile Analysis

A FortiGuard Labs Threat Analysis FortiGuard Labs recently discovered a fresh malicious campaign being run by the Gamaredon Group possibly targeting Ukrainian law enforcement and government agencies. We decided to provide an analysis of the current campaign, particularly focusing on the tools and methods used by these malicious actors to Continue Reading

>