Patch Your Adobe Shockwave Player: Fortinet Discovers Seven Zero-Day Remote Code Execution Vulnerabilities

A FortiGuard Labs Breaking Threat Research Report On the April 9, 2019, Adobe released security bulletin APSB19-20, which patches seven Adobe Shockwave Player vulnerabilities. All of them were discovered by FortiGuard Labs researcher Honggang Ren and reported to Adobe by following Fortinet’s responsible disclosure process. The CVE numbers assigned to Continue Reading

Patch Your Microsoft Windows and Office: Fortinet Discovers Three Zero-Day Remote Code Execution Vulnerabilities

A FortiGuard Labs Breaking Threat Research Report On the April 9, 2019 Patch Tuesday, Microsoft released patches for several vulnerabilities in Windows and Office. Three of them were discovered and reported by FortiGuard Labs researcher Honggang Ren by following Fortinet’s responsible disclosure process. The CVE numbers assigned to them are Continue Reading

Analysis of a Fresh Variant of the Emotet Malware

Breaking Threat Analysis research paper by FortiGuard Labs     Emotet is not a new malware family. In fact, it’s been around for several years. We captured a JS file spreading Emotet in 2017, which I then analyzed it and published two research papers on it, Part I and Part II. Continue Reading

.Net RAT Malware Being Spread by MS Word Documents

Breaking Threat Research from FortiGuard Labs Just days ago, Fortinet’s FortiGuard Labs captured a malicious MS Word document from the wild that contains auto-executable malicious VBA code that can spread and install NanoCore RAT software on a victim’s Windows system. NanoCore RAT was developed in the .Net framework, and the latest Continue Reading

Deep Analysis of New Poison Ivy Variant

Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was being spread through a compromised PowerPoint file. We captured a PowerPoint file named Payment_Advice.ppsx, which is in OOXML format. Once the victim opens this file using the MS PowerPoint program, the malicious code contained in Continue Reading

Google Chromebook Security: At The Forefront of Education Discussions

During a 2015 event at the Northwestern Institute for Policy Research, participating panelists discussed the digital revolution and the classroom’s exposure to it. At the time, school districts had begun to adopt 1:1 policies, where each student would have access to laptops or tablets. Google was at the forefront of Continue Reading

Security Research News in Brief – May 2017 Edition

Welcome back to our monthly review of some of the most interesting security research publications. This month, let’s do a bit of crypto… Past editions: Rowhammer is an attack on DRAM, which consists in repeatedly accessing given rows of the DRAM to cause random bit flips in adjacent rows. Until now, the attack Continue Reading

How the Pharmaceutical Industry Can Gain from Mobile

When looking at the impact that technology, research, and innovation have had on medicine through the past few centuries, it is wild to see how much practices have changed in the diagnosing and treatment of patients. The Pharmaceutical Industry has skyrocketed in the past century as the medicine being prescribed is becoming more powerful Continue Reading

Security Research News in Brief – April 2017 Edition

Welcome back to our monthly review of some of the most interesting security research publications. Previous edition: March 2017 Figure 1: Hacking a vacuum cleaner The authors hacked a vacuum cleaner, which, besides cleaning, also includes an embedded camera and microphone. The hack wasn’t easy because the vacuum wasn’t too Continue Reading

Bladabindi Remains A Constant Threat By Using Dynamic DNS Services

The Fortinet research team has been developing a industrial-grade analysis system that allows us to concentrate information from samples collected from a variety of sources. Using this tool, we recently started to see the recurrence of URLs from the domains hopto.org and myftp.biz. In most cases, each sample was connected Continue Reading

>