On-Demand Polymorphic Code In Ransomware

Ransomware is now a common term not only in the security industry, but also in our day-to-day life. A new ransomware seems to pop up almost every given day. What we don’t normally see is how codes are implemented within these malware. Ransomware employs different techniques and attack vectors in order Continue Reading

Turning Network Security Inside Out

Over the years, network security solutions and deployment has been built on the assumption that threats originate outside the enterprise network – trust was put in the internal network, while security was mostly deployed at the perimeter to provide protection from the outside threats and hackers. While security infrastructure has Continue Reading

Analysis of Use-After-Free Vulnerability (CVE-2016-4119) in Adobe Acrobat and Reader

SummaryRecently, Adobe patched some security vulnerabilities in Adobe Acrobat and Reader. One of them is a use-after-free vulnerability (CVE-2016-4119) discovered by Fortinet’s FortiGuard Labs. In this blog, we want to share our analysis of this vulnerability.Proof of ConceptThis vulnerability can be reproduced by opening the PDF file “PoC_decrypt.pdf” with Adobe Continue Reading

Fundamental Rules of Healthcare Security

The year 2015 saw an accelerated rate of change in healthcare security – and many of those changes were not encouraging. On one hand, the availability and usefulness of patient data has skyrocketed – good for healthcare providers but also lucrative for those seeking to use it for nefarious purposes. Continue Reading

How Secure is Your Company’s Financial Data?

Businesses today face an ever-evolving threatscape with growing pressure to rethink security strategies for long-term sustainability. As a result, corporate finance teams are more actively partnering with IT to ensure the organization’s security strategies protect critical financial data. Fortinet’s Araldo Menegon discusses the issues and trends affecting corporate finance teams Continue Reading

Bayrob – An Ancient Evil Awakens

While ransomware has attracted much attention from security researchers lately, other malware hasn’t stopped. They are quietly seizing their own place in the attack market.  This article analyses one of them – “Bayrob”.  Our analysis is based on a new variant of Bayrob. We will discuss its background and describe Continue Reading

Cerber Ransomware Marks Its Presence in the Wild, Catches up with CryptoWall and Locky

FortiGuard Labs uses the data it gathers from its over 2 million security sensors to keep an eye on trends related to ransomware–one of the areas of greatest concern when it comes to cyber security threats today.As a result of this effort, we previously talked about Locky’s rapid rise in prevalence in Continue Reading

Hello, my name is Carl, and it has been 0 days since I was last pwned.

There I said it. Working in the security industry, it can sometime be embarrassing to admit our failings, but in this case it is cathartic.  I just received notification from the excellent HaveIBeenPwned service run by @TroyHunt that my LinkedIn password has been compromised.  I am in good company though.  Continue Reading

Security Considerations for Carriers: What’s on the Horizon?

Not too long ago, carriers had fairly straightforward options for their security: they bought one vendor’s box with the same vendor’s firewall, email filtering, and web application firewalls. Then came the dynamic duo of software defined…