Nemty Ransomware 1.0: A Threat in its Early Stage

FortiGuard Labs was investigating the Sodinokibi ransomware family, when we came across the newly discovered Nemty Ransomware. Interestingly, as we analyzed this new malware, we also encountered an artifact embedded in its binary that we were very much familiar with since it was also used by the GandCrab ransomware before Continue Reading

WordPress (Core) Stored XSS Vulnerability

FortiGuard Labs Breaking Threat Research Overview WordPress is the world’s most popular Content Management System (CMS). It has 60.4% of the global CMS market share, which is far higher than the second-place Joomla!, which only has 5.2% of the market share. As a result, over a third of all of Continue Reading

Another Local Privilege Escalation (LPE) Vulnerability Using Process Creation Impersonation

Introduction Over the past few months, FortiGuard Labs has been working closely with the Microsoft Security Response Centre (MSRC) to address multiple local privilege escalation (LPE) vulnerabilities that we discovered on the Windows platform. One of the most notable LPE vulnerabilities we reported to MSRC was found on the Windows Continue Reading

Newly Discovered Infostealer Attack Uses LokiBot

The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. It targeted a large US manufacturing company utilizing the well documented infostealer LokiBot. Interestingly enough, this also has a compilation date of August 21st, Continue Reading

Preparation Requires Prioritizing Threats

As the attack methods and strategies of our cyber adversaries continue to expand, organizations must stay ahead of those threats most likely to affect individual networks and connected resources. According to Fortinet’s most recent global Threat Landscape Report, not only are cybercriminals using new attack methods (even for older attacks), Continue Reading

FunkyBot: A New Android Malware Family Targeting Japan

Last year, FortiGuard Labs identified a malware campaign targeting Japanese users. The campaign impersonated a logistics company and deployed an Android malware called FakeSpy. We have been monitoring these actors and the phishing websites they created, and recently we noticed that they have started deploying a different Android payload. As Continue Reading

Tracking Down a Big Phish

A FortiGuard SE Threat Research Blog     As a threat researcher, I have learned that continually monitoring malicious activities often provides unique insights into criminal behavior. This is due to three things. First, threat actors tend to be more like sheep than mavericks because they work in clusters. I don’t Continue Reading

Multiple WordPress Plugins SQL Injection Vulnerabilities

Introduction In July 2019, Fortinet’s FortiGuard Labs discovered and reported nine SQL injection vulnerabilities in nine different popular WordPress plugins across a variety of categories, including advertisement, donation, gallery, forms, newsletter, and video player. These plugins are being actively used by hundreds of thousands of WordPress websites, with some of Continue Reading

Securing Your Dynamic Cloud Strategy

Historically, the transition from older technology to new technology is pretty straightforward. While a handful of folks using an Underwood manual typewriter may have been reluctant to give them up, the majority of users were eager to switch to an electric model. Today, people line up around the block to Continue Reading

Simplifying Back to School Security with SD-WAN and SD-Branch

School is back in session with the second busiest retail season of the year, and technology sales—along with digital subscriptions to applications and services—are predicted to show double-digit growth this fall. Students of all ages, from kindergarten to college, are buying iPads and laptops and subscribing to SaaS applications to better Continue Reading

>