Latest Posts


Over the past few months we have seen a lot of malware activity around the Netcore vulnerability, so we decided to take closer look at its exploitation. The following screen shot shows attack traffic captured through Wireshark. Figure 1 Figure 2 shows a quick enumeration of the sample. (There are different versions of the sample for several architectures. We chose to analyze the MIPS one) Figure 2 My analysis shows that this sample is a variant of the Gafgyt family, with some changes which I will discuss in detail later in this... [Read More]
by RSS Amir Zali  |  Jan 20, 2017  |  Filed in: Security Research
Tags:
Another TKEY record-related bug in BIND has been fixed with a patch from the Internet Systems Consortium (ISC) that was released just after the New Year. This bug may take down BIND recursive servers by sending a simple query response with TKEY record, thereby causing a denial of service (DoS). This potential DoS vulnerability is caused by an assertion failure in Resolver.c when caching the DNS response with TKEY Record. In this post we will analyze the BIND source codes and expose the root cause of this vulnerability. The TKEY record... [Read More]
by RSS Dehui Yin  |  Jan 18, 2017  |  Filed in: Security Research
Fortinet security researcher Kai Lu discovered and reported two critical zero-day vulnerabilities in Adobe Flash Player in November 2016. Adobe identified them as CVE-2017-2926 and CVE-2017-2927 and released a patch to fix them on January 10, 2017. Here is a brief summary of each of these detected vulnerabilities. CVE-2017-2926 This is a memory corruption vulnerability found in Flash Player’s engine when processing MP4 files. Specifically, the vulnerability is caused by a MP4 file with a crafted sample size in the MP4 atom... [Read More]
by RSS Kai Lu  |  Jan 17, 2017  |  Filed in: Security Research
Last month, we found a new android locker malware that launches ransomware, displays a locker screen on the device, and extorts the user to submit their bankcard info to unblock the device. The interesting twist on this ransomware variant is that it leverages the Google Cloud Messaging (GCM) platform, a push notification service for sending messages to registered clients, as part of its C2 infrastructure. It also uses AES encryption in the communication between the infected device and the C2 server. In this blog we provide a detailed analysis... [Read More]
by RSS Kai Lu  |  Jan 16, 2017  |  Filed in: Security Research
The second day of Accelerate continued to raise the bar on both content and vision. Here is a quick overview of the general sessions: Opportunities – Phil Quade, Fortinet CISO Phil Quade recently joined Fortinet after three decades of service in the intelligence community, where he most recently served as the head of the Cyber Task Force at the National Security Agency. After examining key trends in the growth of cyber technologies, Phil provided the Accelerate audience with a unique view into where the accelerating transformation of... [Read More]
by RSS Bill McGee  |  Jan 16, 2017  |  Filed in: Industry Trends & News
Fortinet just announced the winners of their annual Partner of the Year awards. 2016 continued Fortinet’s growth in both revenue and market share, and saw us capture the attention of the security market with our debut of the Fortinet Security Fabric. Our thousands of dedicated partners, who work tirelessly to provide security solutions and services to their customers, has fueled this success. Which is why each year we take the opportunity to thank our entire partner community at our Accelerate conference, and to single out a handful of... [Read More]
by RSS Bill McGee  |  Jan 12, 2017  |  Filed in: Industry Trends & News
If anyone was unsure of Fortinet’s vision for the future of the digital world, or the impact they plan to have on the cybersecurity industry, the first day of Accelerate 2017 left no doubt in anyone’s mind. Network Security Evolution– Ken Xie, Fortinet Founder and CEO The morning kicked off with the primary Keynote from Ken Xie, founder and CEO of Fortinet. He started by walking everyone through the transformation of the Internet and networking over the past 40 years, and drove home a couple of critical points: 1. The... [Read More]
by RSS Bill McGee  |  Jan 11, 2017  |  Filed in: Industry Trends & News
People, things, and ideas, connected together by IoT and the cloud, are driving the new digital economy. This new hyperconnected world is not only changing how companies do business, but also how people work, live, and learn. It is changing the world at an unprecedented rate. What does this hyperconnected world look like? It is estimated that by 2020 we will have deployed over 50 billion networked devices and over 20 billion connected IoT endpoints. That is about 4.3 connected devices for every person on the planet. And each of these devices... [Read More]
by RSS Ken Xie  |  Jan 10, 2017  |  Filed in: Industry Trends & News
The financial potential of the new digital economy is driving the rapid evolution of today’s networks. For decades, the substructure of the network remained relatively unchanged: data traffic was routed from point A to point B over a predictable array of devices, cables, and ports using well established protocols and commands. Over the past couple of years, however, things have begun to change dramatically. Virtualization, Software Defined Networks (SDN), and the cloud have fundamentally changed where data is stored and how it is accessed.... [Read More]
by RSS John Maddison  |  Jan 10, 2017  |  Filed in: Industry Trends & News
Monitoring, managing, and protecting the formless scope and scale of today’s highly distributed and dynamically changing digital enterprise network is a daunting task for IT and Security Operations Teams. The proliferation of IoT and mobile devices, the convergence of IT and OT, and adoption of cloud-based networking and services is making detection and response to threats increasingly difficult, if not impossible with today’s tools. When the network around you is constantly adapting to shifting demands, how do you effectively track... [Read More]
by RSS Michael Reinhart  |  Jan 10, 2017  |  Filed in: Industry Trends & News