google


Black Alps 2017 was an inaugural Cyber Security Conference held last November 13 at Y-Parc, Yverdon-les-Bains, Switzerland. With support from previous cyber security events, such as CyberSec Conference and Application Security Forum - Western Switzerland, there is no doubt that Black Alps 2017 is headed for success. The conference lasted for two days, and aimed to discuss the latest threats, mitigations, and advances in cyber security. [Read More]
by RSS Rommel Abraham D Joven  |  Nov 22, 2017  |  Filed in: Security Research
Recently, the FortiGuard Labs team noticed that one of the most successful applications on the market, “WhatsApp Messenger” developed by “WhatsApp Inc.”, has been the target of a lot of attention by scammers and criminals alike. [Read More]
by RSS Dario Durando  |  Nov 08, 2017  |  Filed in: Security Research
Part I: How to Unpack the Malware App This past January I performed a deep analysis of an Android rootnik malware variant and posted them to this blog. Since then, I have continued to monitor this Android malware family. In early June, FortiGuard Labs found a new variant of the Android rootnik malware that disguises itself as a legal app. It then uses open-sourced Android root exploit tools to gain root access on an Android device. To be clear, this malware was NOT found in Google Play. The developer of the malware app repackaged a legal app... [Read More]
by RSS Kai Lu  |  Jul 09, 2017  |  Filed in: Security Research
During a 2015 event at the Northwestern Institute for Policy Research, participating panelists discussed the digital revolution and the classroom’s exposure to it. At the time, school districts had begun to adopt 1:1 policies, where each student would have access to laptops or tablets. Google was at the forefront of this surge, gaining a healthy chunk of new users each year across the education industry. Today, the formidable duo of the Google Chromebook and the G Suite for Education has changed the way education is approached. In this... [Read More]
by RSS Susan Biddle  |  Jul 07, 2017  |  Filed in: Industry Trends
    In our last blog in this series, we discussed FortiGuard Labs’ participation in Google’s second annual Capture The Flag (CTF) competition. In this blogpost, I want to share how I solved another challenge, called“ASCII Art Client”. ChallengeDescription For this challenge, participants were given two files: a binary file aart_client and a network capture aart_client_capture.pcap. File1: aart_client File2: aart_client_capture.pcap The goal of the challenge was: This client displays nice... [Read More]
by RSS Honggang Ren  |  Jun 25, 2017  |  Filed in: Security Research
This past June 17th and 18th, 2017, Google hosted their second annual Capture The Flag (CTF) competition. The Google team created security challenges and puzzles that contestants were able to earn points for solving. It’s a clever way to leverage the security community to help protect Google users, and the web as a whole. Last year, over 2,400 teams competed, and this year the number was even higher. FortiGuard Labs decided to pull together a team and then write up a report on the experience. So, first things first, this challenge was... [Read More]
by RSS Kushal Arvind Shah  |  Jun 21, 2017  |  Filed in: Security Research
Recently, we found a new Android rootnik malware which uses open-sourced Android root exploit tools and the MTK root scheme from the dashi root tool to gain root access on an Android device. The malware disguises itself as a file helper app and then uses very advanced anti-debug and anti-hook techniques to prevent it from being reverse engineered. It also uses a multidex scheme to load a secondary dex file. After successfully gaining root privileges on the device, the rootnik malware can perform several malicious behaviors, including app and ad... [Read More]
by RSS Kai Lu  |  Jan 26, 2017  |  Filed in: Security Research
Last month, we found a new android locker malware that launches ransomware, displays a locker screen on the device, and extorts the user to submit their bankcard info to unblock the device. The interesting twist on this ransomware variant is that it leverages the Google Cloud Messaging (GCM) platform, a push notification service for sending messages to registered clients, as part of its C2 infrastructure. It also uses AES encryption in the communication between the infected device and the C2 server. In this blog we provide a detailed analysis... [Read More]
by RSS Kai Lu  |  Jan 16, 2017  |  Filed in: Security Research
Google fixed a denial of service vulnerability in Minikin library (CVE-2016-2414) with the Android patches of this month. I reported this vulnerability to Google in early March, 2016 and Google confirmed it was a duplicated report of bug 26413177 which had been reported by another researcher in November, 2015. In this blog, we will provide an in-depth analysis of this vulnerability. It exists because the Minikin library fails to parse .TTF font files correctly. As a result, it could allow a local attacker... [Read More]
by RSS Kai Lu  |  Apr 13, 2016  |  Filed in: Security Research
It was a morning like lots of others...I was headed to the airport for a week in our home office, so I got an early start, checked on the sheep on the way out (yes, sheep), and got on the road. Aside from being ridiculously early, the ride was uneventful until I got to my exit for the Mass Pike. That's I-90 for those of you outside Massachusetts and, when traffic is good (like at 4:30 in the morning), it's the fastest, easiest way to the airport. And the exit was closed. Well darn. I had Google Maps running, not because I didn't know... [Read More]
by RSS Chris Dawson  |  Sep 28, 2015  |  Filed in: Industry Trends