microsoft


In the blog we posted on March 22, FortiGuard Labs introduced a new Word Macro malware sample that targets both Apple Mac OS X and Microsoft Windows. After deeper investigation of this malware sample, we can confirm that after a successful infection the post-exploitation agent Meterpreter is run on the infected Mac OS X or Windows system. Meterpreter is part of the Metasploit framework. More information about Meterpreter can be found here. For this to work, the attacker’s server must be running Metasploit as the controller to control the... [Read More]
by RSS Chris Navarrete & Xiaopeng Zhang  |  Mar 29, 2017  |  Filed in: Security Research
All users of vulnerable versions of the Microsoft Windows Server are encouraged to upgrade to the latest version of this software. Additionally, organizations that have deployed Fortinet IPS solutions are already protected from this vulnerability. [Read More]
by RSS Honggang Ren  |  Mar 23, 2017  |  Filed in: Security Research
On March 16, FortiGuard Labs captured a new Word file that spreads malware by executing malicious VBA (Visual Basic for Applications) code. The sample targeted both Apple Mac OS X and Microsoft Windows systems. We then analyzed the sample, and in this blog we are going to explain how it works, step by step. When the Word file is opened, it shows notifies victims to enable the Macro security option, which allows the malicious VBA code to be executed. Malicious Word File is Opened Figure 1. Asks victim to enable Macro security option Once... [Read More]
by RSS Xiaopeng Zhang & Chris Navarrete  |  Mar 22, 2017  |  Filed in: Security Research
Over the last few years we have received a number of emails with attached Word files that spread malware.  Now it seems that it is becoming more and more popular to spread malware using malicious Excel files. Lately, Fortinet has collected a number of email samples with Excel files attached (.xls, .xlsm) that spread malware by executing malicious VBA (Visual Basic for Applications) code. VBA is a programming language used by Microsoft Office suite. Normally, VBA is used to develop programs for Excel to perform some tasks. I’ll use... [Read More]
by RSS Xiaopeng Zhang  |  Mar 08, 2017  |  Filed in: Security Research
Remcos is another RAT (Remote Administration Tool) that was first discovered being sold in hacking forums in the second half of 2016. Since then, it has been updated with more features, and just recently, we’ve seen its payload being distributed in the wild for the first time. This article demonstrates how this commercialized RAT is being used in an attack, and what its latest version (v1.7.3) is capable of doing. Remcos is currently being sold from $58 to $389, depending on the license period and the maximum number of masters or clients... [Read More]
by RSS Floser Bacurio and Joie Salvio  |  Feb 14, 2017  |  Filed in: Security Research
Microsoft Ignite – Australia – Gold Coast Convention and Exhibition February 14-17th https://msftignite.com.au/ Is cloud the new normal for your enterprise? Are you moving more and more applications into the cloud? Have you asked yourself how you are securing your data in this new world of cloud? Scalability and flexibility are the key drivers of Cloud networking and computing. With more and more business transitioning to public cloud environments, the cloud is becoming an increasingly attractive target for hackers... [Read More]
by RSS Katrina Fox  |  Feb 07, 2017  |  Filed in: Industry Trends & News
Last month I discovered and reported an integer overflow vulnerability in the Windows Registry. Last Tuesday, October 25th, Microsoft released Security Bulletin MS16-124, which contains the patch for this vulnerability, and identifies it as CVE-2016-0070. This vulnerability could lead to local privilege elevation, and is rated as “Important” by Microsoft. The vulnerability affects multiple Windows versions, and Microsoft has recommended installing this update immediately. In this blog I will share the details of this vulnerability. How... [Read More]
by RSS Honggang Ren  |  Oct 31, 2016  |  Filed in: Security Research
Fortinet and Microsoft today announced an extension of their partnership to protect the cloud environments of their joint government customers. The US Federal Government sets the world’s highest security standards for data protection. Other public institutions, like state and local governments, police, and fire departments, follow these standards as well to protect the citizenry they serve. Partnering to Deliver Cloud Security for Government Organizations Fortinet and Microsoft are committed to delivering world-class security to... [Read More]
by RSS John Welton  |  Oct 27, 2016  |  Filed in: Industry Trends & News
Recently we received a SPAM with an attachment, which is a password-protected Word document. Its MD5 is 6619356e9e0c9d2445bf777a8bea5d6a, which is detected as “WM/Agent.60F9!tr” by the Fortinet AntiVirus service. When the document is opened, the attached malicious VB script code is executed and additional malware is created and executed. Based on our analysis, this is information-stealing malware. In this blog, we’ll show you how the malware works, what information is stolen from a victim’s system, and how the stolen data... [Read More]
by RSS Xiaopeng Zhang  |  Oct 24, 2016  |  Filed in: Security Research
Over the last 18-24 months the embrace of public cloud for critical workloads has transitioned from the “investigative” stage to “plan of record” for the majority of organizations.  Still, mysteries and major questions remain – especially when it comes to securing your cloud workloads.  Microsoft understands the needs of their customers to secure their cloud workload and has developed a great toolset to make securing Microsoft Azure simple and straightforward – Azure Security Center (ASC).  ASC... [Read More]
by RSS Warren Wu  |  Aug 05, 2016  |  Filed in: Industry Trends & News