security research


Welcome back to our monthly review of some of the most interesting security research publications. July was very busy with the annual DEFCON and BlackHat US conferences, but also RMLL, the Worldwide Free Software Meeting held this year in France. Past editions: June 2017 May 2017 April 2017 March 2017 Elie Burzstein et al, How We Created the First SHA-1 collision and what it means for hash security video, DEFCON 25 slides and paper With the nickname "Crypto Girl", I obviously had to listen to this... [Read More]
by RSS Axelle Apvrille  |  Sep 07, 2017  |  Filed in: Security Research
Shamoon Timeline The Shamoon virus, also known as Disttrack, surfaced for the first time back in 2012 targeting Middle East Oil companies. It leveraged stolen credentials to gain access, and then exhibited worm-like behavior to spread throughout the entire targeted network. All Shamoon attacks were clearly very carefully planned beforehand, as the attackers had to gain access to legitimate credentials before launching the attack. While most modern malware are focused on monetizing through any way possible, from bitcoin mining to the current... [Read More]
by RSS Douglas Jose Pereira dos Santos, Artem Semenchenko  |  Dec 07, 2016  |  Filed in: Security Research
There have been numerous cases where advanced malware has been linked to significant data breaches. Malware authors employ a variety of techniques to hide their malicious intent, including the use of packing utilities to create “packed malware.” Ladi Adefala, Senior Security Strategist at Fortinet, explains how a real time sandbox can change the game with regard to defending against these sophisticated attacks. What is Packed Malware? Packed malware is one of the most common types of advanced malware, carefully designed to evade... [Read More]
by RSS Ladi Adefala  |  Dec 07, 2016  |  Filed in: Security Q & A
  One month ago we captured a Word document infected with malicious VBA code, which was detected as WM/Agent!tr by the Fortinet AntiVirus service. Its file name is InternalFax.doc, and its MD5 is 4F2139E3961202B1DFEAE288AED5CB8F.  By our analysis, the Word document was used to download and spread the botnet TrickBot. TrickBot aims at stealing online banking information from browsers when victims are visiting online banks. The targeted banks are from Australia, New Zealand, Germany, United Kingdom, Canada, United States, Israel, and... [Read More]
by RSS Xiaopeng Zhang  |  Dec 06, 2016  |  Filed in: Security Research
  Recently, the San Francisco Municipal Transportation Agency, also known as MUNI, was attacked by a new variant of Mamba (a.k.a HDDCryptor) – a disk-encypting ransomware. The incident left their ticketing services with inoperational systems and a note that read, “You Hacked,ALL Data Encrypted,Contact For Key(cryptom27@yandex.com)” Fortinet first discovered Mamba two months ago. Since then, it has been under the radar – until this big attack. We will now take a look at a few irregularities and some new developments... [Read More]
by RSS Joie Salvio  |  Dec 05, 2016  |  Filed in: Security Research
A High-Severity Heap Buffer Overflow vulnerability was recently fixed in a patch  by Openssl Project.  This vulnerability affects the remote SSL servers that support the ChaCha20-Poly1305 cipher suite, and can be exploited to crash the SSL service. This High-Severity Heap Buffer Overflow vulnerability (CVE-2016-7054) is caused by an error when the ChaCha20-Poly1305 cipher suite is decrypting large amounts of application data. We will examine the root cause of this vulnerability in this post. The ChaCha20-Poly1305 cipher suite is... [Read More]
by RSS Dehui Yin  |  Nov 23, 2016  |  Filed in: Security Research
New variants of android banking malware target even more German banks, popular social media apps, and more Summary In my previous blog I provided a detailed analysis of a new android banking malware that spoofed the mobile applications of several large German banks to trick users into revealing their banking credentials. This week I found several new variants of this growing malware, and in this update I am sharing these new findings. Install the malware One of these variants masquerades as another German mobile banking app. Once installed,... [Read More]
by RSS Kai Lu  |  Nov 18, 2016  |  Filed in: Security Research
This was my first time at DefCamp in Romania, and it was definitely a good experience. DefCamp was an interesting mixture of not so technical talks (but with acute insights) and technical ones. Among the "not so technical" ones, I liked the following: Do Tinder bots dream of electric toys? Tinder is a match-making/dating application. Inbar Raz decided to test it. He created a profile according to online guidelines (images with animals, images looking official, etc.) and quickly got many matches. But...it turned out that they... [Read More]
by RSS Axelle Apvrille  |  Nov 18, 2016  |  Filed in: Security Research
VB 2016 Conference was held this year at the Hyatt Regency Hotel in Denver, CO, USA. This conference is an annual event where IT security researchers from around world gather to share their knowledge, learn, and discuss trends in the global threat landscape. This year we had the privilege to attend as well as meet, hang out with, and share ideas with some of the field’s top researchers. The conference scheduled a great lineup of speakers and presentations, so it was tough to pick which topic to attend. We are going to share some here some... [Read More]
by RSS Floser Bacurio Jr. and Rommel Joven  |  Oct 18, 2016  |  Filed in: Industry Trends
We’re into the final quarter of the year, and the cyberthreat landscape continues to be interesting. This week in the Fortinet Threat Intelligence Brief we looked at a number of interesting trends around IoT botnets, continued ransomware problems – both through directed attacks and infected websites, and the spoofing of the Navy Federal US Credit Union. One interesting thing to note is how attacks tend to move from target to target and region to region in waves. This week, for example, we saw a 4X spike in attempts to deliver... [Read More]
by RSS Bill McGee  |  Oct 07, 2016  |  Filed in: Industry Trends