vulnerability | Page 6

This is a follow up post on Operation Emmental. If you are not aware of Emmental, please read this white paper, and our previous blog post. I wouldn't deserve to sign my posts as 'the Crypto Girl' if I didn't mention crypto in Android's Emmental malware (Android/Emmental.A!tr.spy) ;) Emmental's code uses Spongy Castle. This is the (famous?) Bouncy Castle crypto library repackaged for Android. It is the first time I encounter the library in mobile malware (but it's possible I missed it in other samples). It also loads an elliptic curve library.... [Read More]
by RSS Axelle Apvrille  |  Oct 30, 2014  |  Filed in: Security Research
[Read More]
by RSS Michael Perna  |  Oct 24, 2014  |  Filed in: Industry Trends
Hackers have been using evasion techniques for years to get malicious payloads past firewalls. Make sure your firewall is set up out of the box to detect these attacks. So-called evasion techniques have been part of the hacker’s toolkit for years. Evasion techniques attempt to confuse, overwhelm, or blind firewalls with unexpected data, letting the bad guys (or bots) circumvent intrusion detection algorithms and launch attacks or sneak malicious payloads past the firewall. Next gen firewalls (NGFWs) are generally designed to, among other things,... [Read More]
by RSS Chris Dawson  |  Oct 09, 2014  |  Filed in: Industry Trends
A few months ago, Tinba’s source code was leaked in the wild. It is now inevitable that a different and enhanced version of it is out there. Tinba, also known as Tiny Banker, made its debut a couple of years ago. Though it is small, it is capable of doing what its big brothers can do. For more details on some of its features, you can read my article posted on Virus Bulletin. 64-bit Injected Code As expected, we have seen some new changes added to the original malware. Tinba is now capable of injecting its code into a 64-bit running process. The... [Read More]
by RSS Raul Alvarez  |  Oct 06, 2014  |  Filed in: Security Research
While the Shellshock story is taking the media by storm, and as the reports of exploitation in the wild start to emerge, some questions about the worse-than-heartbleed infamous bug remain unanswered. "Will there be a Slammer-like worm owning half of the Internet within a few hours?", "Besides Apache, DHCP and SSH, are there other ways to remotely set environment variables?", "Has the NSA known about it for 20 years?", "Are iOS and Android vulnerable?"... While here at FortiGuard Labs, we have our own opinion on all of these questions, the one we... [Read More]
by RSS Guillaume Lovet  |  Sep 26, 2014  |  Filed in: Security Research
[Read More]
by RSS Michael Perna  |  Sep 13, 2014  |  Filed in: Industry Trends
[Read More]
by RSS Michael Perna  |  Aug 29, 2014  |  Filed in: Industry Trends
[Read More]
by RSS Michael Perna  |  Jul 26, 2014  |  Filed in: Industry Trends
The Isolated Heap for DOM objects included in the Microsoft Patch Tuesday for June 2014 was just a fire drill aimed at making the exploitation of use-after-free (UAF) vulnerabilities more difficult. The patch for July 2014, however, has been quite a shock to exploit developers! In this release, Microsoft showed some determination in fighting back against UAF bugs with this improvement - the introduction of a new memory protector in Microsoft Internet Explorer, which would make exploitation of UAF vulnerabilities extremely difficult. An Overview... [Read More]
by RSS Zhenhua 'Eric' Liu  |  Jul 16, 2014  |  Filed in: Security Research
Exploit developers should be very excited recently; lots of big bombs have been dropped to the community. In February, Yang Yu was awarded the Microsoft mitigation bypass bounty, the top prize in Microsoft Bounty Programs. He talked about parts of his mitigation bypass in his presentation at CanSecWest 2014. However, the most interesting part - the so-called "Vital Point Strike" - was just left as blurred pages in his slides. Soonafter, another security researcher, Yuki Chen, published ExpLib2, which is Yuki's exploitation library for Internet... [Read More]
by RSS Zhenhua 'Eric' Liu  |  Jun 16, 2014  |  Filed in: Security Research