word


In every country and region in the world, tax season is also a time when we see a spike in scams, phishing, and targeted malware. The tax return season in the US is coming to the end. Have you filed your tax return yet? Did you receive any notifications from the IRS (the Internal Revenue Service) in your email?  We did, but not from the real IRS. (Remember, the IRS never communicates important information with taxpayers by email.) FortiGuard Labs recently collected a number of malware samples related to the current tax season in the US.... [Read More]
by RSS Xiaopeng Zhang  |  Apr 13, 2017  |  Filed in: Security Research
In the blog we posted on March 22, FortiGuard Labs introduced a new Word Macro malware sample that targets both Apple Mac OS X and Microsoft Windows. After deeper investigation of this malware sample, we can confirm that after a successful infection the post-exploitation agent Meterpreter is run on the infected Mac OS X or Windows system. Meterpreter is part of the Metasploit framework. More information about Meterpreter can be found here. For this to work, the attacker’s server must be running Metasploit as the controller to control the... [Read More]
by RSS Chris Navarrete & Xiaopeng Zhang  |  Mar 29, 2017  |  Filed in: Security Research
UPDATE: Microsoft has updated the list of Office products affected by this vulnerability: https://technet.microsoft.com/library/security/ms15-046  Although Microsoft recently released Office 2016, legacy versions of the popular productivity suite are still common in both business and home settings. Extended support for Office 2007, for example, does not end for almost two more years. FortiGuard Labs recently disclosed a “use-after-free” vulnerability in Microsoft Office 2007. Other versions may be affected, but researchers... [Read More]
by RSS Aamir Lakhani  |  Oct 15, 2015  |  Filed in: Security Research
Introduction Recently, we came across an unknown document exploit which was mentioned in a blogpost by the researcher @ropchain. As part of our daily routines, we decided to take a look to see if there was something interesting about the document exploit. The sample’s SHA1 used in the analysis is FB434BA4F1EAF9F7F20FE6F49C4375E90FA98069. The file we’re investigating is a Word document called amendment.doc. Understanding the vulnerability In fact, the exploit is not widely covered by AV vendors. Thus it becomes more challenging... [Read More]
by RSS Wayne Chin Yick Low  |  Aug 20, 2015  |  Filed in: Security Research
Organizations these days have their hands full with security and management challenges brought about by the Bring Your Own Device phenomenon. But why stop at devices? Good question. In fact, the same culture of innovation and self-reliance, spurred by BYOD, has increasingly translated to applications. And as such, users are pushing the trend to its limits by introducing their own applications into the workplace to meet their needs. The burgeoning Bring Your Own Application (BYOA) trend appears to be a natural and logical extension of BYOD--and... [Read More]
by RSS Stefanie Hoffman  |  Aug 31, 2012  |  Filed in: Industry Trends