zero-day


Summary In December 2016, FortiGuard Labs discovered and reported a WINS Server remote memory corruption vulnerability in Microsoft Windows Server. In June of 2017, Microsoft replied to FortiGuard Labs, saying, "a fix would require a complete overhaul of the code to be considered comprehensive. The functionality provided by WINS was replaced by DNS and Microsoft has advised customers to migrate away from it." That is, Microsoft will not be patching this vulnerability due to the amount of work that would be required. Instead, Microsoft... [Read More]
by RSS Honggang Ren  |  Jun 14, 2017  |  Filed in: Security Research
A Windows 2003 RDP Zero Day Exploit In this blog, the FortiGuard team takes a look at Esteemaudit, which is an exploit that was included in the set of cybertools leaked by the hacker group known as "Shadow Brokers." They claim that they collected this set of cybertools from the compromised data of "Equation Group," a threat actor alleged to be tied to the United States National Security Agency (NSA). Esteemaudit is a Remote Desktop Protocol (RDP) exploit that targets Microsoft Windows Server 2003 / Windows XP. The vulnerability... [Read More]
by RSS Dehui Yin  |  May 11, 2017  |  Filed in: Security Research
Welcome back to our monthly review of some of the most interesting security research publications. Previous edition: March 2017 What happened to your home? IoT Hacking and Forensic with 0-day from TROOPERS 17, by Park and Jin Figure 1: Hacking a vacuum cleaner The authors hacked a vacuum cleaner, which, besides cleaning, also includes an embedded camera and microphone. The hack wasn’t easy because the vacuum wasn’t too badly secured. The authors however found 2 vectors: 1. They connected on the... [Read More]
by RSS Axelle Apvrille  |  May 10, 2017  |  Filed in: Security Research
Introduction Last month, iSightPartners revealed a Microsoft Office zero-day leveraged in a targeted attack by a Russian cyber espionage team. This vulnerability has been patched in Microsoft bulletin MS15-070. CVE-2015-2424 was assigned to this vulnerability. In this blog post, we will discuss the nature of the vulnerability to give some insights to other researchers for understanding and detecting this specific Word vulnerability. Multi-directory entries chaining We first extracted the embedded objects inside the exploit document... [Read More]
by RSS Wayne Chin Yick Low  |  Sep 01, 2015  |  Filed in: Security Research
Introduction Recently, we came across an unknown document exploit which was mentioned in a blogpost by the researcher @ropchain. As part of our daily routines, we decided to take a look to see if there was something interesting about the document exploit. The sample’s SHA1 used in the analysis is FB434BA4F1EAF9F7F20FE6F49C4375E90FA98069. The file we’re investigating is a Word document called amendment.doc. Understanding the vulnerability In fact, the exploit is not widely covered by AV vendors. Thus it becomes more challenging... [Read More]
by RSS Wayne Chin Yick Low  |  Aug 20, 2015  |  Filed in: Security Research
Today, Adobe has released a new announcement of vulnerabilities, 3 of which were discovered by researchers at FortiGuard Labs. Adobe Flash and Shockwave continue to be a challenge for organizations and vendors to keep secure. Memory corruptions can lead to the development of zero-day exploits against systems and there are overlaps in feature sets between versions of Shockwave and Flash. FortiGuard Lab researchers are finding chatter among hacker groups that leads us to believe attackers are still finding Flash and Shockwave as a viable and... [Read More]
by RSS Aamir Lakhani  |  Jul 14, 2015  |  Filed in: Industry Trends
Angler/Flash 0-day FAQ Version 1.1 - Friday, January 23 15:45PST This document will be updated and maintained as new or updated information becomes available. Continue to check this page for updates.   What is Angler? The Angler Exploit Kit (EK) is a toolkit used by malware authors and cybercriminals to deliver other pieces of malware. Typically these exploit kits are used in compromised websites that victims are guided to through links and phishing emails in order to infect victims.  What has happened? Noted malware... [Read More]
by RSS Richard Henderson  |  Jan 22, 2015  |  Filed in: Industry Trends
[Read More]
by RSS Michael Perna  |  Jul 26, 2014  |  Filed in: Industry Trends
[Read More]
by RSS Stefanie Hoffman  |  Jun 28, 2014  |  Filed in: Industry Trends
As a security professional for the past decade, I've seen quite a few evolutions in the threat landscape over the years- as I imagine have most of you. Does the following sound familiar and recent to you? First came enterprise-class anti-virus (AV) tools, then desktop firewalls and anti-spyware protection. With each technical advance, however, would-be attackers changed their tactics -- or morphed the latest virus or Trojan just enough for it to sail past the defenses. It's reached the point where AV and spyware just don't seem able to cope... [Read More]
by RSS David Finger  |  May 21, 2014  |  Filed in: Industry Trends