Security Research


Not long after a new strain of the Akuma malware was discovered targeting ZyXEL devices with a new series of login/password attacks, FortiGuard Labs last week also began detecting strange scanning activities on uncommon TCP ports 52869 and 37215. We and other threat research teams quickly began to suspect that these were tied together, and that there was a new botnet out there. [Read More]
by RSS David Maciejak  |  Dec 12, 2017  |  Filed in: Security Research
FortiGuards Labs has spotted a new phishing campaign that targets bitcoin investors by offering Gunbot, a relatively new bitcoin trading bot application. However, instead of being a tool designed to ensure more profit, it serves an Orcus RAT malware that result in the loss of investments and more. [Read More]
by RSS Floser Bacurio and Joie Salvio  |  Dec 07, 2017  |  Filed in: Security Research
Ph0wn, a CTF dedicated to smart devices, is over! It was a real success, with ~70 participants for this first editions. 16 teams of (a max of) 5 lined up for the competition. 11 teams managed to score in at least one challenge - we are sorry for the 5 remaining teams, but hope they had fun nevertheless. Of course, we congratulate the top 3 teams, who deserved their drone & raspberry pi gaming kits as prizes. We would also like to extend congratulations to all participants. We enjoyed the team spirit as well as... [Read More]
by RSS Axelle Apvrille  |  Dec 07, 2017  |  Filed in: Security Research
Plone is a free and open source content management system, and is ranked among the top 2% of all open source projects worldwide. More than 350 solution providers in more than 100 countries currently support it. The project has been actively developed since 2001, is available in more than 40 languages, and has the best security track record of any major CMS. The users (https://plone.com/about/they-use-plone) include the Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA), the Intellectual Property Rights Center, and so on. Earlier... [Read More]
by RSS Zhouyuan Yang  |  Dec 05, 2017  |  Filed in: Security Research
PowerDNS Recursor is a high-end, high-performance resolving name server that powers the DNS resolution of at least a hundred million subscribers. The “Recursor” is one of two name server products whose primary goal is to act as resolving DNS server. On Aug. 7, 2017, I reported an XSS (cross-site scripting) vulnerability to PowerDNS and its Security Team. They assigned it the identifier CVE-2017-15092. In this report I will explain how I was able to identify and trigger the vulnerability. [Read More]
by RSS Chris Navarrete  |  Dec 02, 2017  |  Filed in: Security Research
Fortinet today announced the findings of its latest Global Threat Landscape Report. The research reveals that high botnet reoccurrence rates and an increase of automated malware demonstrate that cybercriminals are leveraging common exploits combined with automated attack methods at unprecedented speed and scale. [Read More]
by RSS Anthony Giandomenico  |  Nov 28, 2017  |  Filed in: Security Research
FortiGuard Labs has been actively monitoring FALLCHILL, validating all its IOCs (indicators of compromise), and providing protection for our customers. In a previous post we provided a high level overview of FALLCHILL. In this research report we dig even further, providing a deep dive analysis of the FALLCHILL Remote Administration Tool (RAT) in order to shed additional light on this threat, and thereby help our customer and the security community at large defend against this threat and similar threats. [Read More]
by RSS Minh Tran  |  Nov 28, 2017  |  Filed in: Security Research
We have organized a Capture The Flag event this week. Codenamed Ph0wn, this CTF is really unique because it is dedicated to smart devices. This CTF is free and takes place this Wednesday, November 29, 2017, starting at 6pm at Campus SophiaTech, Sophia Antipolis, France - where our FortiSmart research team is located. Traditional CTFs include challenges on standard infrastructures: PCs, servers, webservers, etc. And from time to time, some CTFs feature hardware challenges. (We should probably cite Hardwear.io CTF , and RHME3 for automotive.)... [Read More]
by RSS Axelle Apvrille, Alain Forcioli  |  Nov 27, 2017  |  Filed in: Security Research
Only a few days after FortiGuard Labs published an article about a spam campaign exploiting an RTF document, we found another spam campaign using an even more recent document vulnerability, CVE-2017-11882. [Read More]
by RSS Jasper Manual and Joie Salvio  |  Nov 27, 2017  |  Filed in: Security Research
Black Alps 2017 was an inaugural Cyber Security Conference held last November 13 at Y-Parc, Yverdon-les-Bains, Switzerland. With support from previous cyber security events, such as CyberSec Conference and Application Security Forum - Western Switzerland, there is no doubt that Black Alps 2017 is headed for success. The conference lasted for two days, and aimed to discuss the latest threats, mitigations, and advances in cyber security. [Read More]
by RSS Rommel Abraham D Joven  |  Nov 22, 2017  |  Filed in: Security Research