Earlier this month, FortiGuard Labs researchers published findings about a malware campaign exploiting a PowerPoint vulnerability. Cybercriminals, however, are equal opportunity exploiters, so just recently an interesting targeted malware campaign was found to be using another document vulnerability. Only this time, it’s a Hangul Word Processor (HWP) document leveraging the already known CVE-2015-2545 Encapsulated PostScript (EPS) vulnerability. [Read More]
by RSS Joie Salvio and Jasper Manuel  |  Sep 20, 2017  |  Filed in: Security Research
[Read More]
by RSS Michael Perna  |  Oct 17, 2014  |  Filed in: Industry Trends
Shortly after 10:00am Jun 25th 2013, many government websites from South Korea were not accessible. It was actually caused by the malware performing ddos attack on 2 major DNS servers (ns.gcc.go.kr and ns2.gcc.go.kr). Original Attack Vector During the investigation, we managed to find the original attack sample which was served by a compromised website at that time (simdisk.co.kr). The downloaded file named SimDisk_setup.exe turned out to be a self-extracting RAR file. In this SFX RAR file were sitting 2 files: Simdiskup.exe file SimDiskup.exe... [Read More]
by RSS Kyle Yang  |  Jul 14, 2013  |  Filed in: Security Research