zero-day


A Windows 2003 RDP Zero Day Exploit In this blog, the FortiGuard team takes a look at Esteemaudit, which is an exploit that was included in the set of cybertools leaked by the hacker group known as "Shadow Brokers." They claim that they collected this set of cybertools from the compromised data of "Equation Group," a threat actor alleged to be tied to the United States National Security Agency (NSA). Esteemaudit is a Remote Desktop Protocol (RDP) exploit that targets Microsoft Windows Server 2003 / Windows XP. The vulnerability... [Read More]
by RSS Dehui Yin  |  May 11, 2017  |  Filed in: Security Research
Welcome back to our monthly review of some of the most interesting security research publications. Previous edition: March 2017 What happened to your home? IoT Hacking and Forensic with 0-day from TROOPERS 17, by Park and Jin Figure 1: Hacking a vacuum cleaner The authors hacked a vacuum cleaner, which, besides cleaning, also includes an embedded camera and microphone. The hack wasn’t easy because the vacuum wasn’t too badly secured. The authors however found 2 vectors: 1. They connected on the... [Read More]
by RSS Axelle Apvrille  |  May 10, 2017  |  Filed in: Security Research
Introduction Last month, iSightPartners revealed a Microsoft Office zero-day leveraged in a targeted attack by a Russian cyber espionage team. This vulnerability has been patched in Microsoft bulletin MS15-070. CVE-2015-2424 was assigned to this vulnerability. In this blog post, we will discuss the nature of the vulnerability to give some insights to other researchers for understanding and detecting this specific Word vulnerability. Multi-directory entries chaining We first extracted the embedded objects inside the exploit document... [Read More]
by RSS Wayne Chin Yick Low  |  Sep 01, 2015  |  Filed in: Security Research
Introduction Recently, we came across an unknown document exploit which was mentioned in a blogpost by the researcher @ropchain. As part of our daily routines, we decided to take a look to see if there was something interesting about the document exploit. The sample’s SHA1 used in the analysis is FB434BA4F1EAF9F7F20FE6F49C4375E90FA98069. The file we’re investigating is a Word document called amendment.doc. Understanding the vulnerability In fact, the exploit is not widely covered by AV vendors. Thus it becomes more challenging... [Read More]
by RSS Wayne Chin Yick Low  |  Aug 20, 2015  |  Filed in: Security Research
Today, Adobe has released a new announcement of vulnerabilities, 3 of which were discovered by researchers at FortiGuard Labs. Adobe Flash and Shockwave continue to be a challenge for organizations and vendors to keep secure. Memory corruptions can lead to the development of zero-day exploits against systems and there are overlaps in feature sets between versions of Shockwave and Flash. FortiGuard Lab researchers are finding chatter among hacker groups that leads us to believe attackers are still finding Flash and Shockwave as a viable and... [Read More]
by RSS Aamir Lakhani  |  Jul 14, 2015  |  Filed in: Industry Trends & News
Angler/Flash 0-day FAQ Version 1.1 - Friday, January 23 15:45PST This document will be updated and maintained as new or updated information becomes available. Continue to check this page for updates.   What is Angler? The Angler Exploit Kit (EK) is a toolkit used by malware authors and cybercriminals to deliver other pieces of malware. Typically these exploit kits are used in compromised websites that victims are guided to through links and phishing emails in order to infect victims.  What has happened? Noted malware... [Read More]
by RSS Richard Henderson  |  Jan 22, 2015  |  Filed in: Industry Trends & News
[Read More]
by RSS Michael Perna  |  Jul 26, 2014  |  Filed in: Industry Trends & News
[Read More]
by RSS Stefanie Hoffman  |  Jun 28, 2014  |  Filed in: Industry Trends & News
As a security professional for the past decade, I've seen quite a few evolutions in the threat landscape over the years- as I imagine have most of you. Does the following sound familiar and recent to you? First came enterprise-class anti-virus (AV) tools, then desktop firewalls and anti-spyware protection. With each technical advance, however, would-be attackers changed their tactics -- or morphed the latest virus or Trojan just enough for it to sail past the defenses. It's reached the point where AV and spyware just don't seem able to cope... [Read More]
by RSS David Finger  |  May 21, 2014  |  Filed in: Industry Trends & News
In nature, predators on the hunt for food often wait by small ponds and marshes for their prey. The reason? Animals of all kinds will inevitably flock to a watering hole out of necessity in order to survive - including vulnerable prey. When that occurs, the predator only has to pounce in order to fulfill its objectives. Wikimedia Commons In short, the watering hole removes the challenge of finding and chasing an elusive target. The same concept applies to watering hole attacks. As the name suggests, watering hole attacks occur when an attacker... [Read More]
by RSS Stefanie Hoffman  |  Oct 23, 2013  |  Filed in: Security 101