Fortinet

Credit to Author: Amy Thompson| Date: Tue, 11 Jul 2017 12:58:00 +0000

Ransomware has recently reasserted itself into the public eye in a big way. The May cyberattack carried out by the malware WannaCry was one of the worst ransomware attacks ever, affecting over 300,000 computers operating MS Windows around the world. Unfortunately, the attack has once again demonstrated that far too many organizations do not have an effective security protocol in place, or do not take it seriously until after disaster strikes. In this case, the Microsoft vulnerability exploited by WannaCry had been patched in March, but many users…

Credit to Author: Aamir Lakhani| Date: Mon, 10 Jul 2017 12:58:00 +0000

The cloud is an increasingly attractive prospect for federal agencies, but many still have unanswered questions about how public cloud security stacks up. With the president’s recent cybersecurity executive order emphasizing the shift to the cloud, agencies will have to move quickly to comply. Below are five questions that federal technology buyers should ask public cloud providers to see if they have what it takes to store and manage federal data securely. 1. Do you allow auditing or pen testing in your environment? Many customers are…

Credit to Author: Kai Lu| Date: Sun, 09 Jul 2017 14:00:00 +0000

Part I: How to Unpack the Malware App This past January I performed a deep analysis of an Android rootnik malware variant and posted them to this blog. Since then, I have continued to monitor this Android malware family. In early June, FortiGuard Labs found a new variant of the Android rootnik malware that disguises itself as a legal app. It then uses open-sourced Android root exploit tools to gain root access on an Android device. To be clear, this malware was NOT found in Google Play. The developer of the malware app repackaged a legal app…

Credit to Author: Kai Lu| Date: Sun, 09 Jul 2017 14:00:00 +0000

In part I of this blog, I finished the analysis of the native layer of a newly discovered Rootnik malware variant, and got the decrypted real DEX file. Here in part II, we will continue our analysis. A look into the decrypted real DEX file The entry of the decrypted DEX file is the class demo.outerappshell.OuterShellApp. The definition of the class OuterShellApp is shown below. Figure 1. The class demo.outerappshell.OuterShellApp We will first analyze the function attachBaseContext(). The following is the function aBC() in the class…

Credit to Author: Kai Lu| Date: Sun, 09 Jul 2017 14:00:00 +0000

In this final blog in the Rootnik series we will finish our analysis of this new variant. Let’s start by looking into the script shell rsh. Analysis of the script shell Through our investigation we are able to see how the script shell works: First, it writes the content of the file .ir into /system/etc/install-recovery.sh. The file install-recovery.sh is a startup script. When the android device is booted, the script can be executed. The following is the content of the file .ir. Next, it writes some files…

Credit to Author: Gabriel Hung and Margarette Joven| Date: Sat, 08 Jul 2017 12:00:00 +0000

Last week we started our technical analysis on Petya (also called NotPetya) and its so-called “killswitch.” In that blog post we mentioned that Petya looks for a file in the Windows folder that has the same filename (no extension) as itself (for example: C:WindowsPetya). If it exists, it terminates by calling ExitProcess. If it doesn't exist, it creates a file with the attribute DELETE_ON_CLOSE. This seems to imply that instead of a killswitch, this file is meant to be a marker to check and see if the system has already been infected. After…

Credit to Author: Raul Alvarez| Date: Sat, 08 Jul 2017 12:00:00 +0000

There have already been a lot of write-ups for the NotPetya malware. This article is just a supplement for what is already out there. Our focus is to highlight some key differences between a previous strain of the Petya ransomware and the malware that scared everyone a few weeks ago, which is now sometimes being referred to as NotPetya. I posted a blog post a couple of months ago about the MBR (Master Boot Record) infected by Petya. I explained how the ransomware infected the boot process and how it executed its own kernel code. In this post,…

Credit to Author: Bill McGee| Date: Fri, 07 Jul 2017 12:58:00 +0000

One of the toughest gigs in IT is the job of keeping an organization’s network safe. It is also one that is getting tougher with the rise of the millennial generation. Millennials – those in their 20s to mid-30s – are starting to dominate workplaces around the world. More than one-in-three workers in the US are millennials, a 2015 study by Pew Research Center found. And this demographic group will account for half of the global workforce by 2020, according to PwC. The term “millennial” has many connotations. Among them: They…