Fortinet

Credit to Author: Richard Orgias| Date: Mon, 15 May 2017 08:13:46 -0700

Digital Transformation is Happening Now Digital Transformation is a subject on the minds of CEOs everywhere as they seek to improve business results and align more closely with the needs and the expectations of their customers. And why not? Businesses large and small are adopting digital practices that a recent McKinsey study shows delivers, on average, five times more revenue and eight times more profitability than peer companies. The appeal of improved revenues, greater profitability, and higher levels of customer engagement underpins a shift…

Credit to Author: Bill McGee| Date: Fri, 12 May 2017 19:37:03 -0700

Ransomware has become the fastest growing malware threat, targeting everyone from home users to healthcare systems to corporate networks. Tracking analysis shows that there has been an average of more than 4,000 ransomware attacks every day since January 1, 2016.

Credit to Author: Phil Quade| Date: Thu, 11 May 2017 15:35:35 -0700

President Trump just signed a new cybersecurity Executive Order that has important implications, not only for federal agencies, but for Critical Infrastructures as well.

Credit to Author: Dehui Yin| Date: Thu, 11 May 2017 12:13:08 -0700

A Windows 2003 RDP Zero Day Exploit In this blog, the FortiGuard team takes a look at Esteemaudit, which is an exploit that was included in the set of cybertools leaked by the hacker group known as "Shadow Brokers." They claim that they collected this set of cybertools from the compromised data of "Equation Group," a threat actor alleged to be tied to the United States National Security Agency (NSA). Esteemaudit is a Remote Desktop Protocol (RDP) exploit that targets Microsoft Windows Server 2003 / Windows XP. The vulnerability…

Credit to Author: John Maddison| Date: Thu, 11 May 2017 06:42:08 -0700

Far too often, security tools are wrapped in marketing language that doesn’t always effectively communicate—or sometimes, even intentionally obscures—what a device or tool is able to do. Visit any security trade show and you are going to be overwhelmed by devices claiming to be “cloud enabled” or that offer “advanced threat intelligence.” But what do those terms mean? The same is true for entire classes of products.

Credit to Author: Axelle Apvrille| Date: Wed, 10 May 2017 09:08:47 -0700

Welcome back to our monthly review of some of the most interesting security research publications. Previous edition: March 2017   What happened to your home? IoT Hacking and Forensic with 0-day from TROOPERS 17, by Park and Jin Figure 1: Hacking a vacuum cleaner The authors hacked a vacuum cleaner, which, besides cleaning, also includes an embedded camera and microphone. The hack wasn’t easy because the vacuum wasn’t too badly secured. The authors however found 2 vectors: 1. They connected on the…

Credit to Author: Xiaopeng Zhang| Date: Tue, 09 May 2017 11:11:59 -0700

This is the second part of FortiGuard Labs’ deep analysis of the new Emotet variant. In the first part of the analysis we demonstrated that by bypassing the server-side Anti-Debug or Anti-Analysis technique we could download three or four modules (.dll files) from the C&C server. In that first blog we only analyzed one module (I named it ‘module2’). In this blog, we’ll review how the other modules work. Here we go.

Credit to Author: Xiaopeng Zhang| Date: Wed, 03 May 2017 09:41:26 -0700

Background Last week, FortiGuard Labs captured a JS file that functions as a malware downloader to spread a new variant of the Emotet Trojan. Its original file name is Invoice__779__Apr___25___2017___lang___gb___GB779.js.  A JS file, as you may be aware, is a JavaScript file that can be executed by a Window Script Host (wscript.exe) simply by double-clicking on it. In this blog we will analyze how this new malware works by walking through it step by step in chronological order. A JS file used to spread malware The original JS code…