Fortinet

FortiGuard is currently investigating a new wave of attacks targeting kingdom of Saudi Arabia organizations that use an updated version of the Shamoon malware (also known as DistTrack.) We described this malware in detail a few months ago in a previous article. The key features of that version remain the same, yet some voluntary changes are taking place: Images used. Shamoon still overwrites files with an image of the drowned Syrian toddler Alan Kurdi, but this time the picture size is different. In November 2016 it was using a picture…

IT teams in the financial services industry have historically invested in, and deployed, web application firewalls (WAFs) to comply with Payment Card Industry Data Security Standards (PCI DSS). However, many of today’s data security professionals recognize that unprotected web applications have become attractive targets for cybercriminals looking for easy entry points into their networks. In fact, according to recent data, 83 percent of enterprise IT executives believe application security is critical to their IT strategy. Additionally,…

I recently wrote about the general sessions held on the first day of Fortinet's Accelerate 2017. There was so much great information presented that I couldn’t do justice to it in the general overview I posted of the morning’s events. So I wanted to take a few minutes and provide some deeper information around one of the best sessions of the day – the customer panel.

Summary Last year, I discovered and reported two Cross-Site Scripting (XSS) vulnerabilities in IBM’s Infosphere BigInsights. This week, IBM released a security bulletin which contains the fix for these vulnerabilities. CVE numbers CVE-2016-2924 and CVE-2016-2992 are assigned to them respectively. InfoSphere BigInsights is an analytics platform for analyzing massive volumes of unconventional data in its native format. The software enables advanced analysis and modeling of diverse data, and supports structured, semi-structured, and unstructured…

HIMSS 2017 will be held in Orlando from February 19-23. Read this post to learn about Fortinet’s involvement in the convention.

Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part II: Analysis of The Scope of Java By Kai Lu   In part I of this blog, we have finished the analysis of native layer and gotten the decrypted secondary dex file. Next, we continue to analysis it. For the sake of continuity, we keep continuous section number and figure number with part I of the blog.     The secondary dex file The following is the decrypted file, which is a jar format file.  It is loaded…

Recently, we found a new Android rootnik malware which uses open-sourced Android root exploit tools and the MTK root scheme from the dashi root tool to gain root access on an Android device. The malware disguises itself as a file helper app and then uses very advanced anti-debug and anti-hook techniques to prevent it from being reverse engineered. It also uses a multidex scheme to load a secondary dex file. After successfully gaining root privileges on the device, the rootnik malware can perform several malicious behaviors, including app and ad…

As technology within the financial services industry continues to evolve, so too does the threat landscape. Fortinet offers cybersecurity predictions for 2017.