Security Research


In this blog post, we will get into the details of the implementation of Spectre, the exploit that targets the vulnerbilities found in CPUs built by AMD, ARM, and Intel. We assume you are familiar with the concept of the attack, and you can inspect the Proof of Concept source code provided in the Appendix of the paper linked above. You might also find it easier to read this blog post with the source code side by side. [Read More]
by RSS Axelle Apvrille  |  Jan 17, 2018  |  Filed in: Security Research
There is an incredible urgency for organizations, especially those undergoing digital transformation, to reprioritize security hygiene and identify emerging risks. However, as the volume, velocity, and automation of attacks continues to increase, it is also becoming increasingly important to align patching prioritization to what is happening in the wild so you can better focus your limited resources on the most critical and emerging risks. [Read More]
by RSS Anthony Giandomenico  |  Jan 17, 2018  |  Filed in: Industry Trends, Security Research
A recent Cyber Threat Alliance blog by Michael Daniel discussed the evolution of ransomware and the IoT. Read this post to learn more. [Read More]
by RSS Jeannette Jarvis  |  Jan 15, 2018  |  Filed in: Industry Trends, Security Research
Welcome back to our monthly review of some of the most interesting security research publications. [Read More]
by RSS Axelle Aprville  |  Jan 14, 2018  |  Filed in: Security Research
  Introduction 2018 truly is starting off with a bang: fundamental CPU flaws dubbed Meltdown and Spectre were found affecting pretty much all modern processors developed since the Pentium Pro (1995). These flaws root in two critical CPU features: Out of Order Execution and Speculative Execution, which are crucial for performance. Since this is an important feature and not a bug, it is inherently hard to fix. Furthermore, for performance reasons, speculative execution is almost always implemented in hardware, so “fixes”... [Read More]
by RSS Minh Tran  |  Jan 12, 2018  |  Filed in: Security Research
OpenSSL is a widely used library for SSL and TLS protocol implementation that secures data using encryption and decryption based on cryptographic functions. However, a Security Bypass vulnerability – recently addressed in a patch by the OpenSSL Project –can be exploited to make vulnerable SSL clients or remote SSL servers send clean application data without encryption. This Security Bypass vulnerability (CVE-2017-3737) is caused by an error when the SSL_read or SSL_write function handles an "error state" during an SSL handshake.... [Read More]
by RSS Dehui Yin  |  Jan 12, 2018  |  Filed in: Security Research
Earlier this week, it was announced that researchers uncovered two new side channel attacks that exploit newly discovered vulnerabilities found in most CPU processors, including those from Intel, AMD, and ARM. These vulnerabilities allow malicious userspace processes to read kernel memory, thereby potentially causing sensitive kernel information to leak. These vulnerabilities are known as Meltdown and Spectre. [Read More]
by RSS Fortinet  |  Jan 04, 2018  |  Filed in: Business and Technology, Security Research
In this blog post, we will discuss the history of sandbox detection. We will then unveil the malware families that KTIS has observed from spear-phishing emails that attempt to bypass the user-mode API hook in order to evade sandbox detection. And finally, we will share the mitigation method we use to harden the Cuckoo sandbox against this bypass technique. [Read More]
by RSS Floser Bacurio and Wayne Low  |  Jan 03, 2018  |  Filed in: Security Research
To predict the future, simply look at the past. With that in mind, here’s a quick overview of the current state of cybersecurity, along with what lies on the horizon and what organizations can do to secure their networks. [Read More]
by RSS Anthony Giandomenico  |  Jan 02, 2018  |  Filed in: Industry Trends, Security Research
FortiGuard Labs continues to investigate a series of attacks on Bitcoin users. In our first blog, we provided a deep analysis of malicious samples from the Bitcoin Orcus RAT campaign. In this second part, we recreate the full path of a multistage complex attack, shed some light on some other activities of these criminal actors, and reveal their possible identities. Failed attempt Bitcointalk.org is a popular place to trade for bitcoins. In 2015 there was a simple and straightforward attack on its users. Somebody registered a... [Read More]
by RSS Artem Semenchenko and Evgeny Ananin  |  Dec 22, 2017  |  Filed in: Security Research