{"id":14600,"date":"2019-10-01T09:08:16","date_gmt":"2019-10-01T03:38:16","guid":{"rendered":"https:\/\/www.technologyforyou.org\/?p=14600"},"modified":"2019-10-01T09:08:16","modified_gmt":"2019-10-01T03:38:16","slug":"fortiguard-labs-weekly-threat-update","status":"publish","type":"post","link":"https:\/\/www.technologyforyou.org\/fortiguard-labs-weekly-threat-update\/","title":{"rendered":"FortiGuard Labs Weekly Threat Update"},"content":{"rendered":"
\n
By\u00a0Jeannette Jarvis – FortiNet\u00a0<\/span>| September 27, 2019<\/span><\/span><\/strong><\/div>\n
\n

FortiGuard Labs Weekly Threat Update \u2013 Week of 27 September 2019<\/span><\/strong><\/p>\n<\/div>\n<\/section>\n

\n
\n
\n

Each week, FortiGuard Labs publishes a Threat Brief to subscribers that profile notable hot topics and threats that were discovered or discussed during the week. Here is a recap of what we are covering in this week\u2019s Threat Brief:<\/span><\/p>\n

Malware and Zero Day Attacks<\/span><\/strong><\/p>\n

    \n
  • We breakdown our analysis of a newly discovered variant of the NetWire RAT that is spreading via phishing email. When the victim clicks on a PDF-like picture embedded in the email, the NetWire RAT malware is downloaded. This variant also includes various anti-analysis techniques that it uses to stay concealed. We go into further detail of some of these techniques.<\/span><\/li>\n
  • We also summarize our\u00a0analysis of a new TrickBot\u00a0variant that FortiGuard Labs researchers just discovered that was being used in a targeted attack. The threat authors have leveraged some interesting tactics, including concealing their intentions by setting the font color to white within the infected document. They also obfuscated their JavaScript using an abnormally large volume of lines of code to make it more difficult for researchers to reverse engineer that code. There is much more listed in our full analysis.<\/span><\/li>\n
  • A zero-day vulnerability disclosed this week was for vBulletin, a widely used proprietary internet forum software package that powers more than 100,000 websites \u2013 including Fortune 500 and Alexa top 1 million companies. According to Zerodium, a zero-day acquisition platform, researchers were actually aware of this exploit and have been selling an exploit for it for three years on the dark web. vBulletin subsequently released an update on Wednesday. If this affects you, patch!<\/span><\/li>\n
  • The Emotet malware awoke from its hiatus this week as well. This latest attack begins with a spear-phishing campaign that uses a Word document that references a recently released memoir of Edward Snowden. The subjects of the email are variations of, “Snowden’s book on Amazon’s bestsellers list.\u201d The malware authors are hoping that interest in the topic will cause victims to open the infected document. FortiGuard Labs has put appropriate detection in place for the IOCs, as well as having released a signature:\u00a0W32\/Emotet.BN!tr VBA\/Agent.GBR!tr.dldr<\/span><\/li>\n
  • Finally, our researchers discovered research documenting a large-scale phishing campaign targeted at foreign trading companies in China. The malware authors are spoofing a UK-based trading company and utilizing their domain in the phishing email. The attached document is weaponized to exploit a well-known Microsoft Off Equation Editor vulnerability, CVE-2017-11882. If the document is opened it downloads a file infected with NanoCore RAT. FortiGuard Labs has detections in place for this variant.<\/span><\/li>\n<\/ul>\n

    Critical Patches and Updates<\/span><\/strong><\/p>\n

    Several critical zero-day vulnerabilities were announced and patches released this week. Microsoft released out-of-band updates addressing two vulnerabilities: One was an Internet Explorer vulnerability that is being exploited in the wild, and the other is for Microsoft\u00a0Defender, Microsoft’s anti-malware component in Windows. The Microsoft Defender flaw’s update is automatically applied, so there is no user action needed. But the patch for the Internet Explorer bug should be applied immediately.<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

    By\u00a0Jeannette Jarvis – FortiNet\u00a0| September 27, 2019 FortiGuard Labs Weekly Threat Update \u2013 Week of 27 September 2019 Each week, FortiGuard Labs publishes a Threat Brief to subscribers that profile notable hot topics and threats that were discovered or discussed during the week. Here is a recap of what we are covering in this week\u2019s […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[8158,8159,8157],"class_list":{"0":"post-14600","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-cyber-security","7":"tag-critical-patches-and-updates","8":"tag-fortiguard-labs-weekly-threat-update","9":"tag-malware-and-zero-day-attacks"},"_links":{"self":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts\/14600","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/comments?post=14600"}],"version-history":[{"count":0,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts\/14600\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/media?parent=14600"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/categories?post=14600"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/tags?post=14600"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}