Article: Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East - published about 6 years ago. Content: FireEye has identified a suspected influence operation that appears to originate from Iran aimed at audiences in the U.S., U.K., Latin America, and the Middle East. This operation is leveraging a network of inauthentic news sites and clusters of associated accounts across multiple social media platforms to promote political narratives in line with ... http://www.fireeye.com/blog/threat-research/2018/08/suspected-iranian-influence-operation.html Published: 2018 08 21 23:30:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: 404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor - published almost 5 years ago. Content: As noted in Rough Patch: I Promise It'll Be 200 OK, our FireEye Mandiant Incident Response team has been hard at work responding to intrusions stemming from the exploitation of CVE-2019-19781. After analyzing dozens of successful exploitation attempts against Citrix ADCs that did not have the Citrix mitigation steps implemented, we’ve recogni... http://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html Published: 2020 01 16 03:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Nice Try: 501 (Ransomware) Not Implemented - published almost 5 years ago. Content: An Ever-Evolving Threat Since January 10, 2020, FireEye has tracked extensive global exploitation of CVE-2019-19781, which continues to impact Citrix ADC and Gateway instances that are unpatched or do not have mitigations applied. We previously reported on attackers’ swift attempts to exploit this vulnerability and the post-compromise deploy... http://www.fireeye.com/blog/threat-research/2020/01/nice-try-501-ransomware-not-implemented.html Published: 2020 01 24 17:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Abusing DLL Misconfigurations — Using Threat Intelligence to Weaponize R&D - published almost 5 years ago. Content: DLL Abuse Techniques Overview Dynamic-link library (DLL) side-loading occurs when Windows Side-by-Side (WinSxS) manifests are not explicit about the characteristics of DLLs being loaded by a program. In layman’s terms, DLL side-loading can allow an attacker to trick a program into loading a malicious DLL. If you are interested in learning more abo... http://www.fireeye.com/blog/threat-research/2020/01/abusing-dll-misconfigurations.html Published: 2020 01 31 16:45:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: STOMP 2 DIS: Brilliance in the (Visual) Basics - published over 4 years ago. Content: Throughout January 2020, FireEye has continued to observe multiple targeted phishing campaigns designed to download and deploy a backdoor we track as MINEBRIDGE. The campaigns primarily targeted financial services organizations in the United States, though targeting is likely more widespread than those we’ve initially observed in our FireEye produc... http://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html Published: 2020 02 05 14:15:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Managed Defense: The Analytical Mindset - published over 4 years ago. Content: When it comes to cyber security (managed services or otherwise), you’re ultimately reliant on analyst expertise to keep your environment safe. Products and intelligence are necessary pieces of the security puzzle to generate detection signal and whittle down the alert chaff, but in the end, an analyst’s trained eyes and investigative process are th... http://www.fireeye.com/blog/threat-research/2020/02/managed-defense-the-analytical-mindset.html Published: 2020 02 11 17:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: "Distinguished Impersonator" Information Operation That Previously Impersonated U.S. Politicians and Journalists on Social Media Leverages Fabricated U.S. Liberal Personas to Promote Iranian Interests - published over 4 years ago. Content: In May 2019, FireEye Threat Intelligence published a blog post exposing a network of English-language social media accounts that engaged in inauthentic behavior and misrepresentation that we assessed with low confidence was organized in support of Iranian political interests. Personas in that network impersonated candidates for U.S. House of Re... http://www.fireeye.com/blog/threat-research/2020/02/information-operations-fabricated-personas-to-promote-iranian-interests.html Published: 2020 02 12 12:30:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: The Missing LNK — Correlating User Search LNK files - published over 4 years ago. Content: Forensic investigators use LNK shortcut files to recover metadata about recently accessed files, including files deleted after the time of access. In a recent investigation, FireEye Mandiant encountered LNK files that indicated an attacker accessed files included in Windows Explorer search results. In our experience, this was a new combination of f... http://www.fireeye.com/blog/threat-research/2020/02/the-missing-lnk-correlating-user-search-lnk-files.html Published: 2020 02 19 18:30:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: M-Trends 2020: Insights From the Front Lines - published over 4 years ago. Content: Today we release M-Trends 2020, the 11th edition of our popular annual FireEye Mandiant report. This latest M-Trends contains all of the statistics, trends, case studies and hardening recommendations that readers have come to expect through the years—and more. One of the most exciting takeaways from this year’s report: the global median dwell... http://www.fireeye.com/blog/threat-research/2020/02/mtrends-2020-insights-from-the-front-lines.html Published: 2020 02 20 13:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: What are Deep Neural Networks Learning About Malware? - published almost 6 years ago. Content: An increasing number of modern antivirus solutions rely on machine learning (ML) techniques to protect users from malware. While ML-based approaches, like FireEye Endpoint Security’s MalwareGuard capability, have done a great job at detecting new threats, they also come with substantial development costs. Creating and curating a large set of useful... http://www.fireeye.com/blog/threat-research/2018/12/what-are-deep-neural-networks-learning-about-malware.html Published: 2018 12 13 17:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Crescendo: Real Time Event Viewer for macOS - published over 4 years ago. Content: Prior to 2017, researchers couldn’t easily monitor actions performed by a process on macOS and had to resort to coding scripts that produced low level system call data. FireEye released Monitor.app in 2017 that enabled collection of information on macOS at a higher level; at a simplified data set versus something like Dtrace. I created many versions ... http://www.fireeye.com/blog/threat-research/2020/03/crescendo-real-time-event-viewer-for-macos.html Published: 2020 03 09 16:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Why Is North Korea So Interested in Bitcoin?,Why Is North Korea So Interested in Bitcoin? - published about 7 years ago. Content: In 2016 we began observing actors we believe to be North Korean utilizing their intrusion capabilities to conduct cyber crime, targeting banks and the global financial system. This marked a departure from previously observed activity of North Korean actors employing cyber espionage for traditional nation state activities. Yet, given North Korea's p... http://www.fireeye.com/blog/threat-research/2017/09/north-korea-interested-in-bitcoin.html Published: 2017 09 11 21:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY,FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY - published about 7 years ago. Content: FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. Mandiant analyzed a Microsoft Word document where attackers used the arbitrary ... http://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html Published: 2017 09 12 17:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: They Come in the Night: Ransomware Deployment Trends - published over 4 years ago. Content: Ransomware is a remote, digital shakedown. It is disruptive and expensive, and it affects all kinds of organizations, from cutting edge space technology firms, to the wool industry, to industrial environments. Infections have forced hospitals to turn away patients and law enforcement to drop cases against drug dealers. Ransomware operators ha... http://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html Published: 2020 03 16 15:30:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Six Facts about Address Space Layout Randomization on Windows - published over 4 years ago. Content: Overcoming address space layout randomization (ASLR) is a precondition of virtually all modern memory corruption vulnerabilities. Breaking ASLR is an area of active research and can get incredibly complicated. This blog post presents some basic facts about ASLR, focusing on the Windows implementation. In addition to covering what ASLR accomplishes ... http://www.fireeye.com/blog/threat-research/2020/03/six-facts-about-address-space-layout-randomization-on-windows.html Published: 2020 03 17 17:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Social Engineering Based on Stimulus Bill and COVID-19 Financial Compensation Schemes Expected to Grow in Coming Weeks - published over 4 years ago. Content: Given the community interest and media coverage surrounding the economic stimulus bill currently being considered by the United States House of Representatives, we anticipate attackers will increasingly leverage lures tailored to the new stimulus bill and related recovery efforts such as stimulus checks, unemployment compensation and small business... http://www.fireeye.com/blog/threat-research/2020/03/stimulus-bill-social-engineering-covid-19-financial-compensation-schemes.html Published: 2020 03 27 19:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG - published over 4 years ago. Content: As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of which our users are often unaware. In this blog post,... http://www.fireeye.com/blog/threat-research/2020/04/improving-dynamic-malware-analysis-with-cheat-codes-for-fakenet-ng.html Published: 2020 04 02 15:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation - published over 4 years ago. Content: This blog post continues the FLARE script series with a discussion of patching IDA Pro database files (IDBs) to interactively emulate code. While the fastest way to analyze or unpack malware is often to run it, malware won’t always successfully execute in a VM. I use IDA Pro’s Bochs integration in IDB mode to sidestep tedious debugging scenarios ... http://www.fireeye.com/blog/threat-research/2020/04/code-grafting-to-unpack-malware-in-emulation.html Published: 2020 04 07 16:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Limited Shifts in the Cyber Threat Landscape Driven by COVID-19 - published over 4 years ago. Content: Though COVID-19 has had enormous effects on our society and economy, its effects on the cyber threat landscape remain limited. For the most part, the same actors we have always tracked are behaving in the same manner they did prior to the crisis. There are some new challenges, but they are perceptible, and we—and our customers—are prepared to conti... http://www.fireeye.com/blog/threat-research/2020/04/limited-shifts-in-cyber-threat-landscape-driven-by-covid-19.html Published: 2020 04 08 16:15:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: New Variant of Ploutus ATM Malware Observed in the Wild in Latin America - published almost 8 years ago. Content: Introduction Ploutus is one of the most advanced ATM malware families we’ve seen in the last few years. Discovered for the first time in Mexico back in 2013, Ploutus enabled criminals to empty ATMs using either an external keyboard attached to the machine or via SMS message, a technique that had never been seen before. FireEye Labs recently ide... http://www.fireeye.com/blog/threat-research/2017/01/new_ploutus_variant.html Published: 2017 01 12 01:45:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Separating the Signal from the Noise: How Mandiant Intelligence Rates Vulnerabilities — Intelligence for Vulnerability Management, Part Three - published over 4 years ago. Content: One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the v... http://www.fireeye.com/blog/threat-research/2020/04/how-mandiant-intelligence-rates-vulnerabilities.html Published: 2020 04 20 12:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage - published over 4 years ago. Content: From at least January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets that Mandiant Threat Intelligence believes was designed to collect intelligence on the COVID-19 crisis. Spear phishing messages were sent by the actor to China's Ministry of Emergency Management as well as the government of... http://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html Published: 2020 04 22 14:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Putting the Model to Work: Enabling Defenders With Vulnerability Intelligence — Intelligence for Vulnerability Management, Part Four - published over 4 years ago. Content: One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the v... http://www.fireeye.com/blog/threat-research/2020/04/enabling-defenders-with-vulnerability-intelligence.html Published: 2020 04 27 12:30:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: FLARE IDA Pro Script Series: MSDN Annotations Plugin for Malware Analysis - published about 10 years ago. Content: The FireEye Labs Advanced Reverse Engineering (FLARE) Team continues to share knowledge and tools with the community. We started this blog series with a script for Automatic Recovery of Constructed Strings in Malware. As always, you can download these scripts at the following location: https://github.com/fireeye/flare-ida. We hope you find all th... http://www.fireeye.com/blog/threat-research/2014/09/flare-ida-pro-script-series-msdn-annotations-ida-pro-for-malware-analysis.html Published: 2014 09 11 22:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool - published over 4 years ago. Content: We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from several days to several weeks. Bypassing this time-consum... http://www.fireeye.com/blog/threat-research/2020/07/configuring-windows-domain-dynamically-analyze-obfuscated-lateral-movement-tool.html Published: 2020 07 07 18:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families - published over 4 years ago. Content: Mandiant Threat Intelligence has researched and written extensively on the increasing financially motivated threat activity directly impacting operational technology (OT) networks. Some of this research is available in our previous blog posts on industrial post-compromise ransomware and FireEye's approach to OT security. While most of the actor... http://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html Published: 2020 07 15 15:00:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: capa: Automatically Identify Malware Capabilities - published over 4 years ago. Content: capa is the FLARE team’s newest open-source tool for analyzing malicious programs. Our tool provides a framework for the community to encode, recognize, and share behaviors that we’ve seen in malware. Regardless of your background, when you use capa, you invoke decades of cumulative reverse engineering experience to figure out what a program does. ... http://www.fireeye.com/blog/threat-research/2020/07/capa-automatically-identify-malware-capabilities.html Published: 2020 07 16 19:40:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Unique Threats to Operational Technology and Cyber Physical Systems - published over 4 years ago. Content: In this latest episode of our Eye on Security podcast, I talk all about the world of operational technology (OT) and cyber physical systems with one of our foremost experts on the topic: Nathan Brubaker, Senior Manager of Analysis for Mandiant Threat Intelligence. Nathan kicked off our chat by explaining what exactly we mean when we use the ter... http://www.fireeye.com/blog/threat-research/2020/07/unique-threats-to-operational-technology-and-cyber-physical-systems.html Published: 2020 07 20 17:30:00 Received: 2021 11 02 20:00:26 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: iBackDoor: High-Risk Code Hits iOS Apps - published almost 9 years ago. Content: Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display ads, allowing for potential malicious access to se... http://www.fireeye.com/blog/threat-research/2015/11/ibackdoor_high-risk.html Published: 2015 11 04 18:00:00 Received: 2021 11 02 20:00:25 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Maimed Ramnit Still Lurking in the Shadow - published over 8 years ago. Content: Newspapers have the ability to do more than simply keep us current with worldly affairs; we can use them to squash bugs! Yet, as we move from waiting on the newspaper delivery boy to reading breaking news on ePapers, we lose the subtle art of bug squashing. Instead, we end up exposing ourselves to dangerous digital bugs that can affect our virtual ... http://www.fireeye.com/blog/threat-research/2016/02/maimed_ramnit_still.html Published: 2016 02 18 17:00:00 Received: 2021 11 02 20:00:25 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Going To Ground with The Windows Scripting Host (WSH) - published over 10 years ago. Content: About a month ago, I was involved in an investigation that revealed a targeted attacker using an interesting variation of a well-known persistence mechanism - a technique that is relevant both to incident responders hunting for evil and penetration testers looking to add post-exploitation methods to their toolkit. Today, I'm going to t... http://www.fireeye.com/blog/threat-research/2014/02/ground-windows-scripting-host-wsh.html Published: 2014 02 19 21:56:00 Received: 2021 11 02 20:00:24 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks - published over 10 years ago. Content: Summary FireEye Research Labs, the intelligence behind our Mandiant Consultancy services, identified a new Internet Explorer (IE) zero-day exploit used in targeted attacks. The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11. This zero-day bypasses both ASLR and DEP. Microsoft has assigned CVE-2014-1776 to... http://www.fireeye.com/blog/threat-research/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html Published: 2014 04 27 02:29:08 Received: 2021 11 02 20:00:24 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Click to Open Code Editor