All Articles

Ordered by Date Received : Year: "2021" Month: "11" Day: "02" Hour: "20"
Page: 1 (of 0)

Total Articles in this collection: 32

Navigation Help at the bottom of the page
Article: Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East - published over 6 years ago.
Content: FireEye has identified a suspected influence operation that appears to originate from Iran aimed at audiences in the U.S., U.K., Latin America, and the Middle East. This operation is leveraging a network of inauthentic news sites and clusters of associated accounts across multiple social media platforms to promote political narratives in line with ...
http://www.fireeye.com/blog/threat-research/2018/08/suspected-iranian-influence-operation.html   
Published: 2018 08 21 23:30:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East - published over 6 years ago.
Content: FireEye has identified a suspected influence operation that appears to originate from Iran aimed at audiences in the U.S., U.K., Latin America, and the Middle East. This operation is leveraging a network of inauthentic news sites and clusters of associated accounts across multiple social media platforms to promote political narratives in line with ...
http://www.fireeye.com/blog/threat-research/2018/08/suspected-iranian-influence-operation.html   
Published: 2018 08 21 23:30:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: 404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor - published almost 5 years ago.
Content: As noted in Rough Patch: I Promise It'll Be 200 OK, our FireEye Mandiant Incident Response team has been hard at work responding to intrusions stemming from the exploitation of CVE-2019-19781. After analyzing dozens of successful exploitation attempts against Citrix ADCs that did not have the Citrix mitigation steps implemented, we’ve recogni...
http://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html   
Published: 2020 01 16 03:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: 404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor - published almost 5 years ago.
Content: As noted in Rough Patch: I Promise It'll Be 200 OK, our FireEye Mandiant Incident Response team has been hard at work responding to intrusions stemming from the exploitation of CVE-2019-19781. After analyzing dozens of successful exploitation attempts against Citrix ADCs that did not have the Citrix mitigation steps implemented, we’ve recogni...
http://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html   
Published: 2020 01 16 03:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Free Score Certificate
Cyber Tzar Free Score Certificate
Article: Nice Try: 501 (Ransomware) Not Implemented - published almost 5 years ago.
Content: An Ever-Evolving Threat Since January 10, 2020, FireEye has tracked extensive global exploitation of CVE-2019-19781, which continues to impact Citrix ADC and Gateway instances that are unpatched or do not have mitigations applied. We previously reported on attackers’ swift attempts to exploit this vulnerability and the post-compromise deploy...
http://www.fireeye.com/blog/threat-research/2020/01/nice-try-501-ransomware-not-implemented.html   
Published: 2020 01 24 17:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Nice Try: 501 (Ransomware) Not Implemented - published almost 5 years ago.
Content: An Ever-Evolving Threat Since January 10, 2020, FireEye has tracked extensive global exploitation of CVE-2019-19781, which continues to impact Citrix ADC and Gateway instances that are unpatched or do not have mitigations applied. We previously reported on attackers’ swift attempts to exploit this vulnerability and the post-compromise deploy...
http://www.fireeye.com/blog/threat-research/2020/01/nice-try-501-ransomware-not-implemented.html   
Published: 2020 01 24 17:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Score Summary
Cyber Tzar Score Summary
Cyber Tzar Free Score Certificate
Cyber Tzar Free Score Certificate
Article: Abusing DLL Misconfigurations — Using Threat Intelligence to Weaponize R&D - published almost 5 years ago.
Content: DLL Abuse Techniques Overview Dynamic-link library (DLL) side-loading occurs when Windows Side-by-Side (WinSxS) manifests are not explicit about the characteristics of DLLs being loaded by a program. In layman’s terms, DLL side-loading can allow an attacker to trick a program into loading a malicious DLL. If you are interested in learning more abo...
http://www.fireeye.com/blog/threat-research/2020/01/abusing-dll-misconfigurations.html   
Published: 2020 01 31 16:45:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Abusing DLL Misconfigurations — Using Threat Intelligence to Weaponize R&D - published almost 5 years ago.
Content: DLL Abuse Techniques Overview Dynamic-link library (DLL) side-loading occurs when Windows Side-by-Side (WinSxS) manifests are not explicit about the characteristics of DLLs being loaded by a program. In layman’s terms, DLL side-loading can allow an attacker to trick a program into loading a malicious DLL. If you are interested in learning more abo...
http://www.fireeye.com/blog/threat-research/2020/01/abusing-dll-misconfigurations.html   
Published: 2020 01 31 16:45:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: STOMP 2 DIS: Brilliance in the (Visual) Basics - published almost 5 years ago.
Content: Throughout January 2020, FireEye has continued to observe multiple targeted phishing campaigns designed to download and deploy a backdoor we track as MINEBRIDGE. The campaigns primarily targeted financial services organizations in the United States, though targeting is likely more widespread than those we’ve initially observed in our FireEye produc...
http://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html   
Published: 2020 02 05 14:15:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: STOMP 2 DIS: Brilliance in the (Visual) Basics - published almost 5 years ago.
Content: Throughout January 2020, FireEye has continued to observe multiple targeted phishing campaigns designed to download and deploy a backdoor we track as MINEBRIDGE. The campaigns primarily targeted financial services organizations in the United States, though targeting is likely more widespread than those we’ve initially observed in our FireEye produc...
http://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html   
Published: 2020 02 05 14:15:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Your Score Explained
Cyber Tzar Your Score Explained
Article: Managed Defense: The Analytical Mindset - published almost 5 years ago.
Content: When it comes to cyber security (managed services or otherwise), you’re ultimately reliant on analyst expertise to keep your environment safe. Products and intelligence are necessary pieces of the security puzzle to generate detection signal and whittle down the alert chaff, but in the end, an analyst’s trained eyes and investigative process are th...
http://www.fireeye.com/blog/threat-research/2020/02/managed-defense-the-analytical-mindset.html   
Published: 2020 02 11 17:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Managed Defense: The Analytical Mindset - published almost 5 years ago.
Content: When it comes to cyber security (managed services or otherwise), you’re ultimately reliant on analyst expertise to keep your environment safe. Products and intelligence are necessary pieces of the security puzzle to generate detection signal and whittle down the alert chaff, but in the end, an analyst’s trained eyes and investigative process are th...
http://www.fireeye.com/blog/threat-research/2020/02/managed-defense-the-analytical-mindset.html   
Published: 2020 02 11 17:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Gold Score Certificate
Cyber Tzar Gold Score Certificate
Article: "Distinguished Impersonator" Information Operation That Previously Impersonated U.S. Politicians and Journalists on Social Media Leverages Fabricated U.S. Liberal Personas to Promote Iranian Interests - published almost 5 years ago.
Content: In May 2019, FireEye Threat Intelligence published a blog post exposing a network of English-language social media accounts that engaged in inauthentic behavior and misrepresentation that we assessed with low confidence was organized in support of Iranian political interests. Personas in that network impersonated candidates for U.S. House of Re...
http://www.fireeye.com/blog/threat-research/2020/02/information-operations-fabricated-personas-to-promote-iranian-interests.html   
Published: 2020 02 12 12:30:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: "Distinguished Impersonator" Information Operation That Previously Impersonated U.S. Politicians and Journalists on Social Media Leverages Fabricated U.S. Liberal Personas to Promote Iranian Interests - published almost 5 years ago.
Content: In May 2019, FireEye Threat Intelligence published a blog post exposing a network of English-language social media accounts that engaged in inauthentic behavior and misrepresentation that we assessed with low confidence was organized in support of Iranian political interests. Personas in that network impersonated candidates for U.S. House of Re...
http://www.fireeye.com/blog/threat-research/2020/02/information-operations-fabricated-personas-to-promote-iranian-interests.html   
Published: 2020 02 12 12:30:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: The Missing LNK — Correlating User Search LNK files - published almost 5 years ago.
Content: Forensic investigators use LNK shortcut files to recover metadata about recently accessed files, including files deleted after the time of access. In a recent investigation, FireEye Mandiant encountered LNK files that indicated an attacker accessed files included in Windows Explorer search results. In our experience, this was a new combination of f...
http://www.fireeye.com/blog/threat-research/2020/02/the-missing-lnk-correlating-user-search-lnk-files.html   
Published: 2020 02 19 18:30:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: The Missing LNK — Correlating User Search LNK files - published almost 5 years ago.
Content: Forensic investigators use LNK shortcut files to recover metadata about recently accessed files, including files deleted after the time of access. In a recent investigation, FireEye Mandiant encountered LNK files that indicated an attacker accessed files included in Windows Explorer search results. In our experience, this was a new combination of f...
http://www.fireeye.com/blog/threat-research/2020/02/the-missing-lnk-correlating-user-search-lnk-files.html   
Published: 2020 02 19 18:30:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Score Analysis
Cyber Tzar Score Analysis
Article: M-Trends 2020: Insights From the Front Lines - published almost 5 years ago.
Content: Today we release M-Trends 2020, the 11th edition of our popular annual FireEye Mandiant report. This latest M-Trends contains all of the statistics, trends, case studies and hardening recommendations that readers have come to expect through the years—and more. One of the most exciting takeaways from this year’s report: the global median dwell...
http://www.fireeye.com/blog/threat-research/2020/02/mtrends-2020-insights-from-the-front-lines.html   
Published: 2020 02 20 13:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: M-Trends 2020: Insights From the Front Lines - published almost 5 years ago.
Content: Today we release M-Trends 2020, the 11th edition of our popular annual FireEye Mandiant report. This latest M-Trends contains all of the statistics, trends, case studies and hardening recommendations that readers have come to expect through the years—and more. One of the most exciting takeaways from this year’s report: the global median dwell...
http://www.fireeye.com/blog/threat-research/2020/02/mtrends-2020-insights-from-the-front-lines.html   
Published: 2020 02 20 13:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Risk Impact Distribution
Cyber Tzar Risk Impact Distribution
Cyber Tzar Your Score Explained
Cyber Tzar Your Score Explained
Article: What are Deep Neural Networks Learning About Malware? - published almost 6 years ago.
Content: An increasing number of modern antivirus solutions rely on machine learning (ML) techniques to protect users from malware. While ML-based approaches, like FireEye Endpoint Security’s MalwareGuard capability, have done a great job at detecting new threats, they also come with substantial development costs. Creating and curating a large set of useful...
http://www.fireeye.com/blog/threat-research/2018/12/what-are-deep-neural-networks-learning-about-malware.html   
Published: 2018 12 13 17:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: What are Deep Neural Networks Learning About Malware? - published almost 6 years ago.
Content: An increasing number of modern antivirus solutions rely on machine learning (ML) techniques to protect users from malware. While ML-based approaches, like FireEye Endpoint Security’s MalwareGuard capability, have done a great job at detecting new threats, they also come with substantial development costs. Creating and curating a large set of useful...
http://www.fireeye.com/blog/threat-research/2018/12/what-are-deep-neural-networks-learning-about-malware.html   
Published: 2018 12 13 17:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Crescendo: Real Time Event Viewer for macOS - published over 4 years ago.
Content: Prior to 2017, researchers couldn’t easily monitor actions performed by a process on macOS and had to resort to coding scripts that produced low level system call data. FireEye released Monitor.app in 2017 that enabled collection of information on macOS at a higher level; at a simplified data set versus something like Dtrace. I created many versions ...
http://www.fireeye.com/blog/threat-research/2020/03/crescendo-real-time-event-viewer-for-macos.html   
Published: 2020 03 09 16:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Crescendo: Real Time Event Viewer for macOS - published over 4 years ago.
Content: Prior to 2017, researchers couldn’t easily monitor actions performed by a process on macOS and had to resort to coding scripts that produced low level system call data. FireEye released Monitor.app in 2017 that enabled collection of information on macOS at a higher level; at a simplified data set versus something like Dtrace. I created many versions ...
http://www.fireeye.com/blog/threat-research/2020/03/crescendo-real-time-event-viewer-for-macos.html   
Published: 2020 03 09 16:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Risk Impact Assesment
Cyber Tzar Risk Impact Assesment
Article: Why Is North Korea So Interested in Bitcoin?,Why Is North Korea So Interested in Bitcoin? - published about 7 years ago.
Content: In 2016 we began observing actors we believe to be North Korean utilizing their intrusion capabilities to conduct cyber crime, targeting banks and the global financial system. This marked a departure from previously observed activity of North Korean actors employing cyber espionage for traditional nation state activities. Yet, given North Korea's p...
http://www.fireeye.com/blog/threat-research/2017/09/north-korea-interested-in-bitcoin.html   
Published: 2017 09 11 21:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Why Is North Korea So Interested in Bitcoin?,Why Is North Korea So Interested in Bitcoin? - published about 7 years ago.
Content: In 2016 we began observing actors we believe to be North Korean utilizing their intrusion capabilities to conduct cyber crime, targeting banks and the global financial system. This marked a departure from previously observed activity of North Korean actors employing cyber espionage for traditional nation state activities. Yet, given North Korea's p...
http://www.fireeye.com/blog/threat-research/2017/09/north-korea-interested-in-bitcoin.html   
Published: 2017 09 11 21:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Your Score Explained
Cyber Tzar Your Score Explained
Cyber Tzar Gold Score Certificate
Cyber Tzar Gold Score Certificate
Article: FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY,FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY - published about 7 years ago.
Content: FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. Mandiant analyzed a Microsoft Word document where attackers used the arbitrary ...
http://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html   
Published: 2017 09 12 17:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY,FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY - published about 7 years ago.
Content: FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. Mandiant analyzed a Microsoft Word document where attackers used the arbitrary ...
http://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html   
Published: 2017 09 12 17:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: They Come in the Night: Ransomware Deployment Trends - published over 4 years ago.
Content: Ransomware is a remote, digital shakedown. It is disruptive and expensive, and it affects all kinds of organizations, from cutting edge space technology firms, to the wool industry, to industrial environments. Infections have forced hospitals to turn away patients and law enforcement to drop cases against drug dealers. Ransomware operators ha...
http://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html   
Published: 2020 03 16 15:30:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: They Come in the Night: Ransomware Deployment Trends - published over 4 years ago.
Content: Ransomware is a remote, digital shakedown. It is disruptive and expensive, and it affects all kinds of organizations, from cutting edge space technology firms, to the wool industry, to industrial environments. Infections have forced hospitals to turn away patients and law enforcement to drop cases against drug dealers. Ransomware operators ha...
http://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html   
Published: 2020 03 16 15:30:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Risk Groups Explained
Cyber Tzar Risk Groups Explained
Article: Six Facts about Address Space Layout Randomization on Windows - published over 4 years ago.
Content: Overcoming address space layout randomization (ASLR) is a precondition of virtually all modern memory corruption vulnerabilities. Breaking ASLR is an area of active research and can get incredibly complicated. This blog post presents some basic facts about ASLR, focusing on the Windows implementation. In addition to covering what ASLR accomplishes ...
http://www.fireeye.com/blog/threat-research/2020/03/six-facts-about-address-space-layout-randomization-on-windows.html   
Published: 2020 03 17 17:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Six Facts about Address Space Layout Randomization on Windows - published over 4 years ago.
Content: Overcoming address space layout randomization (ASLR) is a precondition of virtually all modern memory corruption vulnerabilities. Breaking ASLR is an area of active research and can get incredibly complicated. This blog post presents some basic facts about ASLR, focusing on the Windows implementation. In addition to covering what ASLR accomplishes ...
http://www.fireeye.com/blog/threat-research/2020/03/six-facts-about-address-space-layout-randomization-on-windows.html   
Published: 2020 03 17 17:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Change Over Time (Extended)
Cyber Tzar Change Over Time (Extended)
Cyber Tzar Score Analysis
Cyber Tzar Score Analysis
Article: Social Engineering Based on Stimulus Bill and COVID-19 Financial Compensation Schemes Expected to Grow in Coming Weeks - published over 4 years ago.
Content: Given the community interest and media coverage surrounding the economic stimulus bill currently being considered by the United States House of Representatives, we anticipate attackers will increasingly leverage lures tailored to the new stimulus bill and related recovery efforts such as stimulus checks, unemployment compensation and small business...
http://www.fireeye.com/blog/threat-research/2020/03/stimulus-bill-social-engineering-covid-19-financial-compensation-schemes.html   
Published: 2020 03 27 19:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Social Engineering Based on Stimulus Bill and COVID-19 Financial Compensation Schemes Expected to Grow in Coming Weeks - published over 4 years ago.
Content: Given the community interest and media coverage surrounding the economic stimulus bill currently being considered by the United States House of Representatives, we anticipate attackers will increasingly leverage lures tailored to the new stimulus bill and related recovery efforts such as stimulus checks, unemployment compensation and small business...
http://www.fireeye.com/blog/threat-research/2020/03/stimulus-bill-social-engineering-covid-19-financial-compensation-schemes.html   
Published: 2020 03 27 19:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG - published over 4 years ago.
Content: As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of which our users are often unaware. In this blog post,...
http://www.fireeye.com/blog/threat-research/2020/04/improving-dynamic-malware-analysis-with-cheat-codes-for-fakenet-ng.html   
Published: 2020 04 02 15:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG - published over 4 years ago.
Content: As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of which our users are often unaware. In this blog post,...
http://www.fireeye.com/blog/threat-research/2020/04/improving-dynamic-malware-analysis-with-cheat-codes-for-fakenet-ng.html   
Published: 2020 04 02 15:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Change Over Time (Extended)
Cyber Tzar Change Over Time (Extended)
Article: Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation - published over 4 years ago.
Content: This blog post continues the FLARE script series with a discussion of patching IDA Pro database files (IDBs) to interactively emulate code. While the fastest way to analyze or unpack malware is often to run it, malware won’t always successfully execute in a VM. I use IDA Pro’s Bochs integration in IDB mode to sidestep tedious debugging scenarios ...
http://www.fireeye.com/blog/threat-research/2020/04/code-grafting-to-unpack-malware-in-emulation.html   
Published: 2020 04 07 16:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation - published over 4 years ago.
Content: This blog post continues the FLARE script series with a discussion of patching IDA Pro database files (IDBs) to interactively emulate code. While the fastest way to analyze or unpack malware is often to run it, malware won’t always successfully execute in a VM. I use IDA Pro’s Bochs integration in IDB mode to sidestep tedious debugging scenarios ...
http://www.fireeye.com/blog/threat-research/2020/04/code-grafting-to-unpack-malware-in-emulation.html   
Published: 2020 04 07 16:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Change Over Time (Extended)
Cyber Tzar Change Over Time (Extended)
Article: Limited Shifts in the Cyber Threat Landscape Driven by COVID-19 - published over 4 years ago.
Content: Though COVID-19 has had enormous effects on our society and economy, its effects on the cyber threat landscape remain limited. For the most part, the same actors we have always tracked are behaving in the same manner they did prior to the crisis. There are some new challenges, but they are perceptible, and we—and our customers—are prepared to conti...
http://www.fireeye.com/blog/threat-research/2020/04/limited-shifts-in-cyber-threat-landscape-driven-by-covid-19.html   
Published: 2020 04 08 16:15:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Limited Shifts in the Cyber Threat Landscape Driven by COVID-19 - published over 4 years ago.
Content: Though COVID-19 has had enormous effects on our society and economy, its effects on the cyber threat landscape remain limited. For the most part, the same actors we have always tracked are behaving in the same manner they did prior to the crisis. There are some new challenges, but they are perceptible, and we—and our customers—are prepared to conti...
http://www.fireeye.com/blog/threat-research/2020/04/limited-shifts-in-cyber-threat-landscape-driven-by-covid-19.html   
Published: 2020 04 08 16:15:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: New Variant of Ploutus ATM Malware Observed in the Wild in Latin America - published almost 8 years ago.
Content: Introduction Ploutus is one of the most advanced ATM malware families we’ve seen in the last few years. Discovered for the first time in Mexico back in 2013, Ploutus enabled criminals to empty ATMs using either an external keyboard attached to the machine or via SMS message, a technique that had never been seen before. FireEye Labs recently ide...
http://www.fireeye.com/blog/threat-research/2017/01/new_ploutus_variant.html   
Published: 2017 01 12 01:45:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: New Variant of Ploutus ATM Malware Observed in the Wild in Latin America - published almost 8 years ago.
Content: Introduction Ploutus is one of the most advanced ATM malware families we’ve seen in the last few years. Discovered for the first time in Mexico back in 2013, Ploutus enabled criminals to empty ATMs using either an external keyboard attached to the machine or via SMS message, a technique that had never been seen before. FireEye Labs recently ide...
http://www.fireeye.com/blog/threat-research/2017/01/new_ploutus_variant.html   
Published: 2017 01 12 01:45:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Change Over Time (Extended)
Cyber Tzar Change Over Time (Extended)
Article: Separating the Signal from the Noise: How Mandiant Intelligence Rates Vulnerabilities — Intelligence for Vulnerability Management, Part Three - published over 4 years ago.
Content: One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the v...
http://www.fireeye.com/blog/threat-research/2020/04/how-mandiant-intelligence-rates-vulnerabilities.html   
Published: 2020 04 20 12:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Separating the Signal from the Noise: How Mandiant Intelligence Rates Vulnerabilities — Intelligence for Vulnerability Management, Part Three - published over 4 years ago.
Content: One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the v...
http://www.fireeye.com/blog/threat-research/2020/04/how-mandiant-intelligence-rates-vulnerabilities.html   
Published: 2020 04 20 12:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Change Over Time (Extended)
Cyber Tzar Change Over Time (Extended)
Cyber Tzar Risk Impact Assesment
Cyber Tzar Risk Impact Assesment
Article: Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage - published over 4 years ago.
Content: From at least January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets that Mandiant Threat Intelligence believes was designed to collect intelligence on the COVID-19 crisis. Spear phishing messages were sent by the actor to China's Ministry of Emergency Management as well as the government of...
http://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html   
Published: 2020 04 22 14:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage - published over 4 years ago.
Content: From at least January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets that Mandiant Threat Intelligence believes was designed to collect intelligence on the COVID-19 crisis. Spear phishing messages were sent by the actor to China's Ministry of Emergency Management as well as the government of...
http://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html   
Published: 2020 04 22 14:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Putting the Model to Work: Enabling Defenders With Vulnerability Intelligence — Intelligence for Vulnerability Management, Part Four - published over 4 years ago.
Content: One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the v...
http://www.fireeye.com/blog/threat-research/2020/04/enabling-defenders-with-vulnerability-intelligence.html   
Published: 2020 04 27 12:30:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Putting the Model to Work: Enabling Defenders With Vulnerability Intelligence — Intelligence for Vulnerability Management, Part Four - published over 4 years ago.
Content: One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the v...
http://www.fireeye.com/blog/threat-research/2020/04/enabling-defenders-with-vulnerability-intelligence.html   
Published: 2020 04 27 12:30:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Change Over Time (Extended)
Cyber Tzar Change Over Time (Extended)
Article: FLARE IDA Pro Script Series: MSDN Annotations Plugin for Malware Analysis - published about 10 years ago.
Content: The FireEye Labs Advanced Reverse Engineering (FLARE) Team continues to share knowledge and tools with the community. We started this blog series with a script for Automatic Recovery of Constructed Strings in Malware. As always, you can download these scripts at the following location: https://github.com/fireeye/flare-ida. We hope you find all th...
http://www.fireeye.com/blog/threat-research/2014/09/flare-ida-pro-script-series-msdn-annotations-ida-pro-for-malware-analysis.html   
Published: 2014 09 11 22:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: FLARE IDA Pro Script Series: MSDN Annotations Plugin for Malware Analysis - published about 10 years ago.
Content: The FireEye Labs Advanced Reverse Engineering (FLARE) Team continues to share knowledge and tools with the community. We started this blog series with a script for Automatic Recovery of Constructed Strings in Malware. As always, you can download these scripts at the following location: https://github.com/fireeye/flare-ida. We hope you find all th...
http://www.fireeye.com/blog/threat-research/2014/09/flare-ida-pro-script-series-msdn-annotations-ida-pro-for-malware-analysis.html   
Published: 2014 09 11 22:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Re-Score Report
Cyber Tzar Re-Score Report
Cyber Tzar Your Score Explained
Cyber Tzar Your Score Explained
Article: Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool - published over 4 years ago.
Content: We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from several days to several weeks. Bypassing this time-consum...
http://www.fireeye.com/blog/threat-research/2020/07/configuring-windows-domain-dynamically-analyze-obfuscated-lateral-movement-tool.html   
Published: 2020 07 07 18:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool - published over 4 years ago.
Content: We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from several days to several weeks. Bypassing this time-consum...
http://www.fireeye.com/blog/threat-research/2020/07/configuring-windows-domain-dynamically-analyze-obfuscated-lateral-movement-tool.html   
Published: 2020 07 07 18:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families - published over 4 years ago.
Content: Mandiant Threat Intelligence has researched and written extensively on the increasing financially motivated threat activity directly impacting operational technology (OT) networks. Some of this research is available in our previous blog posts on industrial post-compromise ransomware and FireEye's approach to OT security. While most of the actor...
http://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html   
Published: 2020 07 15 15:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families - published over 4 years ago.
Content: Mandiant Threat Intelligence has researched and written extensively on the increasing financially motivated threat activity directly impacting operational technology (OT) networks. Some of this research is available in our previous blog posts on industrial post-compromise ransomware and FireEye's approach to OT security. While most of the actor...
http://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html   
Published: 2020 07 15 15:00:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Top Ten Vulnerabilities Explained
Cyber Tzar Top Ten Vulnerabilities Explained
Article: capa: Automatically Identify Malware Capabilities - published over 4 years ago.
Content: capa is the FLARE team’s newest open-source tool for analyzing malicious programs. Our tool provides a framework for the community to encode, recognize, and share behaviors that we’ve seen in malware. Regardless of your background, when you use capa, you invoke decades of cumulative reverse engineering experience to figure out what a program does. ...
http://www.fireeye.com/blog/threat-research/2020/07/capa-automatically-identify-malware-capabilities.html   
Published: 2020 07 16 19:40:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: capa: Automatically Identify Malware Capabilities - published over 4 years ago.
Content: capa is the FLARE team’s newest open-source tool for analyzing malicious programs. Our tool provides a framework for the community to encode, recognize, and share behaviors that we’ve seen in malware. Regardless of your background, when you use capa, you invoke decades of cumulative reverse engineering experience to figure out what a program does. ...
http://www.fireeye.com/blog/threat-research/2020/07/capa-automatically-identify-malware-capabilities.html   
Published: 2020 07 16 19:40:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Top Ten Vulnerabilities Explained
Cyber Tzar Top Ten Vulnerabilities Explained
Cyber Tzar Risk Groups Explained
Cyber Tzar Risk Groups Explained
Article: Unique Threats to Operational Technology and Cyber Physical Systems - published over 4 years ago.
Content: In this latest episode of our Eye on Security podcast, I talk all about the world of operational technology (OT) and cyber physical systems with one of our foremost experts on the topic: Nathan Brubaker, Senior Manager of Analysis for Mandiant Threat Intelligence. Nathan kicked off our chat by explaining what exactly we mean when we use the ter...
http://www.fireeye.com/blog/threat-research/2020/07/unique-threats-to-operational-technology-and-cyber-physical-systems.html   
Published: 2020 07 20 17:30:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Unique Threats to Operational Technology and Cyber Physical Systems - published over 4 years ago.
Content: In this latest episode of our Eye on Security podcast, I talk all about the world of operational technology (OT) and cyber physical systems with one of our foremost experts on the topic: Nathan Brubaker, Senior Manager of Analysis for Mandiant Threat Intelligence. Nathan kicked off our chat by explaining what exactly we mean when we use the ter...
http://www.fireeye.com/blog/threat-research/2020/07/unique-threats-to-operational-technology-and-cyber-physical-systems.html   
Published: 2020 07 20 17:30:00
Received: 2021 11 02 20:00:26
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: iBackDoor: High-Risk Code Hits iOS Apps - published about 9 years ago.
Content: Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display ads, allowing for potential malicious access to se...
http://www.fireeye.com/blog/threat-research/2015/11/ibackdoor_high-risk.html   
Published: 2015 11 04 18:00:00
Received: 2021 11 02 20:00:25
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: iBackDoor: High-Risk Code Hits iOS Apps - published about 9 years ago.
Content: Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display ads, allowing for potential malicious access to se...
http://www.fireeye.com/blog/threat-research/2015/11/ibackdoor_high-risk.html   
Published: 2015 11 04 18:00:00
Received: 2021 11 02 20:00:25
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Top Ten Vulnerabilities Explained
Cyber Tzar Top Ten Vulnerabilities Explained
Article: Maimed Ramnit Still Lurking in the Shadow - published almost 9 years ago.
Content: Newspapers have the ability to do more than simply keep us current with worldly affairs; we can use them to squash bugs! Yet, as we move from waiting on the newspaper delivery boy to reading breaking news on ePapers, we lose the subtle art of bug squashing. Instead, we end up exposing ourselves to dangerous digital bugs that can affect our virtual ...
http://www.fireeye.com/blog/threat-research/2016/02/maimed_ramnit_still.html   
Published: 2016 02 18 17:00:00
Received: 2021 11 02 20:00:25
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Maimed Ramnit Still Lurking in the Shadow - published almost 9 years ago.
Content: Newspapers have the ability to do more than simply keep us current with worldly affairs; we can use them to squash bugs! Yet, as we move from waiting on the newspaper delivery boy to reading breaking news on ePapers, we lose the subtle art of bug squashing. Instead, we end up exposing ourselves to dangerous digital bugs that can affect our virtual ...
http://www.fireeye.com/blog/threat-research/2016/02/maimed_ramnit_still.html   
Published: 2016 02 18 17:00:00
Received: 2021 11 02 20:00:25
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Top Ten Vulnerabilities Explained
Cyber Tzar Top Ten Vulnerabilities Explained
Cyber Tzar Change Over Time (Extended)
Cyber Tzar Change Over Time (Extended)
Article: Going To Ground with The Windows Scripting Host (WSH) - published almost 11 years ago.
Content: About a month ago, I was involved in an investigation that revealed a targeted attacker using an interesting variation of a well-known persistence mechanism - a technique that is relevant both to incident responders hunting for evil and penetration testers looking to add post-exploitation methods to their toolkit. Today, I'm going to t...
http://www.fireeye.com/blog/threat-research/2014/02/ground-windows-scripting-host-wsh.html   
Published: 2014 02 19 21:56:00
Received: 2021 11 02 20:00:24
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: Going To Ground with The Windows Scripting Host (WSH) - published almost 11 years ago.
Content: About a month ago, I was involved in an investigation that revealed a targeted attacker using an interesting variation of a well-known persistence mechanism - a technique that is relevant both to incident responders hunting for evil and penetration testers looking to add post-exploitation methods to their toolkit. Today, I'm going to t...
http://www.fireeye.com/blog/threat-research/2014/02/ground-windows-scripting-host-wsh.html   
Published: 2014 02 19 21:56:00
Received: 2021 11 02 20:00:24
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks - published over 10 years ago.
Content: Summary FireEye Research Labs, the intelligence behind our Mandiant Consultancy services, identified a new Internet Explorer (IE) zero-day exploit used in targeted attacks.  The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11.  This zero-day bypasses both ASLR and DEP. Microsoft has assigned CVE-2014-1776 to...
http://www.fireeye.com/blog/threat-research/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html   
Published: 2014 04 27 02:29:08
Received: 2021 11 02 20:00:24
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Article: New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks - published over 10 years ago.
Content: Summary FireEye Research Labs, the intelligence behind our Mandiant Consultancy services, identified a new Internet Explorer (IE) zero-day exploit used in targeted attacks.  The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11.  This zero-day bypasses both ASLR and DEP. Microsoft has assigned CVE-2014-1776 to...
http://www.fireeye.com/blog/threat-research/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html   
Published: 2014 04 27 02:29:08
Received: 2021 11 02 20:00:24
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security
Cyber Tzar Top Ten Vulnerabilities Explained
Cyber Tzar Top Ten Vulnerabilities Explained

All Articles

Ordered by Date Received : Year: "2021" Month: "11" Day: "02" Hour: "20"
Page: 1 (of 0)

Total Articles in this collection: 32


  • "All Articles" links back to the front page, effectivly the Planet "Home Page"; shows all articles, with no selections, or groupings.
  • Default date ordering is by "Received Date" (due to not all RSS feeds having a "Published Date").
  • Only Published Date selections use the articles Published Date.
  • The first page always shows fifty items plus from zero to up to a remaining forty-nine items, before they are commited permently to the next page.
  • All subsequent pages show fifty items.
  • Pagination is in reverse ordering (so that pages are permamenent links, aka "permalinks", to their content).
  • "<<" moves you to the first page (aka newest articles)
  • ">>" moves you to the last page (aka oldest articles)
  • "<" moves you to the previous page (aka newer articles)
  • ">" moves you to the next page (aka older articles)
  • Return to the top of this page Go Now

Custom HTML Block

Click to Open Code Editor