Article: CVE-2021-43339 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43339 Published: 2021 11 03 20:15:09 Received: 2021 11 03 23:06:01 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
Article: CVE-2021-43338 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43338 Published: 2021 11 03 20:15:09 Received: 2021 11 03 23:06:01 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2021-43032 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43032 Published: 2021 11 03 20:15:09 Received: 2021 11 03 23:06:01 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2021-42772 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42772 Published: 2021 11 03 20:15:09 Received: 2021 11 03 23:06:01 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
Article: CVE-2021-41562 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41562 Published: 2021 11 03 21:15:08 Received: 2021 11 03 23:06:00 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2021-41492 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41492 Published: 2021 11 03 20:15:09 Received: 2021 11 03 23:06:00 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2021-38488 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38488 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:59 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
Article: CVE-2021-38428 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38428 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:59 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2021-38424 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38424 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:59 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2021-38422 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38422 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:59 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
Article: CVE-2021-38420 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38420 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:59 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2021-38418 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38418 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:59 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2021-38416 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38416 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:59 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
Article: CVE-2021-38411 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38411 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:59 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2021-38407 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38407 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:59 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2021-38403 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38403 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:59 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
Article: CVE-2021-35053 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35053 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:58 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2021-33800 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33800 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:57 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2021-22960 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22960 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:55 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
Article: CVE-2020-6931 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6931 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:55 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2020-28416 - published almost 3 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28416 Published: 2021 11 03 20:15:08 Received: 2021 11 03 23:05:55 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CylusOne - Advanced Cybersecurity Solution for Asset Discovery and Management - Cylus ... - published about 3 years ago. Content: Cylus Cybersecurity logo. The intricacy of railway networks and their lack of visibility makes timely detection of cyber threats more challenging. https://knowledgehub.apta.com/resource/cylus-cybersecurity-cylusone-advanced-cybersecurity-solution-for-asset-discovery-and-management Published: 2021 11 02 10:59:15 Received: 2021 11 03 23:00:35 Feed: Google Alert – cybersecurity Source: Google Alert Category: News Topic: Cyber Security |
Article: CMMC & The Defense Department's Unified Cybersecurity Standards | BeyondTrust - published about 3 years ago. Content: The Cybersecurity Maturity Model Certification (CMMC) is a unified framework designed to protect Controlled Unclassified Information (CUI) ... https://www.beyondtrust.com/resources/datasheets/cmmc-the-defense-departments-unified-cybersecurity-standards Published: 2021 11 02 12:01:42 Received: 2021 11 03 23:00:35 Feed: Google Alert – cybersecurity Source: Google Alert Category: News Topic: Cyber Security |
|
Article: Ocean County College Foundation Holds Online Conversation With Cybersecurity Expert ... - published about 3 years ago. Content: ... Blauvelt Speaker Series will welcome O'Neill – an attorney, author, cybersecurity expert, and now-former FBI operative – for a virtual talk. https://www.newjerseystage.com/articles/2021/11/02/ocean-county-college-foundation-holds-online-conversation-with-cybersecurity-expert-former-fbi-operative-eric-oneill-on-november-9th Published: 2021 11 02 13:32:10 Received: 2021 11 03 23:00:35 Feed: Google Alert – cybersecurity Source: Google Alert Category: News Topic: Cyber Security |
|
Article: New Cybersecurity Norms for Wireless Device Makers in EU - GovInfoSecurity - published almost 3 years ago. Content: Manufacturers selling wireless devices in the European Union market will soon have to adhere to a new set of European Commission cybersecurity ... https://www.govinfosecurity.com/new-cybersecurity-norms-for-wireless-device-makers-in-eu-a-17837 Published: 2021 11 02 18:48:39 Received: 2021 11 03 23:00:35 Feed: Google Alert – cybersecurity Source: Google Alert Category: News Topic: Cyber Security |
Article: Zero-trust has a branding problem - FCW - published almost 3 years ago. Content: A zero-trust approach to cybersecurity is intended to increase vigilance and minimize risk, but without the necessary context, the concept could ... https://fcw.com/articles/2021/11/02/zero-trust-branding-problem-comment.aspx?m=1 Published: 2021 11 02 20:40:19 Received: 2021 11 03 23:00:35 Feed: Google Alert – cybersecurity Source: Google Alert Category: News Topic: Cyber Security |
|
Article: Where Is Cloud Permissions Management Headed? - published almost 3 years ago. Content: https://www.darkreading.com/omdia/where-is-cloud-permissions-management-headed- Published: 2021 11 03 19:53:50 Received: 2021 11 03 23:00:26 Feed: Dark Reading: Source: Dark Reading Category: News Topic: Cyber Security |
|
Article: Researchers Scan the Web to Uncover Malware Infections - published almost 3 years ago. Content: https://www.darkreading.com/security-monitoring/researchers-scan-the-web-to-uncover-malware-infections Published: 2021 11 03 22:10:11 Received: 2021 11 03 23:00:26 Feed: Dark Reading: Source: Dark Reading Category: News Topic: Cyber Security |
Article: Obfuscated Command Line Detection Using Machine Learning - published almost 6 years ago. Content: This blog post presents a machine learning (ML) approach to solving an emerging security problem: detecting obfuscated Windows command line invocations on endpoints. We start out with an introduction to this relatively new threat capability, and then discuss how such problems have traditionally been handled. We then describe a machine learning appr... http://www.fireeye.com/blog/threat-research/2018/11/obfuscated-command-line-detection-using-machine-learning.html Published: 2018 11 29 17:00:00 Received: 2021 11 03 23:00:24 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Network of Social Media Accounts Impersonates U.S. Political Candidates, Leverages U.S. and Israeli Media in Support of Iranian Interests - published over 5 years ago. Content: In August 2018, FireEye Threat Intelligence released a report exposing what we assessed to be an Iranian influence operation leveraging networks of inauthentic news sites and social media accounts aimed at audiences around the world. We identified inauthentic social media accounts posing as everyday Americans that were used to promote content fro... http://www.fireeye.com/blog/threat-research/2019/05/social-media-network-impersonates-us-political-candidates-supports-iranian-interests.html Published: 2019 05 28 19:00:00 Received: 2021 11 03 23:00:24 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Learning to Rank Strings Output for Speedier Malware Analysis - published over 5 years ago. Content: Reverse engineers, forensic investigators, and incident responders have an arsenal of tools at their disposal to dissect malicious software binaries. When performing malware analysis, they successively apply these tools in order to gradually gather clues about a binary’s function, design detection methods, and ascertain how to contain its damage. O... http://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-strings-output-for-speedier-malware-analysis.html Published: 2019 05 29 14:30:00 Received: 2021 11 03 23:00:24 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Framing the Problem: Cyber Threats and Elections - published over 5 years ago. Content: This year, Canada, multiple European nations, and others will host high profile elections. The topic of cyber-enabled threats disrupting and targeting elections has become an increasing area of awareness for governments and citizens globally. To develop solutions and security programs to counter cyber threats to elections, it is important to begin ... http://www.fireeye.com/blog/threat-research/2019/05/framing-the-problem-cyber-threats-and-elections.html Published: 2019 05 30 15:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: FLASHMINGO: The FireEye Open Source Automatic Analysis Tool for Flash - published over 5 years ago. Content: Adobe Flash is one of the most exploited software components of the last decade. Its complexity and ubiquity make it an obvious target for attackers. Public sources list more than one thousand CVEs being assigned to the Flash Player alone since 2005. Almost nine hundred of these vulnerabilities have a Common Vulnerability Scoring System (C... http://www.fireeye.com/blog/threat-research/2019/04/flashmingo-open-source-automatic-analysis-tool-for-flash.html Published: 2019 04 15 15:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: CARBANAK Week Part Four: The CARBANAK Desktop Video Player - published over 5 years ago. Content: Part One, Part Two and Part Three of CARBANAK Week are behind us. In this final blog post, we dive into one of the more interesting tools that is part of the CARBANAK toolset. The CARBANAK authors wrote their own video player and we happened to come across an interesting video capture from CARBANAK of a network operator preparing for an... http://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-four-desktop-video-player.html Published: 2019 04 25 09:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: CARBANAK Week Part Three: Behind the CARBANAK Backdoor - published over 5 years ago. Content: We covered a lot of ground in Part One and Part Two of our CARBANAK Week blog series. Now let's take a look back at some of our previous analysis and see how it holds up. In June 2017, we published a blog post sharing novel information about the CARBANAK backdoor, including technical details, intel analysis, and some interesting deductions ... http://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-three-behind-the-backdoor.html Published: 2019 04 24 17:30:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis - published over 5 years ago. Content: FireEye has observed the certificate most recently being served on the following IPs (Table 4): IP Hostname Last Seen 104.193.252.151:443 vds2.system-host[.]net 2019-04-26T14:49:12 185.180.196.35:443 customer.clientshostname[.]com 2019-04-24T07:44... http://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-two-continuing-source-code-analysis.html Published: 2019 04 23 17:45:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: CARBANAK Week Part One: A Rare Occurrence - published over 5 years ago. Content: It is very unusual for FLARE to analyze a prolifically-used, privately-developed backdoor only to later have the source code and operator tools fall into our laps. Yet this is the extraordinary circumstance that sets the stage for CARBANAK Week, a four-part blog series that commences with this post. CARBANAK is one of the most full-featured bac... http://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html Published: 2019 04 22 17:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Solving Ad-hoc Problems with Hex-Rays API - published over 6 years ago. Content: Introduction IDA Pro is the de facto standard when it comes to binary reverse engineering. Besides being a great disassembler and debugger, it is possible to extend it and include a powerful decompiler by purchasing an additional license from Hex-Rays. The ability to switch between disassembled and decompiled code can greatly reduce the analysi... http://www.fireeye.com/blog/threat-research/2018/04/solving-ad-hoc-problems-with-hex-rays-api.html Published: 2018 04 10 15:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Introduction to Reverse Engineering Cocoa Applications - published over 7 years ago. Content: While not as common as Windows malware, there has been a steady stream of malware discovered over the years that runs on the OS X operating system, now rebranded as macOS. February saw three particularly interesting publications on the topic of macOS malware: a Trojan Cocoa application that sends system information including keychain data bac... http://www.fireeye.com/blog/threat-research/2017/03/introduction_to_reve.html Published: 2017 03 08 17:15:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Writing a libemu/Unicorn Compatability Layer - published over 7 years ago. Content: In this post we are going to take a quick look at what it takes to write a libemu compatibility layer for the Unicorn engine. In the course of this work, we will also import the libemu Win32 environment to run under Unicorn. For a bit of background, libemu is a lightweight x86 emulator written in C by Paul Baecher and Markus Koetter. It was released... http://www.fireeye.com/blog/threat-research/2017/04/libemu-unicorn-compatability-layer.html Published: 2017 04 17 12:30:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Remote Symbol Resolution - published over 7 years ago. Content: Introduction The following blog discusses a couple of common techniques that malware uses to obscure its access to the Windows API. In both forms examined, analysts must calculate the API start address and resolve the symbol from the runtime process in order to determine functionality. After introducing the techniques, we present an open source tool ... http://www.fireeye.com/blog/threat-research/2017/06/remote-symbol-resolution.html Published: 2017 06 21 12:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Introducing GoCrack: A Managed Password Cracking Tool - published about 7 years ago. Content: FireEye's Innovation and Custom Engineering (ICE) team released a tool today called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI (Figure 1 shows the dashboard) to create, view, and manage tasks. Simply deploy a GoCrack server along with a ... http://www.fireeye.com/blog/threat-research/2017/10/gocrack-managed-password-cracking-tool.html Published: 2017 10 30 14:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Windows Management Instrumentation (WMI) Offense, Defense, and Forensics - published about 9 years ago. Content: Windows Management Instrumentation (WMI) is a remote management framework that enables the collection of host information, execution of code, and provides an eventing system that can respond to operating system events in real time. FireEye has recently seen a surge in attacker use of WMI to carry out objectives such as system reconnaissance, remote... http://www.fireeye.com/blog/threat-research/2015/08/windows_managementi.html Published: 2015 08 08 18:45:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Deobfuscating Python Bytecode - published over 8 years ago. Content: Introduction During an investigation, the FLARE team came across an interesting Python malware sample (MD5: 61a9f80612d3f7566db5bdf37bbf22cf ) that is packaged using py2exe. Py2exe is a popular way to compile and package Python scripts into executables. When we encounter this type of malware we typically just decompile and read the Python sourc... http://www.fireeye.com/blog/threat-research/2016/05/deobfuscating_python.html Published: 2016 05 03 12:30:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities - published over 5 years ago. Content: FireEye Labs recently observed an attack against the government sector in Central Asia. The attack involved the new HAWKBALL backdoor being delivered via well-known Microsoft Office vulnerabilities CVE-2017-11882 and CVE-2018-0802. HAWKBALL is a backdoor that attackers can use to collect information from the victim, as well as to deliver payloads. H... http://www.fireeye.com/blog/threat-research/2019/06/government-in-central-asia-targeted-with-hawkball-backdoor.html Published: 2019 06 05 15:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: OVERRULED: Containing a Potentially Destructive Adversary - published almost 6 years ago. Content: Introduction FireEye assesses APT33 may be behind a series of intrusions and attempted intrusions within the engineering industry. Public reporting indicates this activity may be related to recent destructive attacks. FireEye's Managed Defense has responded to and contained numerous intrusions that we assess are related. The actor is leveraging pu... http://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html Published: 2018 12 21 19:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Churning Out Machine Learning Models: Handling Changes in Model Predictions - published over 5 years ago. Content: Introduction Machine learning (ML) is playing an increasingly important role in cyber security. Here at FireEye, we employ ML for a variety of tasks such as: antivirus, malicious PowerShell detection, and correlating threat actor behavior. While many people think that a data scientist’s job is finished when a model is built, the truth is t... http://www.fireeye.com/blog/threat-research/2019/04/churning-out-machine-learning-models-handling-changes-in-model-predictions.html Published: 2019 04 09 17:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Announcing the Sixth Annual Flare-On Challenge - published over 5 years ago. Content: The FireEye Labs Advanced Reverse Engineering (FLARE) team is thrilled to announce that the popular Flare-On reverse engineering challenge will return for the sixth straight year. The contest will begin at 8:00 p.m. ET on Aug. 16, 2019. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security ... http://www.fireeye.com/blog/threat-research/2019/07/announcing-the-sixth-annual-flare-on-challenge.html Published: 2019 07 30 16:15:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools - published over 5 years ago. Content: Paging all digital forensicators, incident responders, and memory manager enthusiasts! Have you ever found yourself at a client site working around the clock to extract evil from a Windows 10 image? Have you hit the wall at step zero, running into difficulties viewing a process tree, or enumerating kernel modules? Or even worse, had to face the C-S... http://www.fireeye.com/blog/threat-research/2019/07/finding-evil-in-windows-ten-compressed-memory-part-one.html Published: 2019 07 25 19:15:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Second Adobe Flash Zero-Day CVE-2015-5122 from HackingTeam Exploited in Strategic Web Compromise Targeting Japanese Victims - published over 9 years ago. Content: On July 14, FireEye researchers discovered attacks exploiting the Adobe Flash vulnerability CVE-2015-5122, just four days after Adobe released a patch. CVE-2015-5122 was the second Adobe Flash zero-day revealed in the leak of HackingTeam’s internal data. The campaign targeted Japanese organizations by using at least two legitimate Japanese websites... http://www.fireeye.com/blog/threat-research/2015/07/second_adobe_flashz.html Published: 2015 07 19 20:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: iBackDoor: High-risk Code Sneaks into the App Store - published about 9 years ago. Content: The library embeds backdoors in unsuspecting apps that make use of it to display ads, exposing sensitive data and functionality. The backdoors can be controlled remotely by loading JavaScript code from remote servers to perform the following actions: Capture audio and screenshots. Monitor and upload device location. Read/delete/create/modify file... http://www.fireeye.com/blog/threat-research/2015/10/ibackdoor_high-risk.html Published: 2015 10 26 13:51:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: A Growing Number of Android Malware Families Believed to Have a Common Origin: A Study Based on Binary Code - published over 8 years ago. Content: Introduction On Feb. 19, IBM XForce researchers released an intelligence report [1] stating that the source code for GM Bot was leaked to a crimeware forum in December 2015. GM Bot is a sophisticated Android malware family that emerged in the Russian-speaking cybercrime underground in late 2014. IBM also claimed that several Android malware f... http://www.fireeye.com/blog/threat-research/2016/03/android-malware-families.html Published: 2016 03 11 15:04:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: #TweetBlog: APT29, Phishing and the Challenges of Attribution - published almost 6 years ago. Content: FireEye researchers, analysts and incident responders frequently share information and engage with the security community on Twitter and other social media platforms. Sometimes this information adds so much to ongoing discussions that we feel it is important to share on our blogs. Recently, we detected intrusion attempts against multiple industr... http://www.fireeye.com/blog/threat-research/2018/11/tweetblog-apt29-phishing-and-the-challenges-of-attribution.html Published: 2018 11 20 04:55:36 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: GAME OVER: Detecting and Stopping an APT41 Operation - published about 5 years ago. Content: In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group, APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. APT41 is known to adapt quickly to changes and detections wi... http://www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html Published: 2019 08 19 17:30:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive - published about 5 years ago. Content: Introduction This blog post is the second in a three-part series covering our Windows 10 memory forensics research and it coincides with our BlackHat USA 2019 presentation. In Part One of the series, we covered the integration of the research in both Volatily and Rekall memory forensics tools. We demonstrated that forensic artifacts (including... http://www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-two.html Published: 2019 08 08 20:30:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Healthcare: Research Data and PII Continuously Targeted by Multiple Threat Actors - published about 5 years ago. Content: The healthcare industry faces a range of threat groups and malicious activity. Given the critical role that healthcare plays within society and its relationship with our most sensitive information, the risk to this sector is especially consequential. It may also be one of the major reasons why we find healthcare to be one of the most retargeted indus... http://www.fireeye.com/blog/threat-research/2019/08/healthcare-research-data-pii-continuously-targeted-by-multiple-threat-actors.html Published: 2019 08 23 18:30:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Definitive Dossier of Devilish Debug Details – Part One: PDB Paths and Malware - published about 5 years ago. Content: Have you ever wondered what goes through the mind of a malware author? How they build their tools? How they organize their development projects? What kind of computers and software they use? We took a stab and answering some of those questions by exploring malware debug information. We find that malware developers give descriptive names to their f... http://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html Published: 2019 08 29 22:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Open Sourcing StringSifter - published about 5 years ago. Content: Malware analysts routinely use the Strings program during static analysis in order to inspect a binary's printable characters. However, identifying relevant strings by hand is time consuming and prone to human error. Larger binaries produce upwards of thousands of strings that can quickly evoke analyst fatigue, relevant strings occur less often tha... http://www.fireeye.com/blog/threat-research/2019/09/open-sourcing-stringsifter.html Published: 2019 09 07 17:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: 2019 Flare-On Challenge Solutions - published about 5 years ago. Content: We are pleased to announce the conclusion of the sixth annual Flare-On Challenge. The popularity of this event continues to grow and this year we saw a record number of players as well as finishers. We will break down the numbers later in the post, but right now let’s look at the fun stuff: the prize! Each of the 308 dedicated and amazing players t... http://www.fireeye.com/blog/threat-research/2019/09/2019-flare-on-challenge-solutions.html Published: 2019 09 28 00:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Showing Vulnerability to a Machine: Automated Prioritization of Software Vulnerabilities - published about 5 years ago. Content: Introduction If a software vulnerability can be detected and remedied, then a potential intrusion is prevented. While not all software vulnerabilities are known, 86 percent of vulnerabilities leading to a data breach were patchable, though there is some risk of inadvertent damage when applying software patches. When new vulnerabilities are ide... http://www.fireeye.com/blog/threat-research/2019/08/automated-prioritization-of-software-vulnerabilities.html Published: 2019 08 13 16:45:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction - published about 5 years ago. Content: This is the final post in the three-part series: Finding Evil in Windows 10 Compressed Memory. In the first post (Volatility and Rekall Tools), the FLARE team introduced updates to both memory forensic toolkits. These updates enabled these open source tools to analyze previously inaccessible compressed data in memory. This research was shared... http://www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-three.html Published: 2019 08 08 20:45:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: The FireEye OT-CSIO: An Ontology to Understand, Cross-Compare, and Assess Operational Technology Cyber Security Incidents - published about 5 years ago. Content: The FireEye Operational Technology Cyber Security Incident Ontology (OT-CSIO) While the number of threats to operational technology (OT) have significantly increased since the discovery of Stuxnet – driven by factors such as the growing convergence with information technology (IT) networks and the increasing availability of OT information, technol... http://www.fireeye.com/blog/threat-research/2019/09/ontology-understand-assess-operational-technology-cyber-incidents.html Published: 2019 09 30 17:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: IDA, I Think It’s Time You And I Had a Talk: Controlling IDA Pro With Voice Control Software - published about 5 years ago. Content: Introduction This blog post is the next episode in the FireEye Labs Advanced Reverse Engineering (FLARE) team Script Series. Today, we are sharing something quite unusual. It is not a tool or a virtual machine distribution, nor is it a plugin or script for a popular reverse engineering tool or framework. Rather, it is a profile created for a consu... http://www.fireeye.com/blog/threat-research/2019/10/controlling-ida-pro-with-voice-control-software.html Published: 2019 10 03 17:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil - published about 5 years ago. Content: Attackers often make their lives easier by relying on pre-existing operating system and third party applications in an enterprise environment. Leveraging these applications assists them with blending in with normal network activity and removes the need to develop or bring their own malware. This tactic is often referred to as Living Off The Land.... http://www.fireeye.com/blog/threat-research/2019/10/leveraging-apple-remote-desktop-for-good-and-evil.html Published: 2019 10 09 21:30:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Staying Hidden on the Endpoint: Evading Detection with Shellcode - published about 5 years ago. Content: True red team assessments require a secondary objective of avoiding detection. Part of the glory of a successful red team assessment is not getting detected by anything or anyone on the system. As modern Endpoint Detection and Response (EDR) products have matured over the years, the red teams must follow suit. This blog post will provide some insig... http://www.fireeye.com/blog/threat-research/2019/10/staying-hidden-on-the-endpoint-evading-detection-with-shellcode.html Published: 2019 10 10 18:00:00 Received: 2021 11 03 23:00:23 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques - published about 5 years ago. Content: During several recent incident response engagements, FireEye Mandiant investigators uncovered new tools in FIN7’s malware arsenal and kept pace as the global criminal operators attempted new evasion techniques. In this blog, we reveal two of FIN7’s new tools that we have called BOOSTWRITE and RDFSNIFFER. The first of FIN7's new tools is BOOSTWRI... http://www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-techniques.html Published: 2019 10 10 12:00:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: LOWKEY: Hunting for the Missing Volume Serial ID - published about 5 years ago. Content: In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group: APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. This blog post is about the sophisticated passive backdoor we t... http://www.fireeye.com/blog/threat-research/2019/10/lowkey-hunting-for-the-missing-volume-serial-id.html Published: 2019 10 15 14:15:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Definitive Dossier of Devilish Debug Details – Part Deux: A Didactic Deep Dive into Data Driven Deductions - published about 5 years ago. Content: In Part One of this blog series, Steve Miller outlined what PDB paths are, how they appear in malware, how we use them to detect malicious files, and how we sometimes use them to make associations about groups and actors. As Steve continued his research into PDB paths, we became interested in applying more general statistical analysis. The PDB p... http://www.fireeye.com/blog/threat-research/2019/10/definitive-dossier-of-devilish-debug-details-part-deux.html Published: 2019 10 17 15:30:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: SharPersist: Windows Persistence Toolkit in C# - published about 5 years ago. Content: Background PowerShell has been used by the offensive community for several years now but recent advances in the defensive security industry are causing offensive toolkits to migrate from PowerShell to reflective C# to evade modern security products. Some of these advancements include Script Block Logging, Antimalware Scripting Interface (AMSI), and ... http://www.fireeye.com/blog/threat-research/2019/09/sharpersist-windows-persistence-toolkit.html Published: 2019 09 03 16:30:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Commando VM 2.0: Customization, Containers, and Kali, Oh My! - published about 5 years ago. Content: The Complete Mandiant Offensive Virtual Machine (“Commando VM”) swept the penetration testing community by storm when it debuted in early 2019 at Black Hat Asia Arsenal. Our 1.0 release made headway featuring more than 140 tools. Well now we are back again for another spectacular release, this time at Black Hat USA Arsenal 2019! In this 2.0 release... http://www.fireeye.com/blog/threat-research/2019/08/commando-vm-customization-containers-kali.html Published: 2019 08 07 19:15:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Hunting COM Objects - published over 5 years ago. Content: COM objects have recently been used by penetration testers, Red Teams, and malicious actors to perform lateral movement. COM objects were studied by several other researchers in the past, including Matt Nelson (enigma0x3), who published a blog post about it in 2017. Some of these COM objects were also added to the Empire project. To improve the R... http://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html Published: 2019 06 04 14:45:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Hunting COM Objects (Part Two) - published over 5 years ago. Content: Background As a follow up to Part One in this blog series on COM object hunting, this post will talk about taking the COM object hunting methodology deeper by looking at interesting COM object methods exposed in properties and sub-properties of COM objects. What is a COM Object? According to Microsoft, “The Microsoft Component Object Model (CO... http://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects-part-two.html Published: 2019 06 11 15:15:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Finding Weaknesses Before the Attackers Do - published over 5 years ago. Content: This blog post originally appeared as an article in M-Trends 2019. FireEye Mandiant red team consultants perform objectives-based assessments that emulate real cyber attacks by advanced and nation state attackers across the entire attack lifecycle by blending into environments and observing how employees interact with their workstations and appli... http://www.fireeye.com/blog/threat-research/2019/04/finding-weaknesses-before-the-attackers-do.html Published: 2019 04 08 16:30:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Commando VM: The First of Its Kind Windows Offensive Distribution - published over 5 years ago. Content: For penetration testers looking for a stable and supported Linux testing platform, the industry agrees that Kali is the go-to platform. However, if you’d prefer to use Windows as an operating system, you may have noticed that a worthy platform didn’t exist. As security researchers, every one of us has probably spent hours customizing a Windo... http://www.fireeye.com/blog/threat-research/2019/03/commando-vm-windows-offensive-distribution.html Published: 2019 03 29 01:00:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Bring Your Own Land (BYOL) – A Novel Red Teaming Technique - published over 6 years ago. Content: Introduction One of most significant recent developments in sophisticated offensive operations is the use of “Living off the Land” (LotL) techniques by attackers. These techniques leverage legitimate tools present on the system, such as the PowerShell scripting language, in order to execute attacks. The popularity of PowerShell as an offensive too... http://www.fireeye.com/blog/threat-research/2018/06/bring-your-own-land-novel-red-teaming-technique.html Published: 2018 06 18 15:45:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Shikata Ga Nai Encoder Still Going Strong - published about 5 years ago. Content: One of the most popular exploit frameworks in the world is Metasploit. Its vast library of pocket exploits, pluggable payload environment, and simplicity of execution makes it the de facto base platform. Metasploit is used by pentesters, security enthusiasts, script kiddies, and even malicious actors. It is so prevalent that its user base even incl... http://www.fireeye.com/blog/threat-research/2019/10/shikata-ga-nai-encoder-still-going-strong.html Published: 2019 10 21 17:00:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Bypassing Network Restrictions Through RDP Tunneling - published almost 6 years ago. Content: Remote Desktop Services is a component of Microsoft Windows that is used by various companies for the convenience it offers systems administrators, engineers and remote employees. On the other hand, Remote Desktop Services, and specifically the Remote Desktop Protocol (RDP), offers this same convenience to remote threat actors during targeted syste... http://www.fireeye.com/blog/threat-research/2019/01/bypassing-network-restrictions-through-rdp-tunneling.html Published: 2019 01 24 16:00:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit - published over 10 years ago. Content: Less than a week after uncovering Operation SnowMan, the FireEye Dynamic Threat Intelligence cloud has identified another targeted attack campaign — this one exploiting a zero-day vulnerability in Flash. We are collaborating with Adobe security on this issue. Adobe has assigned the CVE identifier CVE-2014-0502 to this vulnerability and released a s... http://www.fireeye.com/blog/threat-research/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html Published: 2014 02 20 18:00:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: MESSAGETAP: Who’s Reading Your Text Messages? - published about 5 years ago. Content: FireEye Mandiant recently discovered a new malware family used by APT41 (a Chinese APT group) that is designed to monitor and save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent theft. Named MESSAGETAP, the tool was deployed by APT41 in a telecommunications network provider in support of Chinese espionage efforts.... http://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html Published: 2019 10 31 13:00:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Attention is All They Need: Combatting Social Media Information Operations With Neural Language Models - published almost 5 years ago. Content: Information operations have flourished on social media in part because they can be conducted cheaply, are relatively low risk, have immediate global reach, and can exploit the type of viral amplification incentivized by platforms. Using networks of coordinated accounts, social media-driven information operations disseminate and amplify content desi... http://www.fireeye.com/blog/threat-research/2019/11/combatting-social-media-information-operations-neural-language-models.html Published: 2019 11 14 17:00:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: FIDL: FLARE’s IDA Decompiler Library - published almost 5 years ago. Content: IDA Pro and the Hex Rays decompiler are a core part of any toolkit for reverse engineering and vulnerability research. In a previous blog post we discussed how the Hex-Rays API can be used to solve small, well-defined problems commonly seen as part of malware analysis. Having access to a higher-level representation of binary code makes the Hex-Rays... http://www.fireeye.com/blog/threat-research/2019/11/fidl-flare-ida-decompiler-library.html Published: 2019 11 25 20:00:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774) - published almost 5 years ago. Content: Attackers have a dirty little secret that is being used to conduct big intrusions. We’ll explain how they're "unpatching" an exploit and then provide new Outlook hardening guidance that is not available elsewhere. Specifically, this blog post covers field-tested automated registry processing for registry keys to protect against attacker attempts to... http://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html Published: 2019 12 04 10:00:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: The FireEye Approach to Operational Technology Security - published almost 5 years ago. Content: Today FireEye launches the Cyber Physical Threat Intelligence subscription, which provides cyber security professionals with unmatched context, data and actionable analysis on threats and risk to cyber physical systems. In light of this release, we thought it would be helpful to explain FireEye’s philosophy and broader approach to operational techn... http://www.fireeye.com/blog/threat-research/2019/12/fireeye-approach-to-operational-technology-security.html Published: 2019 12 11 13:00:00 Received: 2021 11 03 23:00:22 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Alleged Twitter hacker charged with theft of $784K in crypto via SIM swaps - published almost 3 years ago. Content: https://www.bleepingcomputer.com/news/security/alleged-twitter-hacker-charged-with-theft-of-784k-in-crypto-via-sim-swaps/ Published: 2021 11 03 22:55:49 Received: 2021 11 03 23:00:09 Feed: Bleeping Computer - All News Feeds Source: Bleeping Computer Category: News Topic: Cyber Security |
Click to Open Code Editor