All Articles

Ordered by Date Received : Year: "2022" Month: "05" Day: "23" Hour: "16"
Page: << < 2 (of 2)

Total Articles in this collection: 124

Navigation Help at the bottom of the page

Article: New FakeNet-NG Feature: Content-Based Protocol Detection - published over 6 years ago.
Content: I (Matthew Haigh) recently contributed to FLARE’s FakeNet-NG network simulator by adding content-based protocol detection and configuration. This feature is useful for analyzing malware that uses a protocol over a non-standard port; for example, HTTP over port 81. The new feature also detects and adapts to SSL so that any protocol can be used with ...
https://www.fireeye.com/blog/threat-research/2017/10/fakenet-content-based-protocol-detection.html
Published: 2017 10 23 15:15:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Get your Free Scan and Score Certificate

Article: Cmd and Conquer: De-DOSfuscation with flare-qdb - published over 5 years ago.
Content: When Daniel Bohannon released his excellent DOSfuscation paper, I was fascinated to see how tricks I used as a systems engineer could help attackers evade detection. I didn’t have much to contribute to this conversation until I had to analyze a hideously obfuscated batch file as part of my job on the FLARE malware queue. Previously, I released fla...
https://www.fireeye.com/blog/threat-research/2018/11/cmd-and-conquer-de-dosfuscation-with-flare-qdb.html
Published: 2018 11 20 17:30:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Free Score Certificate

Article: Loading Kernel Shellcode - published about 6 years ago.
Content: In the wake of recent hacking tool dumps, the FLARE team saw a spike in malware samples detonating kernel shellcode. Although most samples can be analyzed statically, the FLARE team sometimes debugs these samples to confirm specific functionality. Debugging can be an efficient way to get around packing or obfuscation and quickly identify the struct...
https://www.fireeye.com/blog/threat-research/2018/04/loading-kernel-shellcode.html
Published: 2018 04 23 15:00:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Summary

Get your Free Scan and Score Certificate

Cyber Tzar Free Score Certificate

Article: Introducing Linux Support for FakeNet-NG: FLARE’s Next Generation Dynamic Network Analysis Tool - published almost 7 years ago.
Content: Introduction In 2016, FLARE introduced FakeNet-NG, an open-source network analysis tool written in Python. FakeNet-NG allows security analysts to observe and interact with network applications using standard or custom protocols on a single Windows host, which is especially useful for malware analysis and reverse engineering. Since FakeNet-NG’s rel...
https://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-fakenet-ng.html
Published: 2017 07 05 15:00:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Get your repeat Free Scan and Score Certificate

Article: FLARE Script Series: Querying Dynamic State using the FireEye Labs Query-Oriented Debugger (flare-qdb) - published over 7 years ago.
Content: Introduction This post continues the FireEye Labs Advanced Reverse Engineering (FLARE) script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on Windows and Linux, and can be obtained from the flare...
https://www.fireeye.com/blog/threat-research/2017/01/flare_script_series.html
Published: 2017 01 04 14:02:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Your Score Explained

Article: 2015 FLARE-ON Challenge Solutions - published over 8 years ago.
Content: The first few challenges narrowed the playing field drastically, with most serious contestants holding firm through challenges 4-9. The last two increased the difficulty level and proved a difficult final series of challenges for a well-earned finish line. The FLARE On Challenge always reaches a very wide international audience. Outside of the USA, ...
https://www.fireeye.com/blog/threat-research/2015/09/flare-on_challenges.html
Published: 2015 09 08 14:56:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Gold Score Certificate

Get your repeat Free Scan and Score Certificate

Cyber Tzar Score Summary

Article: FLARE Script Series: flare-dbg Plug-ins - published about 8 years ago.
Content: Introduction This post continues the FireEye Labs Advanced Reverse Engineering (FLARE) script series. In this post, we continue to discuss the flare-dbg project. If you haven’t read my first post on using flare-dbg to automate string decoding, be sure to check it out! We created the flare-dbg Python project to support the creation of plug-ins ...
https://www.fireeye.com/blog/threat-research/2016/02/flare_script_series.html
Published: 2016 02 09 12:00:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Security Made Simple

Article: Connecting the Dots: Syrian Malware Team Uses BlackWorm for Attacks - published over 9 years ago.
Content: The Syrian Electronic Army has made news for its recent attacks on major communications websites, Forbes, and an alleged attack on CENTCOM. While these attacks garnered public attention, the activities of another group - The Syrian Malware Team - have gone largely unnoticed. The group’s activities prompted us to take a closer look. We discovere...
https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html
Published: 2014 08 29 08:00:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Analysis

Article: Two Limited, Targeted Attacks; Two New Zero-Days - published over 9 years ago.
Content: The FireEye Labs team has identified two new zero-day vulnerabilities as part of limited, targeted attacks against some major corporations. Both zero-days exploit the Windows Kernel, with Microsoft assigning CVE-2014-4148 and CVE-2014-4113 to and addressing the vulnerabilities in their October 2014 Security Bulletin. FireEye Labs have identified...
https://www.fireeye.com/blog/threat-research/2014/10/two-targeted-attacks-two-new-zero-days.html
Published: 2014 10 14 14:46:54
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Impact Distribution

Cyber Security Made Simple

Cyber Tzar Your Score Explained

Article: iOS Masque Attack Revived: Bypassing Prompt for Trust and App URL Scheme Hijacking - published about 9 years ago.
Content: In November of last year, we uncovered a major flaw in iOS we dubbed “Masque Attack” that allowed for malicious apps to replace existing, legitimate ones on an iOS device via SMS, email, or web browsing. In total, we have notified Apple of five security issues related to four kinds of Masque Attacks. Today, we are sharing Masque Attack II in the ...
https://www.fireeye.com/blog/threat-research/2015/02/ios_masque_attackre.html
Published: 2015 02 19 19:00:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Platform Highlights

Article: NitlovePOS: Another New POS Malware - published almost 9 years ago.
Content: There has been a proliferation of malware specifically designed to extract payment card information from Point-of-Sale (POS) systems over the last two years. In 2015, there have already been a variety of new POS malware identified including a new Alina variant, FighterPOS and Punkey. During our research into a widespread spam campaign, we dis...
https://www.fireeye.com/blog/threat-research/2015/05/nitlovepos_another.html
Published: 2015 05 23 18:05:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Impact Assesment

Article: Three New Masque Attacks against iOS: Demolishing, Breaking and Hijacking - published almost 9 years ago.
Content: In the recent release of iOS 8.4, Apple fixed several vulnerabilities including vulnerabilities that allow attackers to deploy two new kinds of Masque Attack (CVE-2015-3722/3725, and CVE-2015-3725). We call these exploits Manifest Masque and Extension Masque, which can be used to demolish apps, including system apps (e.g., Apple Watch, Health, Pay ...
https://www.fireeye.com/blog/threat-research/2015/06/three_new_masqueatt.html
Published: 2015 06 30 14:00:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Your Score Explained

Cyber Tzar Platform Highlights

Cyber Tzar Gold Score Certificate

Article: XcodeGhost S: A New Breed Hits the US - published over 8 years ago.
Content: Just over a month ago, iOS users were warned of the threat to their devices by the XcodeGhost malware. Apple quickly reacted, taking down infected apps from the App Store and releasing new security features to stop malicious activities. Through continuous monitoring of our customers’ networks, FireEye researchers have found that, despite the quick ...
https://www.fireeye.com/blog/threat-research/2015/11/xcodeghost_s_a_new.html
Published: 2015 11 03 12:27:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Sites

Article: Hot or Not? The Benefits and Risks of iOS Remote Hot Patching - published over 8 years ago.
Content: Introduction Apple has made a significant effort to build and maintain a healthy and clean app ecosystem. The essential contributing component to this status quo is the App Store, which is protected by a thorough vetting process that scrutinizes all submitted applications. While the process is intended to protect iOS users and ensure apps meet Ap...
https://www.fireeye.com/blog/threat-research/2016/01/hot_or_not_the_bene.html
Published: 2016 01 27 13:00:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Groups Explained

Article: Locky is Back Asking for Unpaid Debts - published almost 8 years ago.
Content: On June 21, 2016, FireEye’s Dynamic Threat Intelligence (DTI) identified an increase in JavaScript contained within spam emails. FireEye analysts determined the increase was the result of a new Locky ransomware spam campaign. As shown in Figure 1, Locky spam activity was uninterrupted until June 1, 2016, when it stopped for nearly three weeks. Durin...
https://www.fireeye.com/blog/threat-research/2016/06/locky-is-back-and-asking-for-unpaid-debts.html
Published: 2016 06 24 17:30:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Cyber Tzar Sites

Cyber Tzar Score Analysis

Article: Rotten Apples: Apple-like Malicious Phishing Domains - published almost 8 years ago.
Content: At FireEye Labs we have an automated system designed to proactively detect newly registered malicious domains. This system observed some phishing domains registered in the first quarter of 2016 that were designed to appear as legitimate Apple domains. These phony Apple domains were involved in phishing attacks against Apple iCloud users in China an...
https://www.fireeye.com/blog/threat-research/2016/06/rotten_apples_apple.html
Published: 2016 06 07 12:00:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Developer? Secuity Assesor? Risk Manager? Actary? We can help, whatever you need

Article: Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government - published about 7 years ago.
Content: Introduction FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool (RAT) that has been used for nearly a decade for key logging, screen and video ca...
https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html
Published: 2017 02 22 14:45:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Article: How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners - published almost 6 years ago.
Content: Introduction Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized. This interest has increased in recent years, stemming far beyond the desire to simply use cryptocurrencies as a method of payment for illicit tools and services. Many actors have also attempted to capitalize on...
https://www.fireeye.com/blog/threat-research/2018/07/cryptocurrencies-cyber-crime-growth-of-miners.html
Published: 2018 07 18 14:00:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Developer? Secuity Assesor? Risk Manager? Actary? We can help, whatever you need

Cyber Tzar Risk Impact Distribution

Article: Network of Social Media Accounts Impersonates U.S. Political Candidates, Leverages U.S. and Israeli Media in Support of Iranian Interests - published almost 5 years ago.
Content: In August 2018, FireEye Threat Intelligence released a report exposing what we assessed to be an Iranian influence operation leveraging networks of inauthentic news sites and social media accounts aimed at audiences around the world. We identified inauthentic social media accounts posing as everyday Americans that were used to promote content fro...
https://www.fireeye.com/blog/threat-research/2019/05/social-media-network-impersonates-us-political-candidates-supports-iranian-interests.html
Published: 2019 05 28 19:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Learn more about our products

Article: Learning to Rank Strings Output for Speedier Malware Analysis - published almost 5 years ago.
Content: Reverse engineers, forensic investigators, and incident responders have an arsenal of tools at their disposal to dissect malicious software binaries. When performing malware analysis, they successively apply these tools in order to gradually gather clues about a binary’s function, design detection methods, and ascertain how to contain its damage. O...
https://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-strings-output-for-speedier-malware-analysis.html
Published: 2019 05 29 14:30:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Article: Framing the Problem: Cyber Threats and Elections - published almost 5 years ago.
Content: This year, Canada, multiple European nations, and others will host high profile elections. The topic of cyber-enabled threats disrupting and targeting elections has become an increasing area of awareness for governments and citizens globally. To develop solutions and security programs to counter cyber threats to elections, it is important to begin ...
https://www.fireeye.com/blog/threat-research/2019/05/framing-the-problem-cyber-threats-and-elections.html
Published: 2019 05 30 15:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Learn more about our products

Cyber Tzar Risk Impact Assesment

Article: FLASHMINGO: The FireEye Open Source Automatic Analysis Tool for Flash - published about 5 years ago.
Content: Adobe Flash is one of the most exploited software components of the last decade. Its complexity and ubiquity make it an obvious target for attackers. Public sources list more than one thousand CVEs being assigned to the Flash Player alone since 2005. Almost nine hundred of these vulnerabilities have a Common Vulnerability Scoring System (C...
https://www.fireeye.com/blog/threat-research/2019/04/flashmingo-open-source-automatic-analysis-tool-for-flash.html
Published: 2019 04 15 15:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

View our available products

Article: Solving Ad-hoc Problems with Hex-Rays API - published about 6 years ago.
Content: Introduction IDA Pro is the de facto standard when it comes to binary reverse engineering. Besides being a great disassembler and debugger, it is possible to extend it and include a powerful decompiler by purchasing an additional license from Hex-Rays. The ability to switch between disassembled and decompiled code can greatly reduce the analysi...
https://www.fireeye.com/blog/threat-research/2018/04/solving-ad-hoc-problems-with-hex-rays-api.html
Published: 2018 04 10 15:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Article: Writing a libemu/Unicorn Compatability Layer - published about 7 years ago.
Content: In this post we are going to take a quick look at what it takes to write a libemu compatibility layer for the Unicorn engine. In the course of this work, we will also import the libemu Win32 environment to run under Unicorn. For a bit of background, libemu is a lightweight x86 emulator written in C by Paul Baecher and Markus Koetter. It was released...
https://www.fireeye.com/blog/threat-research/2017/04/libemu-unicorn-compatability-layer.html
Published: 2017 04 17 12:30:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Re-Score Report

View our available products

Cyber Tzar Your Score Explained

Article: Remote Symbol Resolution - published almost 7 years ago.
Content: Introduction The following blog discusses a couple of common techniques that malware uses to obscure its access to the Windows API. In both forms examined, analysts must calculate the API start address and resolve the symbol from the runtime process in order to determine functionality. After introducing the techniques, we present an open source tool ...
https://www.fireeye.com/blog/threat-research/2017/06/remote-symbol-resolution.html
Published: 2017 06 21 12:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

View our product reports

Article: Introducing GoCrack: A Managed Password Cracking Tool - published over 6 years ago.
Content: FireEye's Innovation and Custom Engineering (ICE) team released a tool today called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI (Figure 1 shows the dashboard) to create, view, and manage tasks. Simply deploy a GoCrack server along with a ...
https://www.fireeye.com/blog/threat-research/2017/10/gocrack-managed-password-cracking-tool.html
Published: 2017 10 30 14:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Windows Management Instrumentation (WMI) Offense, Defense, and Forensics - published almost 9 years ago.
Content: Windows Management Instrumentation (WMI) is a remote management framework that enables the collection of host information, execution of code, and provides an eventing system that can respond to operating system events in real time. FireEye has recently seen a surge in attacker use of WMI to carry out objectives such as system reconnaissance, remote...
https://www.fireeye.com/blog/threat-research/2015/08/windows_managementi.html
Published: 2015 08 08 18:45:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

View our product reports

Cyber Tzar Risk Groups Explained

Article: Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities - published almost 5 years ago.
Content: FireEye Labs recently observed an attack against the government sector in Central Asia. The attack involved the new HAWKBALL backdoor being delivered via well-known Microsoft Office vulnerabilities CVE-2017-11882 and CVE-2018-0802. HAWKBALL is a backdoor that attackers can use to collect information from the victim, as well as to deliver payloads. H...
https://www.fireeye.com/blog/threat-research/2019/06/government-in-central-asia-targeted-with-hawkball-backdoor.html
Published: 2019 06 05 15:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Our principles

Article: Churning Out Machine Learning Models: Handling Changes in Model Predictions - published about 5 years ago.
Content: Introduction Machine learning (ML) is playing an increasingly important role in cyber security. Here at FireEye, we employ ML for a variety of tasks such as: antivirus, malicious PowerShell detection, and correlating threat actor behavior. While many people think that a data scientist’s job is finished when a model is built, the truth is t...
https://www.fireeye.com/blog/threat-research/2019/04/churning-out-machine-learning-models-handling-changes-in-model-predictions.html
Published: 2019 04 09 17:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: June 2 6/12/2015 Consulting Thought Leadership "Proactively Engaged – Questions Executives Should Ask Their Security Teams " "-Many breaches occur as a result of executive decisions made w/out full knowledge of the people/processes needed to prevent them; -Offers specific questions that execs should ask to understand and prevent a breach" Jim Aldridge Kyrk Content Finalized Global June 2 6/12/2015 Consulting Thought Leadership "Proactively Engaged – Questions Executives Should Ask Their Security Teams " "-Many breaches occur as a result of executive decisions made w/out full knowledge of the people/processes needed to prevent them; -Offers specific questions that execs should ask to understand and prevent a breach" Jim Aldridge Kyrk Content Finalized GlobCaching Out: The Value of Shimcache for Investigators - published almost 9 years ago.
Content:
https://www.fireeye.com/blog/threat-research/2015/06/june_2_6_12_2015con.html
Published: 2015 06 17 18:25:34
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Our principles

Cyber Tzar Change Over Time (Extended)

Article: Second Adobe Flash Zero-Day CVE-2015-5122 from HackingTeam Exploited in Strategic Web Compromise Targeting Japanese Victims - published almost 9 years ago.
Content: On July 14, FireEye researchers discovered attacks exploiting the Adobe Flash vulnerability CVE-2015-5122, just four days after Adobe released a patch. CVE-2015-5122 was the second Adobe Flash zero-day revealed in the leak of HackingTeam’s internal data. The campaign targeted Japanese organizations by using at least two legitimate Japanese websites...
https://www.fireeye.com/blog/threat-research/2015/07/second_adobe_flashz.html
Published: 2015 07 19 20:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Read our FAQ

Article: iBackDoor: High-risk Code Sneaks into the App Store - published over 8 years ago.
Content: The library embeds backdoors in unsuspecting apps that make use of it to display ads, exposing sensitive data and functionality. The backdoors can be controlled remotely by loading JavaScript code from remote servers to perform the following actions: Capture audio and screenshots. Monitor and upload device location. Read/delete/create/modify file...
https://www.fireeye.com/blog/threat-research/2015/10/ibackdoor_high-risk.html
Published: 2015 10 26 13:51:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: A Growing Number of Android Malware Families Believed to Have a Common Origin: A Study Based on Binary Code - published about 8 years ago.
Content: Introduction On Feb. 19, IBM XForce researchers released an intelligence report [1] stating that the source code for GM Bot was leaked to a crimeware forum in December 2015. GM Bot is a sophisticated Android malware family that emerged in the Russian-speaking cybercrime underground in late 2014. IBM also claimed that several Android malware f...
https://www.fireeye.com/blog/threat-research/2016/03/android-malware-families.html
Published: 2016 03 11 15:04:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Read our FAQ

Cyber Tzar Change Over Time (Extended)

Article: Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive - published almost 5 years ago.
Content: Introduction This blog post is the second in a three-part series covering our Windows 10 memory forensics research and it coincides with our BlackHat USA 2019 presentation. In Part One of the series, we covered the integration of the research in both Volatily and Rekall memory forensics tools. We demonstrated that forensic artifacts (including...
https://www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-two.html
Published: 2019 08 08 20:30:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

How we calculate your Cyber Risk Score

Article: Open Sourcing StringSifter - published over 4 years ago.
Content: Malware analysts routinely use the Strings program during static analysis in order to inspect a binary's printable characters. However, identifying relevant strings by hand is time consuming and prone to human error. Larger binaries produce upwards of thousands of strings that can quickly evoke analyst fatigue, relevant strings occur less often tha...
https://www.fireeye.com/blog/threat-research/2019/09/open-sourcing-stringsifter.html
Published: 2019 09 07 17:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Showing Vulnerability to a Machine: Automated Prioritization of Software Vulnerabilities - published over 4 years ago.
Content: Introduction If a software vulnerability can be detected and remedied, then a potential intrusion is prevented. While not all software vulnerabilities are known, 86 percent of vulnerabilities leading to a data breach were patchable, though there is some risk of inadvertent damage when applying software patches. When new vulnerabilities are ide...
https://www.fireeye.com/blog/threat-research/2019/08/automated-prioritization-of-software-vulnerabilities.html
Published: 2019 08 13 16:45:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

How we calculate your Cyber Risk Score

Cyber Tzar Change Over Time (Extended)

Article: Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction - published almost 5 years ago.
Content: This is the final post in the three-part series: Finding Evil in Windows 10 Compressed Memory. In the first post (Volatility and Rekall Tools), the FLARE team introduced updates to both memory forensic toolkits. These updates enabled these open source tools to analyze previously inaccessible compressed data in memory. This research was shared...
https://www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-three.html
Published: 2019 08 08 20:45:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Understand your Cyber Tzar Risk Groups

Article: IDA, I Think It’s Time You And I Had a Talk: Controlling IDA Pro With Voice Control Software - published over 4 years ago.
Content: Introduction This blog post is the next episode in the FireEye Labs Advanced Reverse Engineering (FLARE) team Script Series. Today, we are sharing something quite unusual. It is not a tool or a virtual machine distribution, nor is it a plugin or script for a popular reverse engineering tool or framework. Rather, it is a profile created for a consu...
https://www.fireeye.com/blog/threat-research/2019/10/controlling-ida-pro-with-voice-control-software.html
Published: 2019 10 03 17:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Definitive Dossier of Devilish Debug Details – Part Deux: A Didactic Deep Dive into Data Driven Deductions - published over 4 years ago.
Content: In Part One of this blog series, Steve Miller outlined what PDB paths are, how they appear in malware, how we use them to detect malicious files, and how we sometimes use them to make associations about groups and actors. As Steve continued his research into PDB paths, we became interested in applying more general statistical analysis. The PDB p...
https://www.fireeye.com/blog/threat-research/2019/10/definitive-dossier-of-devilish-debug-details-part-deux.html
Published: 2019 10 17 15:30:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Understand your Cyber Tzar Risk Groups

Cyber Tzar Change Over Time (Extended)

Article: Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit - published about 10 years ago.
Content: Less than a week after uncovering Operation SnowMan, the FireEye Dynamic Threat Intelligence cloud has identified another targeted attack campaign — this one exploiting a zero-day vulnerability in Flash. We are collaborating with Adobe security on this issue. Adobe has assigned the CVE identifier CVE-2014-0502 to this vulnerability and released a s...
https://www.fireeye.com/blog/threat-research/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html
Published: 2014 02 20 18:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Using the Cyber Tzar platform; easy as 1, 2, 3, 4.

Article: Attention is All They Need: Combatting Social Media Information Operations With Neural Language Models - published over 4 years ago.
Content: Information operations have flourished on social media in part because they can be conducted cheaply, are relatively low risk, have immediate global reach, and can exploit the type of viral amplification incentivized by platforms. Using networks of coordinated accounts, social media-driven information operations disseminate and amplify content desi...
https://www.fireeye.com/blog/threat-research/2019/11/combatting-social-media-information-operations-neural-language-models.html
Published: 2019 11 14 17:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Marketplace Benchmark

Article: FIDL: FLARE’s IDA Decompiler Library - published over 4 years ago.
Content: IDA Pro and the Hex Rays decompiler are a core part of any toolkit for reverse engineering and vulnerability research. In a previous blog post we discussed how the Hex-Rays API can be used to solve small, well-defined problems commonly seen as part of malware analysis. Having access to a higher-level representation of binary code makes the Hex-Rays...
https://www.fireeye.com/blog/threat-research/2019/11/fidl-flare-ida-decompiler-library.html
Published: 2019 11 25 20:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Benchmark Summary

Using the Cyber Tzar platform; easy as 1, 2, 3, 4.

Cyber Tzar Change Over Time (Extended)

Article: Nice Try: 501 (Ransomware) Not Implemented - published over 4 years ago.
Content: An Ever-Evolving Threat Since January 10, 2020, FireEye has tracked extensive global exploitation of CVE-2019-19781, which continues to impact Citrix ADC and Gateway instances that are unpatched or do not have mitigations applied. We previously reported on attackers’ swift attempts to exploit this vulnerability and the post-compromise deploy...
https://www.fireeye.com/blog/threat-research/2020/01/nice-try-501-ransomware-not-implemented.html
Published: 2020 01 24 17:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Validation is required for our most comprehensive scans

Article: "Distinguished Impersonator" Information Operation That Previously Impersonated U.S. Politicians and Journalists on Social Media Leverages Fabricated U.S. Liberal Personas to Promote Iranian Interests - published about 4 years ago.
Content: In May 2019, FireEye Threat Intelligence published a blog post exposing a network of English-language social media accounts that engaged in inauthentic behavior and misrepresentation that we assessed with low confidence was organized in support of Iranian political interests. Personas in that network impersonated candidates for U.S. House of Re...
https://www.fireeye.com/blog/threat-research/2020/02/information-operations-fabricated-personas-to-promote-iranian-interests.html
Published: 2020 02 12 12:30:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Basic)

Article: Social Engineering Based on Stimulus Bill and COVID-19 Financial Compensation Schemes Expected to Grow in Coming Weeks - published about 4 years ago.
Content: Given the community interest and media coverage surrounding the economic stimulus bill currently being considered by the United States House of Representatives, we anticipate attackers will increasingly leverage lures tailored to the new stimulus bill and related recovery efforts such as stimulus checks, unemployment compensation and small business...
https://www.fireeye.com/blog/threat-research/2020/03/stimulus-bill-social-engineering-covid-19-financial-compensation-schemes.html
Published: 2020 03 27 19:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Port Vulnerability Scan Report

Validation is required for our most comprehensive scans

Cyber Tzar Change Over Time (Extended)

Article: Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation - published about 4 years ago.
Content: This blog post continues the FLARE script series with a discussion of patching IDA Pro database files (IDBs) to interactively emulate code. While the fastest way to analyze or unpack malware is often to run it, malware won’t always successfully execute in a VM. I use IDA Pro’s Bochs integration in IDB mode to sidestep tedious debugging scenarios ...
https://www.fireeye.com/blog/threat-research/2020/04/code-grafting-to-unpack-malware-in-emulation.html
Published: 2020 04 07 16:00:00
Received: 2022 05 23 16:06:46
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

The Cyber Tzar technology stack

Article: Limited Shifts in the Cyber Threat Landscape Driven by COVID-19 - published about 4 years ago.
Content: Though COVID-19 has had enormous effects on our society and economy, its effects on the cyber threat landscape remain limited. For the most part, the same actors we have always tracked are behaving in the same manner they did prior to the crisis. There are some new challenges, but they are perceptible, and we—and our customers—are prepared to conti...
https://www.fireeye.com/blog/threat-research/2020/04/limited-shifts-in-cyber-threat-landscape-driven-by-covid-19.html
Published: 2020 04 08 16:15:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Port Vulnerability Scan Report

Article: FLARE IDA Pro Script Series: MSDN Annotations Plugin for Malware Analysis - published over 9 years ago.
Content: The FireEye Labs Advanced Reverse Engineering (FLARE) Team continues to share knowledge and tools with the community. We started this blog series with a script for Automatic Recovery of Constructed Strings in Malware. As always, you can download these scripts at the following location: https://github.com/fireeye/flare-ida. We hope you find all th...
https://www.fireeye.com/blog/threat-research/2014/09/flare-ida-pro-script-series-msdn-annotations-ida-pro-for-malware-analysis.html
Published: 2014 09 11 22:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Port Vulnerability Scan Report

The Cyber Tzar technology stack

Cyber Tzar Re-Score Report

Article: iBackDoor: High-Risk Code Hits iOS Apps - published over 8 years ago.
Content: Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display ads, allowing for potential malicious access to se...
https://www.fireeye.com/blog/threat-research/2015/11/ibackdoor_high-risk.html
Published: 2015 11 04 18:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Why Cyber Tzar?

Article: Maimed Ramnit Still Lurking in the Shadow - published about 8 years ago.
Content: Newspapers have the ability to do more than simply keep us current with worldly affairs; we can use them to squash bugs! Yet, as we move from waiting on the newspaper delivery boy to reading breaking news on ePapers, we lose the subtle art of bug squashing. Instead, we end up exposing ourselves to dangerous digital bugs that can affect our virtual ...
https://www.fireeye.com/blog/threat-research/2016/02/maimed_ramnit_still.html
Published: 2016 02 18 17:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Port Vulnerability Scan Report

Article: Havex, It’s Down With OPC - published almost 10 years ago.
Content: FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as “Fertger” or “PEACEPIPE”), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in critical infrastructure (e.g., water and electric utilities), energy, and manufactu...
https://www.fireeye.com/blog/threat-research/2014/07/havex-its-down-with-opc.html
Published: 2014 07 17 14:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar SSL Certificate Health Check

Why Cyber Tzar?

Cyber Tzar Top Ten Vulnerabilities Explained

Article: IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems - published almost 8 years ago.
Content: In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering (FLARE) team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE. FLARE found the samples on VirusTotal while researchi...
https://www.fireeye.com/blog/threat-research/2016/06/irongate_ics_malware.html
Published: 2016 06 02 12:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar: Our Vision

Article: Rotten Apples: Resurgence - published over 7 years ago.
Content: In June 2016, we published a blog about a phishing campaign targeting the Apple IDs and passwords of Chinese Apple users that emerged in the first quarter of 2016 (referred to as the “Zycode” phishing campaign). At FireEye Labs we have an automated system designed to proactively detect newly registered malicious domains and this system had observed ...
https://www.fireeye.com/blog/threat-research/2016/10/rotten_apples_resur.html
Published: 2016 10 20 12:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar SSL Certificate Health Check

Article: ‘One-Stop Shop’ – Phishing Domain Targets Information from Customers of Several Indian Banks - published over 7 years ago.
Content: FireEye Labs recently discovered a malicious phishing domain designed to steal a variety of information – including credentials and mobile numbers – from customers of several banks in India. Currently, we have not observed this domain being used in any campaigns. The phishing websites appear to be in the earlier stages of development and through th...
https://www.fireeye.com/blog/threat-research/2016/11/one-stop-shop-phishing-domain.html
Published: 2016 11 30 17:13:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar SSL Certificate Health Check

Cyber Tzar: Our Vision

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Credit Card Data and Other Information Targeted in Netflix Phishing Campaign - published over 7 years ago.
Content: Introduction Through FireEye’s Email Threat Prevention (ETP) solution, FireEye Labs discovered a phishing campaign in the wild targeting the credit card data and other personal information of Netflix users primarily based in the United States. This campaign is interesting because of the evasion techniques that were used by the attackers: The phis...
https://www.fireeye.com/blog/threat-research/2017/01/credit_card_dataand.html
Published: 2017 01 09 16:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Goals

Article: Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection - published almost 8 years ago.
Content: Ransomware is a common method of cyber extortion for financial gain that typically involves users being unable to interact with their files, applications or systems until a ransom is paid. Accessibility of cryptocurrency such as Bitcoin has directly contributed to this ransomware model. Based on data from FireEye Dynamic Threat Intelligence (DTI), ...
https://www.fireeye.com/blog/threat-research/2016/07/cerber-ransomware-attack.html
Published: 2016 07 18 12:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar SSL Certificate Health Check

Article: The 2013 FireEye Advanced Threat Report! - published about 10 years ago.
Content: FireEye has just released its 2013 Advanced Threat Report (ATR), which provides a high-level overview of the computer network attacks that FireEye discovered last year. In this ATR, we focused almost exclusively on a small, but very important subset of our overall data analysis – the advanced persistent threat (APT). APTs, due to their organization...
https://www.fireeye.com/blog/threat-research/2014/02/the-2013-fireeye-advanced-threat-report.html
Published: 2014 02 27 14:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Free Score Certificate

Cyber Tzar Goals

Cyber Tzar Top Ten Vulnerabilities Explained

Article: A Not-So Civic Duty: Asprox Botnet Campaign Spreads Court Dates and Malware - published almost 10 years ago.
Content: Executive Summary FireEye Labs has been tracking a recent spike in malicious email detections that we attribute to a campaign that began in 2013. While malicious email campaigns are nothing new, this one is significant in that we are observing mass-targeting attackers adopting the malware evasion methods pioneered by the stealthier APT attackers....
https://www.fireeye.com/blog/threat-research/2014/06/a-not-so-civic-duty-asprox-botnet-campaign-spreads-court-dates-and-malware.html
Published: 2014 06 16 14:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Twitter

Article: Using Speakeasy Emulation Framework Programmatically to Unpack Malware - published over 3 years ago.
Content: Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox of sorts, this entry will highlight another powerful use of the framework: automated malware unpacking. I will demonstrate, with code exampl...
https://www.fireeye.com/blog/threat-research/2020/12/using-speakeasy-emulation-framework-programmatically-to-unpack-malware.html
Published: 2020 12 01 20:30:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Summary

Article: Emulation of Kernel Mode Rootkits With Speakeasy - published over 3 years ago.
Content: In August 2020, we released a blog post about how the Speakeasy emulation framework can be used to emulate user mode malware such as shellcode. If you haven’t had a chance, give the post a read today. In addition to user mode emulation, Speakeasy also supports emulation of kernel mode Windows binaries. When malware authors employ kernel mode mal...
https://www.fireeye.com/blog/threat-research/2021/01/emulation-of-kernel-mode-rootkits-with-speakeasy.html
Published: 2021 01 20 16:45:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Your Score Explained

Cyber Tzar Twitter

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Training Transformers for Cyber Security Tasks: A Case Study on Malicious URL Prediction - published over 3 years ago.
Content: Highlights Perform a case study on using Transformer models to solve cyber security problems Train a Transformer model to detect malicious URLs under multiple training regimes Compare our model against other deep learning methods, and show it performs on-par with other top-scoring models Identify issues with applying generative p...
https://www.fireeye.com/blog/threat-research/2021/01/training-transformers-for-cyber-security-tasks-malicious-url-prediction.html
Published: 2021 01 21 17:30:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar LinkedIn page

Article: Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication - published over 3 years ago.
Content: FireEye Email Security recently encountered various phishing campaigns, mostly in the Americas and Europe, using source code obfuscation with compromised or bad domains. These domains were masquerading as authentic websites and stole personal information such as credit card data. The stolen information was then shared to cross-platform, cloud-bas...
https://www.fireeye.com/blog/threat-research/2021/01/phishing-campaign-woff-obfuscation-telegram-communications.html
Published: 2021 01 26 20:45:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Gold Score Certificate

Article: Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory - published about 3 years ago.
Content: Continuing our discussion of image parsing vulnerabilities in Windows, we take a look at a comparatively less popular vulnerability class: uninitialized memory. In this post, we will look at Windows’ inbuilt image parsers—specifically for vulnerabilities involving the use of uninitialized memory. The Vulnerability: Uninitialized Memory In unman...
https://www.fireeye.com/blog/threat-research/2021/03/fuzzing-image-parsing-in-windows-uninitialized-memory.html
Published: 2021 03 03 19:30:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Analysis

Cyber Tzar LinkedIn page

Cyber Tzar Top Ten Vulnerabilities Explained

Article: capa 2.0: Better, Faster, Stronger - published almost 3 years ago.
Content: We are excited to announce version 2.0 of our open-source tool called capa. capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and deep dive reverse engineering. If you haven’t heard of capa before, or need a refresher, check out our first blog post. You can download capa 2.0...
https://www.fireeye.com/blog/threat-research/2021/07/capa-2-better-stronger-faster.html
Published: 2021 07 19 18:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Facebook page

Article: Announcing the Eighth Annual Flare-On Challenge - published over 2 years ago.
Content: The FLARE team is once again hosting its annual Flare-On challenge, now in its eighth year. Take this opportunity to enjoy some extreme social distancing by solving fun puzzles to test your mettle and learn new tricks on your path to reverse engineering excellence. The contest will begin at 8:00 p.m. ET on Sept. 10, 2021. This is a CTF-style cha...
https://www.fireeye.com/blog/threat-research/2021/08/announcing-the-eighth-annual-flare-on-challenge.html
Published: 2021 08 12 15:30:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Impact Distribution

Article: ELFant in the Room – capa v3 - published over 2 years ago.
Content: Since our initial public release of capa, incident responders and reverse engineers have used the tool to automatically identify capabilities in Windows executables. With our newest code and ruleset updates, capa v3 also identifies capabilities in Executable and Linkable Format (ELF) files, such as those used on Linux and other Unix-like operatin...
https://www.fireeye.com/blog/threat-research/2021/09/elfant-in-the-room-capa-v3.html
Published: 2021 09 15 13:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Impact Assesment

Cyber Tzar Facebook page

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Going To Ground with The Windows Scripting Host (WSH) - published about 10 years ago.
Content: About a month ago, I was involved in an investigation that revealed a targeted attacker using an interesting variation of a well-known persistence mechanism - a technique that is relevant both to incident responders hunting for evil and penetration testers looking to add post-exploitation methods to their toolkit. Today, I'm going to t...
https://www.fireeye.com/blog/threat-research/2014/02/ground-windows-scripting-host-wsh.html
Published: 2014 02 19 21:56:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar's Cyber Security Risk Score

Article: New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks - published about 10 years ago.
Content: Summary FireEye Research Labs, the intelligence behind our Mandiant Consultancy services, identified a new Internet Explorer (IE) zero-day exploit used in targeted attacks. The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11. This zero-day bypasses both ASLR and DEP. Microsoft has assigned CVE-2014-1776 to...
https://www.fireeye.com/blog/threat-research/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
Published: 2014 04 27 02:29:08
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Your Score Explained

Article: Surge in Spam Campaign Delivering Locky Ransomware Downloaders - published about 8 years ago.
Content: FireEye Labs is detecting a significant spike in Locky ransomware downloaders due to a pair of concurrent email spam campaigns impacting users in over 50 countries. Some of the top affected countries are depicted in Figure 1. Figure 1. Affected countries As seen in Figure 2, the steep spike starts on March 21, 2016, where Locky is running cam...
https://www.fireeye.com/blog/threat-research/2016/03/surge_in_spam_campai.html
Published: 2016 03 25 12:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Groups Explained

Cyber Tzar's Cyber Security Risk Score

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Extending Linux Executable Logging With The Integrity Measurement Architecture - published over 7 years ago.
Content: Gaining insight into the files being executed on your system is a great first step towards improved visibility on your endpoints. Taking this a step further, centrally storing logs of file execution data so they can be used for detection and hunting provides an excellent opportunity to find evil on your network. A SIEM, and to some degree your entir...
https://www.fireeye.com/blog/threat-research/2016/11/extending_linux_exec.html
Published: 2016 11 09 13:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

More than just a Cyber Risk Score

Article: FLARE Script Series: Recovering Stackstrings Using Emulation with ironstrings - published about 5 years ago.
Content: This blog post continues our Script Series where the FireEye Labs Advanced Reverse Engineering (FLARE) team shares tools to aid the malware analysis community. Today, we release ironstrings: a new IDAPython script to recover stackstrings from malware. The script leverages code emulation to overcome this common string obfuscation technique. More preci...
https://www.fireeye.com/blog/threat-research/2019/02/recovering-stackstrings-using-emulation-with-ironstrings.html
Published: 2019 02 28 16:30:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Article: Bypassing Antivirus for Your Antivirus Bypass - published over 5 years ago.
Content: Chances are you have heard about how easy it can be to evade antivirus. Often, this is because the signatures used by vendors are too simplistic and can be successfully duped without changing the functionality of the malware. Have you ever attempted to evade AV? Is it really that easy? In this blog post, I’ll show you how I adapted “malicious” (not...
https://www.fireeye.com/blog/threat-research/2018/09/bypassing-antivirus-for-your-antivirus-bypass.html
Published: 2018 09 13 23:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

More than just a Cyber Risk Score

Cyber Tzar Top Ten Vulnerabilities Explained

Article: CISA Adds 21 Known Exploited Vulnerabilities to Catalog - published almost 2 years ago.
Content:
https://us-cert.cisa.gov/ncas/current-activity/2022/05/23/cisa-adds-21-known-exploited-vulnerabilities-catalog
Published: 2022 05 23 15:00:00
Received: 2022 05 23 16:02:22
Feed: CISA Current Activity
Source: Cybersecurity and Infrastructure Security Agency (CISA)
Category: News
Topic: Cyber Security

Suppliers and just a Supply Chain Management

Article: Mozilla Releases Security Products for Multiple Firefox Products - published almost 2 years ago.
Content:
https://us-cert.cisa.gov/ncas/current-activity/2022/05/23/mozilla-releases-security-products-multiple-firefox-products
Published: 2022 05 23 15:30:00
Received: 2022 05 23 16:02:22
Feed: CISA Current Activity
Source: Cybersecurity and Infrastructure Security Agency (CISA)
Category: News
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

All Articles

Ordered by Date Received : Year: "2022" Month: "05" Day: "23" Hour: "16"
Page: << < 2 (of 2)

Total Articles in this collection: 124

"All Articles" links back to the front page, effectivly the Planet "Home Page"; shows all articles, with no selections, or groupings.
Default date ordering is by "Received Date" (due to not all RSS feeds having a "Published Date").
Only Published Date selections use the articles Published Date.
The first page always shows fifty items plus from zero to up to a remaining forty-nine items, before they are commited permently to the next page.
All subsequent pages show fifty items.
Pagination is in reverse ordering (so that pages are permamenent links, aka "permalinks", to their content).
"<<" moves you to the first page (aka newest articles)
">>" moves you to the last page (aka oldest articles)
"<" moves you to the previous page (aka newer articles)
">" moves you to the next page (aka older articles)
Return to the top of this page Go Now

Ordered by Date Received : Year: "2022" Month: "05" Day: "23" Hour: "16" Page: << < 2 (of 2)

Total Articles in this collection: 124

Ordered by Date Received : Year: "2022" Month: "05" Day: "23" Hour: "16" Page: << < 2 (of 2)

Total Articles in this collection: 124

Navigation Help

Custom HTML Block

Ordered by Date Received : Year: "2022" Month: "05" Day: "23" Hour: "16"
Page: << < 2 (of 2)

Ordered by Date Received : Year: "2022" Month: "05" Day: "23" Hour: "16"
Page: << < 2 (of 2)