Article: Beneath the surface: Uncovering the shift in web skimming - published over 2 years ago. Content: submitted by /u/SCI_Rusher [link] [comments] https://www.reddit.com/r/netsec/comments/uw42x0/beneath_the_surface_uncovering_the_shift_in_web/ Published: 2022 05 23 16:24:25 Received: 2022 05 23 16:47:00 Feed: /r/netsec - Information Security News and Discussion Source: /r/netsec - Information Security News and Discussion Category: Cyber Security Topic: Cyber Security |
Article: Hiding MSFVENOM Payloads in USB NIC EEPROM - published over 2 years ago. Content: submitted by /u/lightgrains [link] [comments] https://www.reddit.com/r/netsec/comments/uw4feh/hiding_msfvenom_payloads_in_usb_nic_eeprom/ Published: 2022 05 23 16:40:10 Received: 2022 05 23 16:47:00 Feed: /r/netsec - Information Security News and Discussion Source: /r/netsec - Information Security News and Discussion Category: Cyber Security Topic: Cyber Security |
|
Article: New RansomHouse group sets up extortion market, adds first victims - published over 2 years ago. Content: https://www.bleepingcomputer.com/news/security/new-ransomhouse-group-sets-up-extortion-market-adds-first-victims/ Published: 2022 05 23 16:26:19 Received: 2022 05 23 16:42:11 Feed: Bleeping Computer - All News Feeds Source: Bleeping Computer Category: News Topic: Cyber Security |
|
Article: $4.8 million awarded to Ohio schools for safety improvements - published over 2 years ago. Content: https://www.securitymagazine.com/articles/97673-48-million-awarded-to-ohio-schools-for-safety-improvements Published: 2022 05 23 15:23:43 Received: 2022 05 23 16:42:08 Feed: Security Magazine – All Feeds Source: Security Magazine Category: News Topic: Security |
Article: CrowdStrike to showcase new ITD at ITWeb Security Summit 2022 - published over 2 years ago. Content: Global cyber security leader CrowdStrike will return to the ITWeb Security Summit this year, showcasing its new Falcon Identity Threat Detection ... https://www.itweb.co.za/content/lwrKx73YGOBqmg1o Published: 2022 05 23 15:19:22 Received: 2022 05 23 16:41:38 Feed: Google Alert – "cyber security" Source: Google Alert Category: News Topic: Cyber Security |
|
Article: Bahrain Business: SICO partners with Beyon for cyber security services - Gulf Daily News - published over 2 years ago. Content: Launched in January, Beyon Cyber is a subsidiary of Batelco and is focussed on offering advanced end-to-end cyber-security solutions, with managed ... https://www.gdnonline.com/Details/1092958/SICO-partners-with-Beyon-for-cyber-security-services Published: 2022 05 23 15:46:41 Received: 2022 05 23 16:41:37 Feed: Google Alert – "cyber security" Source: Google Alert Category: News Topic: Cyber Security |
|
Article: DevSecOps Engineer job with Lawrence Harvey | 2095688 - Times Appointments - published over 2 years ago. Content: DevSecOps Engineer Salary - £80,000 + Bonus + Benefits Location - Remote A FinTech scale up are in search of a DevSecOps / Cloud Security Engineer ... https://appointments.thetimes.co.uk/job/2095688/devsecops-engineer/ Published: 2022 05 23 12:21:19 Received: 2022 05 23 16:29:17 Feed: Google Alert - devsecops Source: Google Alert Category: News Topic: DevSecOps |
Article: DevSecOps Engineer at Lokalise - Startupers - published over 2 years ago. Content: Businesses like Hyundai use our localisation platform to bring developers, designers and translators together in one virtual workspace. They use our ... https://www.startupers.com/jobs/lokalise-5130209003 Published: 2022 05 23 12:49:03 Received: 2022 05 23 16:29:17 Feed: Google Alert - devsecops Source: Google Alert Category: News Topic: DevSecOps |
|
Article: DevSecOps | FINN.no - published over 2 years ago. Content: Bli med å skape et smartere samfunn! I Norkart er du med på å digitalisere Norge – ikke i teorien – men i virkeligheten. https://www.finn.no/job/fulltime/ad.html?finnkode=259525083 Published: 2022 05 23 15:05:47 Received: 2022 05 23 16:29:16 Feed: Google Alert - devsecops Source: Google Alert Category: News Topic: DevSecOps |
|
Article: CVE-2022-28998 - published over 2 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28998 Published: 2022 05 23 14:16:26 Received: 2022 05 23 16:23:02 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
Article: CVE-2022-28997 - published over 2 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28997 Published: 2022 05 23 14:16:26 Received: 2022 05 23 16:23:02 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2022-0900 - published over 2 years ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0900 Published: 2022 05 23 14:16:26 Received: 2022 05 23 16:22:55 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CISA Adds 21 Known Exploited Vulnerabilities to Catalog - published over 2 years ago. Content: https://us-cert.cisa.gov/ncas/current-activity/2022/05/23/cisa-adds-21-known-exploited-vulnerabilities-catalog Published: 2022 05 23 15:00:00 Received: 2022 05 23 16:22:13 Feed: CISA All NCAS Products Source: Cybersecurity and Infrastructure Security Agency (CISA) Category: All Topic: Cyber Security |
Article: Mozilla Releases Security Products for Multiple Firefox Products - published over 2 years ago. Content: https://us-cert.cisa.gov/ncas/current-activity/2022/05/23/mozilla-releases-security-products-multiple-firefox-products Published: 2022 05 23 15:30:00 Received: 2022 05 23 16:22:13 Feed: CISA All NCAS Products Source: Cybersecurity and Infrastructure Security Agency (CISA) Category: All Topic: Cyber Security |
|
Article: Christofer Hoff joins LastPass as Chief Secure Technology Officer - published over 2 years ago. Content: https://www.securitymagazine.com/articles/97672-christofer-hoff-joins-lastpass-as-chief-secure-technology-officer Published: 2022 05 23 14:45:00 Received: 2022 05 23 16:22:07 Feed: Security Magazine – All Feeds Source: Security Magazine Category: News Topic: Security |
|
Article: Artificial intelligence investment grows, but barriers remain - published over 2 years ago. Content: https://www.securitymagazine.com/articles/97674-artificial-intelligence-investment-grows-but-barriers-remain Published: 2022 05 23 16:00:00 Received: 2022 05 23 16:22:07 Feed: Security Magazine – All Feeds Source: Security Magazine Category: News Topic: Security |
Article: Christofer Hoff joins LastPass as Chief Secure Technology Officer - published over 2 years ago. Content: https://www.securitymagazine.com/articles/97672-christofer-hoff-joins-lastpass-as-chief-secure-technology-officer Published: 2022 05 23 14:45:00 Received: 2022 05 23 16:21:45 Feed: Security Magazine – News Source: Security Magazine Category: News Topic: Cyber Security |
|
Article: Artificial intelligence investment grows, but barriers remain - published over 2 years ago. Content: https://www.securitymagazine.com/articles/97674-artificial-intelligence-investment-grows-but-barriers-remain Published: 2022 05 23 16:00:00 Received: 2022 05 23 16:21:45 Feed: Security Magazine – News Source: Security Magazine Category: News Topic: Cyber Security |
|
Article: 6 formas en que los equipos de DevSecOps deben responder | Ciberseguridad Inteligente - published over 2 years ago. Content: Las herramientas de seguridad tradicionales de DevSecOps están desactualizadas y son menos precisas en comparación con las tecnologías más nuevas, ... https://discoverthenew.ituser.es/ciberseguridad-inteligente/2022/05/6-formas-en-que-los-equipos-de-devsecops-deben-responder Published: 2022 05 23 11:11:35 Received: 2022 05 23 16:09:37 Feed: Google Alert - devsecops Source: Google Alert Category: News Topic: DevSecOps |
Article: Yes, Containers Are Terrific, But Watch the Security Risks - The Hacker News - published over 2 years ago. Content: This is why we're increasingly hearing about DevSecOps as it evolves from DevOps because developers have noticed that the DevOps model alone does ... https://thehackernews.com/2022/05/yes-containers-are-terrific-but-watch.html Published: 2022 05 23 15:16:30 Received: 2022 05 23 16:09:36 Feed: Google Alert - devsecops Source: Google Alert Category: News Topic: DevSecOps |
|
Article: Oui, Les Conteneurs Sont Formidables, Mais Surveillez Les Risques De Sécurité - published over 2 years ago. Content: C'est pourquoi nous entendons de plus en plus parler de DevSecOps à mesure qu'il évolue à partir de DevOps, car les développeurs ont remarqué que ... https://fr.techtribune.net/securite/oui-les-conteneurs-sont-formidables-mais-surveillez-les-risques-de-securite/322421/ Published: 2022 05 23 15:42:28 Received: 2022 05 23 16:09:36 Feed: Google Alert - devsecops Source: Google Alert Category: News Topic: DevSecOps |
|
Article: mx-takeover focuses DNS MX records and detects misconfigured MX records. - published over 2 years ago. Content: submitted by /u/0xmusana [link] [comments] https://www.reddit.com/r/netsec/comments/uw2s73/mxtakeover_focuses_dns_mx_records_and_detects/ Published: 2022 05 23 15:26:55 Received: 2022 05 23 16:06:51 Feed: /r/netsec - Information Security News and Discussion Source: /r/netsec - Information Security News and Discussion Category: Cyber Security Topic: Cyber Security |
Article: Android.MisoSMS : Its Back! Now With XTEA - published over 10 years ago. Content: FireEye Labs recently found a more advanced variant of Android.MisoSMS, the SMS-stealing malware that we uncovered last December — yet another sign of cybercriminals’ growing interest in hijacking mobile devices for surveillance and data theft. Like the original version of the malware, the new variant sends copies of users’ text messages to ser... https://www.fireeye.com/blog/threat-research/2014/03/android-misosms-its-back-now-with-xtea.html Published: 2014 03 31 08:00:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370 - published over 10 years ago. Content: While many advanced persistent threat (APT) groups have increasingly embraced strategic Web compromise as a malware delivery vector, groups also continue to rely on spear-phishing emails that leverage popular news stories. The recent tragic disappearance of flight MH 370 is no exception. This post will examine multiple instances from different thre... https://www.fireeye.com/blog/threat-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html Published: 2014 03 25 04:01:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: From Windows to Droids: An Insight in to Multi-vector Attack Mechanisms in RATs - published over 10 years ago. Content: FireEye recently observed a targeted attack on a U.S.-based financial institution via a spear-phishing email. The payload used in this campaign is a tool called WinSpy, which is sold by the author as a spying and monitoring tool. The features in this tool resemble that of many other off-the-shelf RATs (Remote Administration Tools) available today. ... https://www.fireeye.com/blog/threat-research/2014/03/from-windows-to-droids-an-insight-in-to-multi-vector-attack-mechanisms-in-rats.html Published: 2014 03 18 08:00:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: A Little Bird Told Me: Personal Information Sharing in Angry Birds and its Ad Libraries - published over 10 years ago. Content: Many popular mobile apps, including Rovio’s ubiquitous Angry Birds, collect and share players’ personal information much more widely than most people realize. Some news reports have begun to scratch the surface of the situation. The New York Times reported on Angry Birds and other data-hungry apps last October. And in January, the newspaper ... https://www.fireeye.com/blog/threat-research/2014/03/a-little-bird-told-me-personal-information-sharing-in-angry-birds-and-its-ad-libraries.html Published: 2014 03 27 15:30:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Write Once, Exploit Everywhere: FireEye Report Analyzes Four Widely Exploited Java Vulnerabilities - published over 10 years ago. Content: Over the last couple of decades, Java has become the lingua franca of software development, a near-universal platform that works across different operating systems and devices. With its “write once, run anywhere” mantra, Java has drawn a horde of developers looking to serve a large user base as efficiently as possible. Cyber attackers like Java for m... https://www.fireeye.com/blog/threat-research/2014/02/write-once-exploit-everywhere-fireeye-report-analyzes-four-widely-exploited-java-vulnerabilities.html Published: 2014 02 21 15:00:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website - published almost 11 years ago. Content: On February 11, FireEye identified a zero-day exploit (CVE-2014-0322) being served up from the U.S. Veterans of Foreign Wars’ website (vfw[.]org). We believe the attack is a strategic Web compromise targeting American military personnel amid a paralyzing snowstorm at the U.S. Capitol in the days leading up to the Presidents Day holiday weekend. Ba... https://www.fireeye.com/blog/threat-research/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html Published: 2014 02 13 23:06:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Background Monitoring on Non-Jailbroken iOS 7 Devices -- and a Mitigation - published over 10 years ago. Content: Background monitoring mobile applications has become a hot topic on mobile devices. Existing reports show that such monitoring can be conducted on jailbroken iOS devices. FireEye mobile security researchers have discovered such vulnerability, and found approaches to bypass Apple's app review process effectively and exploit non-jailbroken iOS 7 succ... https://www.fireeye.com/blog/threat-research/2014/02/background-monitoring-on-non-jailbroken-ios-7-devices-and-a-mitigation.html Published: 2014 02 25 01:24:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Amazon's Mobile Shopping Clients and CAPTCHA - published over 10 years ago. Content: Amazon is a popular online retailer serving millions of users. Unfortunately, FireEye mobile security researchers have found security issues within Amazon’s mobile apps on both Android and iOS platforms through which attackers can crack the passwords of target Amazon accounts. Amazon confirmed our findings and hot fixed the issue. Recently, we found ... https://www.fireeye.com/blog/threat-research/2014/02/amazons-mobile-shopping-clients-and-captcha.html Published: 2014 02 26 20:39:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Trends in Targeted Attacks: 2013 - published almost 11 years ago. Content: FireEye has been busy over the last year. We have tracked malware-based espionage campaigns and published research papers on numerous advanced threat actors. We chopped through Poison Ivy, documented a cyber arms dealer, and revealed that Operation Ke3chang had targeted Ministries of Foreign Affairs in Europe. Worldwide, security experts made ma... https://www.fireeye.com/blog/threat-research/2014/01/trends-in-targeted-attacks-2013.html Published: 2014 01 13 10:00:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: JS-Binding-Over-HTTP Vulnerability and JavaScript Sidedoor: Security Risks Affecting Billions of Android App Downloads - published almost 11 years ago. Content: Third-party libraries, especially ad libraries, are widely used in Android apps. Unfortunately, many of them have security and privacy issues. In this blog, we summarize our findings related to the insecure usage of JavaScript binding in ad libraries. First, we describe a widespread security issue with using JavaScript binding (addJavascriptInterface... https://www.fireeye.com/blog/threat-research/2014/01/js-binding-over-http-vulnerability-and-javascript-sidedoor.html Published: 2014 01 17 00:45:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Android.HeHe: Malware Now Disconnects Phone Calls - published almost 11 years ago. Content: FireEye Labs has recently discovered six variants of a new Android threat that steals text messages and intercepts phone calls. We named this sample set “Android.HeHe” after the name of the activity that is used consistently across all samples. Here is a list of known bot variants: MD5 VirusTotal Detection Ratio 1caa... https://www.fireeye.com/blog/threat-research/2014/01/android-hehe-malware-now-disconnects-phone-calls.html Published: 2014 01 21 10:00:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Microsoft Office Vulnerabilities Used to Distribute Zyklon Malware in Recent Campaign - published almost 7 years ago. Content: Introduction FireEye researchers recently observed threat actors leveraging relatively new vulnerabilities in Microsoft Office to spread Zyklon HTTP malware. Zyklon has been observed in the wild since early 2016 and provides myriad sophisticated capabilities. Zyklon is a publicly available, full-featured backdoor capable of keylogging, password har... https://www.fireeye.com/blog/threat-research/2018/01/microsoft-office-vulnerabilities-used-to-distribute-zyklon-malware.html Published: 2018 01 17 17:00:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations - published almost 7 years ago. Content: On Jan. 31, KISA (KrCERT) published an advisory about an Adobe Flash zero-day vulnerability (CVE-2018-4878) being exploited in the wild. On Feb. 1, Adobe issued an advisory confirming the vulnerability exists in Adobe Flash Player 28.0.0.137 and earlier versions, and that successful exploitation could potentially allow an attacker to take con... https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html Published: 2018 02 03 02:15:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: CVE-2017-10271 Used to Deliver CryptoMiners: An Overview of Techniques Used Post-Exploitation and Pre-Mining - published almost 7 years ago. Content: Introduction FireEye researchers recently observed threat actors abusing CVE-2017-10271 to deliver various cryptocurrency miners. CVE-2017-10271 is a known input validation vulnerability that exists in the WebLogic Server Security Service (WLS Security) in Oracle WebLogic Server versions 12.2.1.2.0 and prior, and attackers can exploit it to remotel... https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliver-cryptominers.html Published: 2018 02 15 16:30:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: SANNY Malware Delivery Method Updated in Recently Observed Attacks - published over 6 years ago. Content: Introduction In the third week of March 2018, through FireEye’s Dynamic Threat Intelligence, FireEye discovered malicious macro-based Microsoft Word documents distributing SANNY malware to multiple governments worldwide. Each malicious document lure was crafted in regard to relevant regional geopolitical issues. FireEye has tracked the SANNY malwa... https://www.fireeye.com/blog/threat-research/2018/03/sanny-malware-delivery-method-updated-in-recently-observed-attacks.html Published: 2018 03 23 15:00:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Fake Software Update Abuses NetSupport Remote Access Tool - published over 6 years ago. Content: Over the last few months, FireEye has tracked an in-the-wild campaign that leverages compromised sites to spread fake updates. In some cases, the payload was the NetSupport Manager remote access tool (RAT). NetSupport Manager is a commercially available RAT that can be used legitimately by system administrators for remotely accessing client compute... https://www.fireeye.com/blog/threat-research/2018/04/fake-software-update-abuses-netsupport-remote-access-tool.html Published: 2018 04 05 15:00:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Metamorfo Campaigns Targeting Brazilian Users - published over 6 years ago. Content: FireEye Labs recently identified several widespread malspam (malware spam) campaigns targeting Brazilian companies with the goal of delivering banking Trojans. We are referring to these campaigns as Metamorfo. Across the stages of these campaigns, we have observed the use of several tactics and techniques to evade detection and deliver the maliciou... https://www.fireeye.com/blog/threat-research/2018/04/metamorfo-campaign-targeting-brazilian-users.html Published: 2018 04 24 15:00:00 Received: 2022 05 23 16:06:48 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Remote Authentication GeoFeasibility Tool - GeoLogonalyzer - published over 6 years ago. Content: Users have long needed to access important resources such as virtual private networks (VPNs), web applications, and mail servers from anywhere in the world at any time. While the ability to access resources from anywhere is imperative for employees, threat actors often leverage stolen credentials to access systems and data. Due to large volumes of ... https://www.fireeye.com/blog/threat-research/2018/05/remote-authentication-geofeasibility-tool-geologonalyzer.html Published: 2018 05 29 17:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique - published over 6 years ago. Content: Introduction Through FireEye Dynamic Threat Intelligence (DTI), we observed RIG Exploit Kit (EK) delivering a dropper that leverages the PROPagate injection technique to inject code that downloads and executes a Monero miner (similar activity has been reported by Trend Micro). Apart from leveraging a relatively lesser known injection technique, ... https://www.fireeye.com/blog/threat-research/2018/06/rig-ek-delivering-monero-miner-via-propagate-injection-technique.html Published: 2018 06 28 16:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Introducing Monitor.app for macOS - published over 7 years ago. Content: UPDATE 2 (Oct. 24, 2018): Monitor.app now supports macOS 10.14. UPDATE (April 4, 2018): Monitor.app now supports macOS 10.13. As a malware analyst or systems programmer, having a suite of solid dynamic analysis tools is vital to being quick and effective. These tools enable us to understand malware capabilities and undocumented components of th... https://www.fireeye.com/blog/threat-research/2017/03/introducing_monitor.html Published: 2017 03 31 14:15:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: FLARE Script Series: Automating Objective-C Code Analysis with Emulation - published almost 6 years ago. Content: This blog post is the next episode in the FireEye Labs Advanced Reverse Engineering (FLARE) team Script Series. Today, we are sharing a new IDAPython library – flare-emu – powered by IDA Pro and the Unicorn emulation framework that provides scriptable emulation features for the x86, x86_64, ARM, and ARM64 architectures to reverse engineers. Along ... https://www.fireeye.com/blog/threat-research/2018/12/automating-objective-c-code-analysis-with-emulation.html Published: 2018 12 12 17:30:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Breaking the Bank: Weakness in Financial AI Applications - published over 5 years ago. Content: Currently, threat actors possess limited access to the technology required to conduct disruptive operations against financial artificial intelligence (AI) systems and the risk of this targeting type remains low. However, there is a high risk of threat actors leveraging AI as part of disinformation campaigns to cause financial panic. As AI financial... https://www.fireeye.com/blog/threat-research/2019/03/breaking-the-bank-weakness-in-financial-ai-applications.html Published: 2019 03 13 16:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing - published over 5 years ago. Content: Introduction Malware authors attempt to evade detection by executing their payload without having to write the executable file on the disk. One of the most commonly seen techniques of this "fileless" execution is code injection. Rather than executing the malware directly, attackers inject the malware code into the memory of another process that is... https://www.fireeye.com/blog/threat-research/2019/03/dissecting-netwire-phishing-campaign-usage-of-process-hollowing.html Published: 2019 03 15 16:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: WinRAR Zero-day Abused in Multiple Campaigns - published over 5 years ago. Content: WinRAR, an over 20-year-old file archival utility used by over 500 million users worldwide, recently acknowledged a long-standing vulnerability in its code-base. A recently published path traversal zero-day vulnerability, disclosed in CVE-2018-20250 by Check Point Research, enables attackers to specify arbitrary destinations during file extractio... https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html Published: 2019 03 26 15:30:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic - published over 5 years ago. Content: In early 2019, FireEye Threat Intelligence identified a spear phishing email targeting government entities in Ukraine. The spear phishing email included a malicious LNK file with PowerShell script to download the second-stage payload from the command and control (C&C) server. The email was received by military departments in Ukraine and include... https://www.fireeye.com/blog/threat-research/2019/04/spear-phishing-campaign-targets-ukraine-government.html Published: 2019 04 16 07:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: FLARE Script Series: Automating Obfuscated String Decoding - published almost 9 years ago. Content: Introduction We are expanding our script series beyond IDA Pro. This post extends the FireEye Labs Advanced Reverse Engineering (FLARE) script series to an invaluable tool for the reverse engineer – the debugger. Just like IDA Pro, debuggers have scripting interfaces. For example, OllyDbg uses an asm-like scripting language, the Immunity debugger... https://www.fireeye.com/blog/threat-research/2015/12/flare_script_series.html Published: 2015 12 28 14:01:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: FLARE IDA Pro Script Series: Simplifying Graphs in IDA - published almost 7 years ago. Content: Introduction We’re proud to release a new plug-in for IDA Pro users – SimplifyGraph – to help automate creation of groups of nodes in the IDA’s disassembly graph view. Code and binaries are available from the FireEye GitHub repo. Prior to this release we submitted it in the 2017 Hex-Rays plugin contest, where it placed third overall. My perso... https://www.fireeye.com/blog/threat-research/2018/01/simplifying-graphs-in-ida.html Published: 2018 01 11 16:45:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: FLARE IDA Pro Script Series: Automating Function Argument Extraction - published about 9 years ago. Content: https://www.fireeye.com/blog/threat-research/2015/11/flare_ida_pro_script.html Published: 2015 11 16 13:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: New FakeNet-NG Feature: Content-Based Protocol Detection - published about 7 years ago. Content: I (Matthew Haigh) recently contributed to FLARE’s FakeNet-NG network simulator by adding content-based protocol detection and configuration. This feature is useful for analyzing malware that uses a protocol over a non-standard port; for example, HTTP over port 81. The new feature also detects and adapts to SSL so that any protocol can be used with ... https://www.fireeye.com/blog/threat-research/2017/10/fakenet-content-based-protocol-detection.html Published: 2017 10 23 15:15:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Cmd and Conquer: De-DOSfuscation with flare-qdb - published about 6 years ago. Content: When Daniel Bohannon released his excellent DOSfuscation paper, I was fascinated to see how tricks I used as a systems engineer could help attackers evade detection. I didn’t have much to contribute to this conversation until I had to analyze a hideously obfuscated batch file as part of my job on the FLARE malware queue. Previously, I released fla... https://www.fireeye.com/blog/threat-research/2018/11/cmd-and-conquer-de-dosfuscation-with-flare-qdb.html Published: 2018 11 20 17:30:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Loading Kernel Shellcode - published over 6 years ago. Content: In the wake of recent hacking tool dumps, the FLARE team saw a spike in malware samples detonating kernel shellcode. Although most samples can be analyzed statically, the FLARE team sometimes debugs these samples to confirm specific functionality. Debugging can be an efficient way to get around packing or obfuscation and quickly identify the struct... https://www.fireeye.com/blog/threat-research/2018/04/loading-kernel-shellcode.html Published: 2018 04 23 15:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Introducing Linux Support for FakeNet-NG: FLARE’s Next Generation Dynamic Network Analysis Tool - published over 7 years ago. Content: Introduction In 2016, FLARE introduced FakeNet-NG, an open-source network analysis tool written in Python. FakeNet-NG allows security analysts to observe and interact with network applications using standard or custom protocols on a single Windows host, which is especially useful for malware analysis and reverse engineering. Since FakeNet-NG’s rel... https://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-fakenet-ng.html Published: 2017 07 05 15:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: FLARE Script Series: Querying Dynamic State using the FireEye Labs Query-Oriented Debugger (flare-qdb) - published almost 8 years ago. Content: Introduction This post continues the FireEye Labs Advanced Reverse Engineering (FLARE) script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on Windows and Linux, and can be obtained from the flare... https://www.fireeye.com/blog/threat-research/2017/01/flare_script_series.html Published: 2017 01 04 14:02:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: 2015 FLARE-ON Challenge Solutions - published about 9 years ago. Content: The first few challenges narrowed the playing field drastically, with most serious contestants holding firm through challenges 4-9. The last two increased the difficulty level and proved a difficult final series of challenges for a well-earned finish line. The FLARE On Challenge always reaches a very wide international audience. Outside of the USA, ... https://www.fireeye.com/blog/threat-research/2015/09/flare-on_challenges.html Published: 2015 09 08 14:56:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: FLARE Script Series: flare-dbg Plug-ins - published almost 9 years ago. Content: Introduction This post continues the FireEye Labs Advanced Reverse Engineering (FLARE) script series. In this post, we continue to discuss the flare-dbg project. If you haven’t read my first post on using flare-dbg to automate string decoding, be sure to check it out! We created the flare-dbg Python project to support the creation of plug-ins ... https://www.fireeye.com/blog/threat-research/2016/02/flare_script_series.html Published: 2016 02 09 12:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Connecting the Dots: Syrian Malware Team Uses BlackWorm for Attacks - published about 10 years ago. Content: The Syrian Electronic Army has made news for its recent attacks on major communications websites, Forbes, and an alleged attack on CENTCOM. While these attacks garnered public attention, the activities of another group - The Syrian Malware Team - have gone largely unnoticed. The group’s activities prompted us to take a closer look. We discovere... https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html Published: 2014 08 29 08:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Two Limited, Targeted Attacks; Two New Zero-Days - published about 10 years ago. Content: The FireEye Labs team has identified two new zero-day vulnerabilities as part of limited, targeted attacks against some major corporations. Both zero-days exploit the Windows Kernel, with Microsoft assigning CVE-2014-4148 and CVE-2014-4113 to and addressing the vulnerabilities in their October 2014 Security Bulletin. FireEye Labs have identified... https://www.fireeye.com/blog/threat-research/2014/10/two-targeted-attacks-two-new-zero-days.html Published: 2014 10 14 14:46:54 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: iOS Masque Attack Revived: Bypassing Prompt for Trust and App URL Scheme Hijacking - published almost 10 years ago. Content: In November of last year, we uncovered a major flaw in iOS we dubbed “Masque Attack” that allowed for malicious apps to replace existing, legitimate ones on an iOS device via SMS, email, or web browsing. In total, we have notified Apple of five security issues related to four kinds of Masque Attacks. Today, we are sharing Masque Attack II in the ... https://www.fireeye.com/blog/threat-research/2015/02/ios_masque_attackre.html Published: 2015 02 19 19:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: NitlovePOS: Another New POS Malware - published over 9 years ago. Content: There has been a proliferation of malware specifically designed to extract payment card information from Point-of-Sale (POS) systems over the last two years. In 2015, there have already been a variety of new POS malware identified including a new Alina variant, FighterPOS and Punkey. During our research into a widespread spam campaign, we dis... https://www.fireeye.com/blog/threat-research/2015/05/nitlovepos_another.html Published: 2015 05 23 18:05:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Three New Masque Attacks against iOS: Demolishing, Breaking and Hijacking - published over 9 years ago. Content: In the recent release of iOS 8.4, Apple fixed several vulnerabilities including vulnerabilities that allow attackers to deploy two new kinds of Masque Attack (CVE-2015-3722/3725, and CVE-2015-3725). We call these exploits Manifest Masque and Extension Masque, which can be used to demolish apps, including system apps (e.g., Apple Watch, Health, Pay ... https://www.fireeye.com/blog/threat-research/2015/06/three_new_masqueatt.html Published: 2015 06 30 14:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: XcodeGhost S: A New Breed Hits the US - published about 9 years ago. Content: Just over a month ago, iOS users were warned of the threat to their devices by the XcodeGhost malware. Apple quickly reacted, taking down infected apps from the App Store and releasing new security features to stop malicious activities. Through continuous monitoring of our customers’ networks, FireEye researchers have found that, despite the quick ... https://www.fireeye.com/blog/threat-research/2015/11/xcodeghost_s_a_new.html Published: 2015 11 03 12:27:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Hot or Not? The Benefits and Risks of iOS Remote Hot Patching - published almost 9 years ago. Content: Introduction Apple has made a significant effort to build and maintain a healthy and clean app ecosystem. The essential contributing component to this status quo is the App Store, which is protected by a thorough vetting process that scrutinizes all submitted applications. While the process is intended to protect iOS users and ensure apps meet Ap... https://www.fireeye.com/blog/threat-research/2016/01/hot_or_not_the_bene.html Published: 2016 01 27 13:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Locky is Back Asking for Unpaid Debts - published over 8 years ago. Content: On June 21, 2016, FireEye’s Dynamic Threat Intelligence (DTI) identified an increase in JavaScript contained within spam emails. FireEye analysts determined the increase was the result of a new Locky ransomware spam campaign. As shown in Figure 1, Locky spam activity was uninterrupted until June 1, 2016, when it stopped for nearly three weeks. Durin... https://www.fireeye.com/blog/threat-research/2016/06/locky-is-back-and-asking-for-unpaid-debts.html Published: 2016 06 24 17:30:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Rotten Apples: Apple-like Malicious Phishing Domains - published over 8 years ago. Content: At FireEye Labs we have an automated system designed to proactively detect newly registered malicious domains. This system observed some phishing domains registered in the first quarter of 2016 that were designed to appear as legitimate Apple domains. These phony Apple domains were involved in phishing attacks against Apple iCloud users in China an... https://www.fireeye.com/blog/threat-research/2016/06/rotten_apples_apple.html Published: 2016 06 07 12:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government - published over 7 years ago. Content: Introduction FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool (RAT) that has been used for nearly a decade for key logging, screen and video ca... https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html Published: 2017 02 22 14:45:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners - published over 6 years ago. Content: Introduction Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized. This interest has increased in recent years, stemming far beyond the desire to simply use cryptocurrencies as a method of payment for illicit tools and services. Many actors have also attempted to capitalize on... https://www.fireeye.com/blog/threat-research/2018/07/cryptocurrencies-cyber-crime-growth-of-miners.html Published: 2018 07 18 14:00:00 Received: 2022 05 23 16:06:47 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Network of Social Media Accounts Impersonates U.S. Political Candidates, Leverages U.S. and Israeli Media in Support of Iranian Interests - published over 5 years ago. Content: In August 2018, FireEye Threat Intelligence released a report exposing what we assessed to be an Iranian influence operation leveraging networks of inauthentic news sites and social media accounts aimed at audiences around the world. We identified inauthentic social media accounts posing as everyday Americans that were used to promote content fro... https://www.fireeye.com/blog/threat-research/2019/05/social-media-network-impersonates-us-political-candidates-supports-iranian-interests.html Published: 2019 05 28 19:00:00 Received: 2022 05 23 16:06:46 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Learning to Rank Strings Output for Speedier Malware Analysis - published over 5 years ago. Content: Reverse engineers, forensic investigators, and incident responders have an arsenal of tools at their disposal to dissect malicious software binaries. When performing malware analysis, they successively apply these tools in order to gradually gather clues about a binary’s function, design detection methods, and ascertain how to contain its damage. O... https://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-strings-output-for-speedier-malware-analysis.html Published: 2019 05 29 14:30:00 Received: 2022 05 23 16:06:46 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Framing the Problem: Cyber Threats and Elections - published over 5 years ago. Content: This year, Canada, multiple European nations, and others will host high profile elections. The topic of cyber-enabled threats disrupting and targeting elections has become an increasing area of awareness for governments and citizens globally. To develop solutions and security programs to counter cyber threats to elections, it is important to begin ... https://www.fireeye.com/blog/threat-research/2019/05/framing-the-problem-cyber-threats-and-elections.html Published: 2019 05 30 15:00:00 Received: 2022 05 23 16:06:46 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: FLASHMINGO: The FireEye Open Source Automatic Analysis Tool for Flash - published over 5 years ago. Content: Adobe Flash is one of the most exploited software components of the last decade. Its complexity and ubiquity make it an obvious target for attackers. Public sources list more than one thousand CVEs being assigned to the Flash Player alone since 2005. Almost nine hundred of these vulnerabilities have a Common Vulnerability Scoring System (C... https://www.fireeye.com/blog/threat-research/2019/04/flashmingo-open-source-automatic-analysis-tool-for-flash.html Published: 2019 04 15 15:00:00 Received: 2022 05 23 16:06:46 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Article: Solving Ad-hoc Problems with Hex-Rays API - published over 6 years ago. Content: Introduction IDA Pro is the de facto standard when it comes to binary reverse engineering. Besides being a great disassembler and debugger, it is possible to extend it and include a powerful decompiler by purchasing an additional license from Hex-Rays. The ability to switch between disassembled and decompiled code can greatly reduce the analysi... https://www.fireeye.com/blog/threat-research/2018/04/solving-ad-hoc-problems-with-hex-rays-api.html Published: 2018 04 10 15:00:00 Received: 2022 05 23 16:06:46 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Writing a libemu/Unicorn Compatability Layer - published over 7 years ago. Content: In this post we are going to take a quick look at what it takes to write a libemu compatibility layer for the Unicorn engine. In the course of this work, we will also import the libemu Win32 environment to run under Unicorn. For a bit of background, libemu is a lightweight x86 emulator written in C by Paul Baecher and Markus Koetter. It was released... https://www.fireeye.com/blog/threat-research/2017/04/libemu-unicorn-compatability-layer.html Published: 2017 04 17 12:30:00 Received: 2022 05 23 16:06:46 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
|
Click to Open Code Editor