All Articles

Ordered by Date Received : Year: "2021" Month: "06"
Page: << < 185 (of 221) > >>

Total Articles in this collection: 11,093

Navigation Help at the bottom of the page

Article: A Not-So Civic Duty: Asprox Botnet Campaign Spreads Court Dates and Malware - published over 10 years ago.
Content: Executive Summary FireEye Labs has been tracking a recent spike in malicious email detections that we attribute to a campaign that began in 2013. While malicious email campaigns are nothing new, this one is significant in that we are observing mass-targeting attackers adopting the malware evasion methods pioneered by the stealthier APT attackers....
http://www.fireeye.com/blog/threat-research/2014/06/a-not-so-civic-duty-asprox-botnet-campaign-spreads-court-dates-and-malware.html
Published: 2014 06 16 14:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Get your Free Scan and Score Certificate

Article: Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack - published over 9 years ago.
Content: FireEye Labs recently detected a limited APT campaign exploiting zero-day vulnerabilities in Adobe Flash and a brand-new one in Microsoft Windows. Using the Dynamic Threat Intelligence Cloud (DTI), FireEye researchers detected a pattern of attacks beginning on April 13th, 2015. Adobe independently patched the vulnerability (CVE-2015-3043) in ...
http://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
Published: 2015 04 18 16:10:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Free Score Certificate

Article: Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware - published about 7 years ago.
Content: When discussing suspected Middle Eastern hacker groups with destructive capabilities, many automatically think of the suspected Iranian group that previously used SHAMOON – aka Disttrack – to target organizations in the Persian Gulf. However, over the past few years, we have been tracking a separate, less widely known suspected Iranian group with...
http://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html
Published: 2017 09 20 14:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Summary

Get your Free Scan and Score Certificate

Cyber Tzar Free Score Certificate

Article: Excelerating Analysis, Part 2 — X[LOOKUP] Gon’ Pivot To Ya - published over 4 years ago.
Content: In December 2019, we published a blog post on augmenting analysis using Microsoft Excel for various data sets for incident response investigations. As we described, investigations often include custom or proprietary log formats and miscellaneous, non-traditional forensic artifacts. There are, of course, a variety of ways to tackle this task, but ...
http://www.fireeye.com/blog/threat-research/2020/04/excelerating-analysis-lookup-pivot.html
Published: 2020 04 28 17:30:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Get your repeat Free Scan and Score Certificate

Article: Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two - published over 4 years ago.
Content: One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the...
http://www.fireeye.com/blog/threat-research/2020/04/time-between-disclosure-patch-release-and-vulnerability-exploitation.html
Published: 2020 04 13 12:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Your Score Explained

Article: Zero-Day Exploitation Increasingly Demonstrates Access to Money, Rather than Skill — Intelligence for Vulnerability Management, Part One - published over 4 years ago.
Content: One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the...
http://www.fireeye.com/blog/threat-research/2020/04/zero-day-exploitation-demonstrates-access-to-money-not-skill.html
Published: 2020 04 06 12:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Gold Score Certificate

Get your repeat Free Scan and Score Certificate

Cyber Tzar Score Summary

Article: Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents - published over 4 years ago.
Content: Targeted ransomware incidents have brought a threat of disruptive and destructive attacks to organizations across industries and geographies. FireEye Mandiant Threat Intelligence has previously documented this threat in our investigations of trends across ransomware incidents, FIN6 activity, implications for OT networks, and other aspects...
http://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html
Published: 2020 05 07 23:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Security Made Simple

Article: Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT - published almost 5 years ago.
Content: Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and now SNAKEHOSE (a.k.a. Snake / Ekans), have cost victims across a variety of industry...
http://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html
Published: 2020 02 24 23:30:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Analysis

Article: This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits - published over 4 years ago.
Content: Beginning this year, FireEye observed Chinese actor APT41 carry out one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years. Between January 20 and March 11, FireEye observed APT41 attempt to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central at over 75...
http://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
Published: 2020 03 25 12:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Impact Distribution

Cyber Security Made Simple

Cyber Tzar Your Score Explained

Article: It’s Your Money and They Want It Now — The Cycle of Adversary Pursuit - published over 4 years ago.
Content: When we discover new intrusions, we ask ourselves questions that will help us understand the totality of the activity set. How common is this activity? Is there anything unique or special about this malware or campaign? What is new and what is old in terms of TTPs or infrastructure? Is this being seen anywhere else? What information do I have that s...
http://www.fireeye.com/blog/threat-research/2020/03/the-cycle-of-adversary-pursuit.html
Published: 2020 03 31 15:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Platform Highlights

Article: SCANdalous! (External Detection Using Network Scan Data and Automation) - published over 4 years ago.
Content: Real Quick In case you’re thrown by that fantastic title, our lawyers made us change the name of this project so we wouldn’t get sued. SCANdalous—a.k.a. Scannah Montana a.k.a. Scanny McScanface a.k.a. “Scan I Kick It? (Yes You Scan)”—had another name before today that, for legal reasons, we’re keeping to ourselves. A special thanks to our legal te...
http://www.fireeye.com/blog/threat-research/2020/07/scandalous-external-detection-using-network-scan-data-and-automation.html
Published: 2020 07 13 18:30:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Impact Assesment

Article: 'Ghostwriter' Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned With Russian Security Interests - published over 4 years ago.
Content: Mandiant Threat Intelligence has tied together several information operations that we assess with moderate confidence comprise part of a broader influence campaign—ongoing since at least March 2017—aligned with Russian security interests. The operations have primarily targeted audiences in Lithuania, Latvia, and Poland with narratives critical of t...
http://www.fireeye.com/blog/threat-research/2020/07/ghostwriter-influence-campaign.html
Published: 2020 07 29 02:15:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Your Score Explained

Cyber Tzar Platform Highlights

Cyber Tzar Gold Score Certificate

Article: Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates - published over 4 years ago.
Content: With Business Email Compromises (BECs) showing no signs of slowing down, it is becoming increasingly important for security analysts to understand Office 365 (O365) breaches and how to properly investigate them. This blog post is for those who have yet to dip their toes into the waters of an O365 BEC, providing a crash course on Microsoft’s cloud...
http://www.fireeye.com/blog/threat-research/2020/07/insights-into-office-365-attacks-and-how-managed-defense-investigates.html
Published: 2020 07 30 19:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Sites

Article: Announcing the Seventh Annual Flare-On Challenge - published over 4 years ago.
Content: The Front Line Applied Research & Expertise (FLARE) team is honored to announce that the popular Flare-On challenge will return for a triumphant seventh year. Ongoing global events proved no match against our passion for creating challenging and fun puzzles to test and hone the skills of aspiring and experienced reverse engineers. The conte...
http://www.fireeye.com/blog/threat-research/2020/08/announcing-the-seventh-annual-flare-on-challenge.html
Published: 2020 08 04 15:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Groups Explained

Article: Repurposing Neural Networks to Generate Synthetic Media for Information Operations - published over 4 years ago.
Content: FireEye’s Data Science and Information Operations Analysis teams released this blog post to coincide with our Black Hat USA 2020 Briefing, which details how open source, pre-trained neural networks can be leveraged to generate synthetic media for malicious purposes. To summarize our presentation, we first demonstrate three successive proof of con...
http://www.fireeye.com/blog/threat-research/2020/08/repurposing-neural-networks-to-generate-synthetic-media-for-information-operations.html
Published: 2020 08 05 18:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Cyber Tzar Sites

Cyber Tzar Score Analysis

Article: Analyzing Dark Crystal RAT, a C# Backdoor - published over 4 years ago.
Content: The FireEye Mandiant Threat Intelligence Team helps protect our customers by tracking cyber attackers and the malware they use. The FLARE Team helps augment our threat intelligence by reverse engineering malware samples. Recently, FLARE worked on a new C# variant of Dark Crystal RAT (DCRat) that the threat intel team passed to us. We reviewed ope...
http://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-rat-backdoor.html
Published: 2020 05 12 14:30:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Developer? Secuity Assesor? Risk Manager? Actary? We can help, whatever you need

Article: Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach - published over 4 years ago.
Content: The FireEye Front Line Applied Research & Expertise (FLARE) Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the lack of novel functionalities and features, this ...
http://www.fireeye.com/blog/threat-research/2020/08/bypassing-masslogger-anti-analysis-man-in-the-middle-approach.html
Published: 2020 08 06 19:15:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Article: A Hands-On Introduction to Mandiant's Approach to OT Red Teaming - published over 4 years ago.
Content: Operational technology (OT) asset owners have historically considered red teaming of OT and industrial control system (ICS) networks to be too risky due to the potential for disruptions or adverse impact to production systems. While this mindset has remained largely unchanged for years, Mandiant's experience in the field suggests that these perspec...
http://www.fireeye.com/blog/threat-research/2020/08/hands-on-introduction-to-mandiant-approach-to-ot-red-teaming.html
Published: 2020 08 25 09:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Developer? Secuity Assesor? Risk Manager? Actary? We can help, whatever you need

Cyber Tzar Risk Impact Distribution

Article: Emulation of Malicious Shellcode With Speakeasy - published over 4 years ago.
Content: In order to enable emulation of malware samples at scale, we have developed the Speakeasy emulation framework. Speakeasy aims to make it as easy as possible for users who are not malware analysts to acquire triage reports in an automated way, as well as enabling reverse engineers to write custom plugins to triage difficult malware families. Orig...
http://www.fireeye.com/blog/threat-research/2020/08/emulation-of-malicious-shellcode-with-speakeasy.html
Published: 2020 08 26 15:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Learn more about our products

Article: A "DFUR-ent" Perspective on Threat Modeling and Application Log Forensic Analysis - published about 4 years ago.
Content: Many organizations operating in e-commerce, hospitality, healthcare, managed services, and other service industries rely on web applications. And buried within the application logs may be the potential discovery of fraudulent use and/or compromise! But, let's face it, finding evil in application logs can be difficult and overwhelming for a few reas...
http://www.fireeye.com/blog/threat-research/2020/09/dfur-ent-perspective-on-threat-modeling-and-application-log-forensic-analysis.html
Published: 2020 09 14 16:30:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Article: APT41: A Dual Espionage and Cyber Crime Operation - published over 5 years ago.
Content: Today, FireEye Intelligence is releasing a comprehensive report detailing APT41, a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in parallel with financially motivated operations. APT41 is unique among tracked China-based actors in that it leverages non-public malware typically reserved for espionage campai...
http://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
Published: 2019 08 07 12:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Learn more about our products

Cyber Tzar Risk Impact Assesment

Article: Fuzzing Image Parsing in Windows, Part One: Color Profiles - published about 4 years ago.
Content: Image parsing and rendering are basic features of any modern operating system (OS). Image parsing is an easily accessible attack surface, and a vulnerability that may lead to remote code execution or information disclosure in such a feature is valuable to attackers. In this multi-part blog series, I am reviewing Windows OS’ built-in image parsers a...
http://www.fireeye.com/blog/threat-research/2020/09/fuzzing-image-parsing-in-windows-color-profiles.html
Published: 2020 09 24 15:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

View our available products

Article: Detecting Microsoft 365 and Azure Active Directory Backdoors - published about 4 years ago.
Content: Mandiant has seen an uptick in incidents involving Microsoft 365 (M365) and Azure Active Directory (Azure AD). Most of these incidents are the result of a phishing email coercing a user to enter their credentials used for accessing M365 into a phishing site. Other incidents have been a result of password spraying, password stuffing, or simple brute...
http://www.fireeye.com/blog/threat-research/2020/09/detecting-microsoft-365-azure-active-directory-backdoors.html
Published: 2020 09 30 16:45:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Article: FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft - published about 4 years ago.
Content: Mandiant Threat Intelligence recently promoted a threat cluster to a named FIN (or financially motivated) threat group for the first time since 2017. We have detailed FIN11's various tactics, techniques and procedures in a report that is available now by signing up for Mandiant Advantage Free. In some ways, FIN11 is reminiscent of APT1; they are n...
http://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html
Published: 2020 10 14 12:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Re-Score Report

View our available products

Cyber Tzar Your Score Explained

Article: Flare-On 7 Challenge Solutions - published about 4 years ago.
Content: We are thrilled to announce the conclusion of the seventh annual Flare-On challenge. This year proved to be the most difficult challenge we’ve produced, with the lowest rate of finishers. This year’s winners are truly the elite of the elite! Lucky for them, all 260 winners will receive this cyberpunk metal key. We would like to thank the challe...
http://www.fireeye.com/blog/threat-research/2020/10/flare-on-7-challenge-solutions.html
Published: 2020 10 24 00:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

View our product reports

Article: Welcome to ThreatPursuit VM: A Threat Intelligence and Hunting Virtual Machine - published about 4 years ago.
Content: Skilled adversaries can deceive detection and often employ new measures in their tradecraft. Keeping a stringent focus on the lifecycle and evolution of adversaries allows analysts to devise new detection mechanisms and response processes. Access to the appropriate tooling and resources is critical to discover these threats within a timely and a...
http://www.fireeye.com/blog/threat-research/2020/10/threatpursuit-vm-threat-intelligence-and-hunting-virtual-machine.html
Published: 2020 10 28 15:30:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Ransomware Protection and Containment Strategies: Practical Guidance for Endpoint Protection, Hardening, and Containment - published about 5 years ago.
Content: UPDATE (Oct. 30, 2020): We have updated the report to include additional protection and containment strategies based on front-line visibility and response efforts in combating ransomware. While the full scope of recommendations included within the initial report remain unchanged, the following strategies have been added into the report: ...
http://www.fireeye.com/blog/threat-research/2019/09/ransomware-protection-and-containment-strategies.html
Published: 2019 09 05 09:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

View our product reports

Cyber Tzar Risk Groups Explained

Article: In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871 - published about 4 years ago.
Content: FireEye Mandiant has been investigating compromised Oracle Solaris machines in customer environments. During our investigations, we discovered an exploit tool on a customer’s system and analyzed it to see how it was attacking their Solaris environment. The FLARE team’s Offensive Task Force analyzed the exploit to determine how it worked, reproduced...
http://www.fireeye.com/blog/threat-research/2020/11/critical-buffer-overflow-vulnerability-in-solaris-can-allow-remote-takeover.html
Published: 2020 11 04 19:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Our principles

Article: Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 - published about 4 years ago.
Content: Through Mandiant investigation of intrusions, the FLARE Advanced Practices team observed a group we track as UNC1945 compromise managed service providers and operate against a tailored set of targets within the financial and professional consulting industries by leveraging access to third-party networks (see this blog post for an in-depth descripti...
http://www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html
Published: 2020 11 02 19:15:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser - published about 4 years ago.
Content: Throughout 2020, ransomware activity has become increasingly prolific, relying on an ecosystem of distinct but co-enabling operations to gain access to targets of interest before conducting extortion. Mandiant Threat Intelligence has tracked several loader and backdoor campaigns that lead to the post-compromise deployment of ransomware, sometimes w...
http://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html
Published: 2020 10 28 22:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Our principles

Cyber Tzar Change Over Time (Extended)

Article: WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques - published about 4 years ago.
Content: Microsoft is known for their backwards compatibility. When they rolled out the 64-bit variant of Windows years ago they needed to provide compatibility with existing 32-bit applications. In order to provide seamless execution regardless of application bitness, the WoW (Windows on Windows) system was coined. This layer, which will be referred to as ...
http://www.fireeye.com/blog/threat-research/2020/11/wow64-subsystem-internals-and-hooking-techniques.html
Published: 2020 11 09 19:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Read our FAQ

Article: CertUtil Qualms: They Came to Drop FOMBs - published about 5 years ago.
Content: This blog post covers an interesting intrusion attempt that Mandiant Managed Defense thwarted involving the rapid weaponization of a recently disclosed vulnerability combined with the creative use of WMI compiled “.bmf” files and CertUtil for obfuscated execution. This intrusion attempt highlights a number of valuable lessons in security, chiefly:...
http://www.fireeye.com/blog/threat-research/2019/10/certutil-qualms-they-came-to-drop-fombs.html
Published: 2019 10 29 18:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Hard Pass: Declining APT34’s Invite to Join Their Professional Network - published over 5 years ago.
Content: Background With increasing geopolitical tensions in the Middle East, we expect Iran to significantly increase the volume and scope of its cyber espionage campaigns. Iran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision makers and key organizations that may have information that ...
http://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
Published: 2019 07 18 15:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Read our FAQ

Cyber Tzar Change Over Time (Extended)

Article: COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module - published over 4 years ago.
Content: During a recent investigation at a telecommunications company led by Mandiant Managed Defense, our team was tasked with rapidly identifying systems that had been accessed by a threat actor using legitimate, but compromised domain credentials. This sometimes-challenging task was made simple because the customer had enabled the Logon Tracker modu...
http://www.fireeye.com/blog/threat-research/2020/08/cookiejar-tracking-adversaries-with-fireeye-endpoint-security-module.html
Published: 2020 08 11 17:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

How we calculate your Cyber Risk Score

Article: Head Fake: Tackling Disruptive Ransomware Attacks - published about 5 years ago.
Content: Within the past several months, FireEye has observed financially-motivated threat actors employ tactics that focus on disrupting business processes by deploying ransomware in mass throughout a victim’s environment. Understanding that normal business processes are critical to organizational success, these ransomware campaigns have been accompanied w...
http://www.fireeye.com/blog/threat-research/2019/10/head-fake-tackling-disruptive-ransomware-attacks.html
Published: 2019 10 01 10:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Purgalicious VBA: Macro Obfuscation With VBA Purging
Content:
http://www.fireeye.com/blog/threat-research/2020/11/purgalicious-vba-macro-obfuscation-with-vba-purging.html
Published: :
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

How we calculate your Cyber Risk Score

Cyber Tzar Change Over Time (Extended)

Article: Election Cyber Threats in the Asia-Pacific Region - published about 4 years ago.
Content: In democratic societies, elections are the mechanism for choosing heads of state and policymakers. There are strong incentives for adversary nations to understand the intentions and preferences of the people and parties that will shape a country's future path and to reduce uncertainty about likely winners. Mandiant Threat Intelligence regularly obs...
http://www.fireeye.com/blog/threat-research/2020/11/election-cyber-threats-in-the-asia-pacific-region.html
Published: 2020 11 22 23:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Understand your Cyber Tzar Risk Groups

Article: Using Speakeasy Emulation Framework Programmatically to Unpack Malware - published almost 4 years ago.
Content: Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox of sorts, this entry will highlight another powerful use of the framework: automated malware unpacking. I will demonstrate, with code exampl...
http://www.fireeye.com/blog/threat-research/2020/12/using-speakeasy-emulation-framework-programmatically-to-unpack-malware.html
Published: 2020 12 01 20:30:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Unauthorized Access of FireEye Red Team Tools - published almost 4 years ago.
Content: Overview A highly sophisticated state-sponsored adversary stole FireEye Red Team tools. Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to use the stolen tools themselves or publicly disclose them, FireEye is releasing hundreds of countermeasures with this blog post to enable the broader ...
http://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
Published: 2020 12 08 21:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Understand your Cyber Tzar Risk Groups

Cyber Tzar Change Over Time (Extended)

Article: Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor - published almost 4 years ago.
Content: Executive Summary We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452. FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST. The attacker’s post compromise activity leverages multiple techniq...
http://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Published: 2020 12 13 22:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Using the Cyber Tzar platform; easy as 1, 2, 3, 4.

Article: SUNBURST Additional Technical Details - published almost 4 years ago.
Content: FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed a global intrusion campaign by a sophisticated thr...
http://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html
Published: 2020 12 24 20:15:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Marketplace Benchmark

Article: Excelerating Analysis – Tips and Tricks to Analyze Data with Microsoft Excel - published almost 5 years ago.
Content: Incident response investigations don’t always involve standard host-based artifacts with fully developed parsing and analysis tools. At FireEye Mandiant, we frequently encounter incidents that involve a number of systems and solutions that utilize custom logging or artifact data. Determining what happened in an incident involves taking a dive into ...
http://www.fireeye.com/blog/threat-research/2019/12/tips-and-tricks-to-analyze-data-with-microsoft-excel.html
Published: 2019 12 03 16:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Benchmark Summary

Using the Cyber Tzar platform; easy as 1, 2, 3, 4.

Cyber Tzar Change Over Time (Extended)

Article: Emulation of Kernel Mode Rootkits With Speakeasy - published almost 4 years ago.
Content: In August 2020, we released a blog post about how the Speakeasy emulation framework can be used to emulate user mode malware such as shellcode. If you haven’t had a chance, give the post a read today. In addition to user mode emulation, Speakeasy also supports emulation of kernel mode Windows binaries. When malware authors employ kernel mode mal...
http://www.fireeye.com/blog/threat-research/2021/01/emulation-of-kernel-mode-rootkits-with-speakeasy.html
Published: 2021 01 20 16:45:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Validation is required for our most comprehensive scans

Article: Training Transformers for Cyber Security Tasks: A Case Study on Malicious URL Prediction - published almost 4 years ago.
Content: Highlights Perform a case study on using Transformer models to solve cyber security problems Train a Transformer model to detect malicious URLs under multiple training regimes Compare our model against other deep learning methods, and show it performs on-par with other top-scoring models Identify issues with applying generative p...
http://www.fireeye.com/blog/threat-research/2021/01/training-transformers-for-cyber-security-tasks-malicious-url-prediction.html
Published: 2021 01 21 17:30:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Basic)

Article: Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication - published almost 4 years ago.
Content: FireEye Email Security recently encountered various phishing campaigns, mostly in the Americas and Europe, using source code obfuscation with compromised or bad domains. These domains were masquerading as authentic websites and stole personal information such as credit card data. The stolen information was then shared to cross-platform, cloud-bas...
http://www.fireeye.com/blog/threat-research/2021/01/phishing-campaign-woff-obfuscation-telegram-communications.html
Published: 2021 01 26 20:45:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Port Vulnerability Scan Report

Validation is required for our most comprehensive scans

Cyber Tzar Change Over Time (Extended)

Article: FLARE VM Update - published about 6 years ago.
Content: FLARE VM is the first of its kind reverse engineering and malware analysis distribution on Windows platform. Since its introduction in July 2017, FLARE VM has been continuously trusted and used by many reverse engineers, malware analysts, and security researchers as their go-to environment for analyzing malware. Just like the ever-evolving securi...
http://www.fireeye.com/blog/threat-research/2018/11/flare-vm-update.html
Published: 2018 11 14 20:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

The Cyber Tzar technology stack

Article: A Totally Tubular Treatise on TRITON and TriStation - published over 6 years ago.
Content: Introduction In December 2017, FireEye's Mandiant discussed an incident response involving the TRITON framework. The TRITON attack and many of the publicly discussed ICS intrusions involved routine techniques where the threat actors used only what is necessary to succeed in their mission. For both INDUSTROYER and TRITON, the attackers moved from t...
http://www.fireeye.com/blog/threat-research/2018/06/totally-tubular-treatise-on-triton-and-tristation.html
Published: 2018 06 07 14:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Port Vulnerability Scan Report

Article: Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two) - published almost 4 years ago.
Content: In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device (referred to throughout as X2e device). In Part One, we discussed the X2e at a high level, performed initial network-based attacks, then discussed the hardware techniques used to gain a remote shell on the X2e device as a non-privileged system user. In this se...
http://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-two.html
Published: 2021 02 17 13:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Port Vulnerability Scan Report

The Cyber Tzar technology stack

Cyber Tzar Re-Score Report

Article: Mandiant Exposes APT1 – One of China's Cyber Espionage Units & Releases 3,000 Indicators - published almost 12 years ago.
Content: Today, The Mandiant® Intelligence Center™ released an unprecedented report exposing APT1's multi-year, enterprise-scale computer espionage campaign. APT1 is one of dozens of threat groups Mandiant tracks around the world and we consider it to be one of the most prolific in terms of the sheer quantity of information it has stolen. Highlig...
http://www.fireeye.com/blog/threat-research/2013/02/mandiant-exposes-apt1-chinas-cyber-espionage-units.html
Published: 2013 02 19 07:00:45
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Why Cyber Tzar?

Article: Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One) - published almost 4 years ago.
Content: In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s (now owned by Tesla) rebranded ConnectPort X2e device, which is used in residential solar installations....
http://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html
Published: 2021 02 17 13:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Port Vulnerability Scan Report

Article: Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion - published almost 4 years ago.
Content: Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, several organizations that h...
http://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html
Published: 2021 02 22 14:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar SSL Certificate Health Check

Why Cyber Tzar?

Cyber Tzar Top Ten Vulnerabilities Explained

Article: So Unchill: Melting UNC2198 ICEDID to Ransomware Operations - published almost 4 years ago.
Content: Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye released a blog post detailing intrusion tradecraft associated with the deployment of MAZE. As of publishing this post, we track 11 disti...
http://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html
Published: 2021 02 25 16:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar: Our Vision

Article: Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory - published over 3 years ago.
Content: Continuing our discussion of image parsing vulnerabilities in Windows, we take a look at a comparatively less popular vulnerability class: uninitialized memory. In this post, we will look at Windows’ inbuilt image parsers—specifically for vulnerabilities involving the use of uninitialized memory. The Vulnerability: Uninitialized Memory In unman...
http://www.fireeye.com/blog/threat-research/2021/03/fuzzing-image-parsing-in-windows-uninitialized-memory.html
Published: 2021 03 03 19:30:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar SSL Certificate Health Check

Article: New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452 - published over 3 years ago.
Content: Executive Summary In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository. SUNSHUTTLE is a second-stage backdoor written in GoLang that features some detection evasion capabilities. Mandiant observed SUNSHUTTLE at a victim compromised by UNC2452, and have indications that ...
http://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html
Published: 2021 03 04 17:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar SSL Certificate Health Check

Cyber Tzar: Our Vision

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities - published over 3 years ago.
Content: Beginning in January 2021, Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment. The observed activity included creation of web shells for persistent access, remote code execution, and reconnaissance for endpoint security solutions. Our investigation revealed that the file...
http://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html
Published: 2021 03 04 22:30:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Goals

Article: Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 - published almost 4 years ago.
Content: UPDATE (Mar. 18): Mandiant recently observed targeted threat actors modifying mailbox folder permissions of user mailboxes to maintain persistent access to the targeted users' email messages. This stealthy technique is not usually monitored by defenders and provides threat actors a way to access the desired email messages using any com...
http://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html
Published: 2021 01 19 14:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar SSL Certificate Health Check

Article: Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats - published over 4 years ago.
Content: There has only been a small number of broadly documented cyber attacks targeting operational technologies (OT) / industrial control systems (ICS) over the last decade. While fewer attacks is clearly a good thing, the lack of an adequate sample size to determine risk thresholds can make it difficult for defenders to understand the threat environment...
http://www.fireeye.com/blog/threat-research/2020/03/monitoring-ics-cyber-operation-tools-and-software-exploit-modules.html
Published: 2020 03 23 12:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Free Score Certificate

Cyber Tzar Goals

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service - published over 3 years ago.
Content: In this blog post we will describe: How attackers use the Background Intelligent Transfer Service (BITS) Forensic techniques for detecting attacker activity with data format specifications Public release of the BitsParser tool A real-world example of malware using BITS persistenc...
http://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html
Published: 2021 03 31 15:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Twitter

Article: M-Trends 2021: A View From the Front Lines - published over 3 years ago.
Content: We are thrilled to launch M-Trends 2021, the 12th edition of our annual FireEye Mandiant publication. The past year has been unique, as we witnessed an unprecedented combination of global events. Business operations shifted in response to the worldwide pandemic and threat actors continued to escalate the sophistication and aggressiveness of th...
http://www.fireeye.com/blog/threat-research/2021/04/m-trends-2021-a-view-from-the-front-lines.html
Published: 2021 04 13 13:45:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Summary

Article: Hacking Operational Technology for Defense: Lessons Learned From OT Red Teaming Smart Meter Control Infrastructure - published over 3 years ago.
Content: High-profile security incidents in the past decade have brought increased scrutiny to cyber security for operational technology (OT). However, there is a continued perception across critical infrastructure organizations that OT networks are isolated from public networks—such as the Internet. In Mandiant’s experience, the concept of an ‘air gap’ sep...
http://www.fireeye.com/blog/threat-research/2021/04/hacking-operational-technology-for-defense-lessons-learned.html
Published: 2021 04 13 15:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Your Score Explained

Cyber Tzar Twitter

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Abusing Replication: Stealing AD FS Secrets Over the Network - published over 3 years ago.
Content: Organizations are increasingly adopting cloud-based services such as Microsoft 365 to host applications and data. Sophisticated threat actors are catching on and Mandiant has observed an increased focus on long-term persistent access to Microsoft 365 as one of their primary objectives. The focus on developing novel and hard to detect methods to ach...
http://www.fireeye.com/blog/threat-research/2021/04/abusing-replication-stealing-adfs-secrets-over-the-network.html
Published: 2021 04 27 17:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar LinkedIn page

Article: Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity - published over 3 years ago.
Content: In July 2020, Mandiant Threat Intelligence released a public report detailing an ongoing influence campaign we named “Ghostwriter.” Ghostwriter is a cyber-enabled influence campaign which primarily targets audiences in Lithuania, Latvia and Poland and promotes narratives critical of the North Atlantic Treaty Organization’s (NATO) presence in ...
http://www.fireeye.com/blog/threat-research/2021/04/espionage-group-unc1151-likely-conducts-ghostwriter-influence-activity.html
Published: 2021 04 28 10:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Gold Score Certificate

Article: Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise - published over 3 years ago.
Content: In March 2021, Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security (ES) product that were being exploited in the wild. These vulnerabilities were executed in conjunction to obtain administrative access and code execution on a SonicWall ES device. The adversary leveraged these vulnerabilities, with intima...
http://www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise.html
Published: 2021 04 20 21:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Analysis

Cyber Tzar LinkedIn page

Cyber Tzar Top Ten Vulnerabilities Explained

Article: UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat - published over 3 years ago.
Content: Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously reported by other vendors as SOMBRAT. Mandiant has linked the use of SOMBRAT to the deployment of ransomware, which has not been previously repo...
http://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html
Published: 2021 04 29 21:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Facebook page

Article: The UNC2529 Triple Double: A Trifecta Phishing Campaign - published over 3 years ago.
Content: In December 2020, Mandiant observed a widespread, global phishing campaign targeting numerous organizations across an array of industries. Mandiant tracks this threat actor as UNC2529. Based on the considerable infrastructure employed, tailored phishing lures and the professionally coded sophistication of the malware, this threat actor appears expe...
http://www.fireeye.com/blog/threat-research/2021/05/unc2529-triple-double-trifecta-phishing-campaign.html
Published: 2021 05 04 14:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Impact Distribution

Article: Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day - published over 3 years ago.
Content: Executive Summary Mandiant recently responded to multiple security incidents involving compromises of Pulse Secure VPN appliances. This blog post examines multiple, related techniques for bypassing single and multifactor authentication on Pulse Secure VPN devices, persisting across upgrades, and maintaining access through webshells. The i...
http://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
Published: 2021 04 20 14:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Impact Assesment

Cyber Tzar Facebook page

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Shining a Light on DARKSIDE Ransomware Operations - published over 3 years ago.
Content: Update (May 14): Mandiant has observed multiple actors cite a May 13 announcement that appeared to be shared with DARKSIDE RaaS affiliates by the operators of the service. This announcement stated that they lost access to their infrastructure, including their blog, payment, and CDN servers, and would be closing their service. Decrypter...
http://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html
Published: 2021 05 11 21:30:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar's Cyber Security Risk Score

Article: Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises - published over 3 years ago.
Content: Attacks on control processes supported by operational technology (OT) are often perceived as necessarily complex. This is because disrupting or modifying a control process to cause a predictable effect is often quite difficult and can require a lot of time and resources. However, Mandiant Threat Intelligence has observed simpler attacks, where acto...
http://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html
Published: 2021 05 25 14:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Your Score Explained

Article: Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices - published over 3 years ago.
Content: On April 20, 2021, Mandiant published detailed results of our investigations into compromised Pulse Secure devices by suspected Chinese espionage operators. This blog post is intended to provide an update on our findings, give additional recommendations to network defenders, and discuss potential implications for U.S.-China strategic relations. ...
http://www.fireeye.com/blog/threat-research/2021/05/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices.html
Published: 2021 05 27 17:00:00
Received: 2021 06 06 09:05:11
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Groups Explained

Cyber Tzar's Cyber Security Risk Score

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Posh-Sysmon Module for Creating Sysmon Configuration Files - published almost 8 years ago.
Content: Why a PowerShell ModuleSysmon configuration can be complex in addition to hard to maintain by hand. For this purpose I created a module called Posh-Sysmon some time ago to aid in the creation and maintenance of configuration files. The module was initially written after the release of version 2.0 and has been maintained and expanded as new version have been ...
https://www.darkoperator.com/blog/2017/2/17/posh-sysmon-powershell-module-for-creating-sysmon-configuration-files
Published: 2017 02 20 11:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

More than just a Cyber Risk Score

Article: Home Lab - VPN - published over 7 years ago.
Content: Since our lab is isolated from the home network behind the router we need a way to access the VM's inside from our research systems. To access the systems behind the router we can use a VPN. With VyOS we have 2 options:L2TP/IPSec - Native support on Windows and OS X. Linux client support can be tricky.OpenVPN - Requires third party client installed, works we...
https://www.darkoperator.com/blog/2017/2/5/home-lab-vpn
Published: 2017 03 09 11:50:29
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Article: How Much Your Org Reaction to a Tweet Says? - published over 7 years ago.
Content: Recently Tavis Ormandy a well known vulnerability researcher from Google made a tweet about a vulnerability he and researcher Natalie Silvanovich from Google Project Zero found on the Windows OS that could be wormable. ...
https://www.darkoperator.com/blog/2017/5/7/how-much-your-org-reaction-to-a-tweet-says
Published: 2017 05 07 21:51:27
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

More than just a Cyber Risk Score

Cyber Tzar Top Ten Vulnerabilities Explained

Article: WanaCry Shows a Operational and Human Problem - published over 7 years ago.
Content: This last couple of day the headline has been the WannaCry ransomeware worm. I have seen many discussion about the technical aspects of it, about the disclosure of the vulnerability and debates of who is at fault for its widespread effect (Microsoft, NSA, Shadow Brokers ..etc). Yet the big elephant in the room remains that this is history that will repeat it...
https://www.darkoperator.com/blog/2017/5/14/wanacry-a-operational-and-business-problem
Published: 2017 05 15 01:53:31
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Suppliers and just a Supply Chain Management

Article: Basics of Tracking WMI Activity - published about 7 years ago.
Content: WMI (Windows Management Instrumentation) has been part of the Windows Operating System since since Windows 2000 when it was included in the OS. The technology has been of great value to system administrators by providing ways to pull all types of information, configure components and take action based on state of several components of the OS. Due to this fle...
https://www.darkoperator.com/blog/2017/10/14/basics-of-tracking-wmi-activity
Published: 2017 10 16 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Article: Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events - published about 7 years ago.
Content: In my previous blog post I covered how Microsoft has enhanced WMI logging in the latest versions of their client and server operating systems. WMI Permanent event logging was also added in version 6.10 specific events for logging permanent event actions. The new events are:Event ID 19: WmiEvent (WmiEventFilter activity detected). When a WMI event filter is r...
https://www.darkoperator.com/blog/2017/10/15/sysinternals-sysmon-610-tracking-of-permanent-wmi-events
Published: 2017 10 18 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Suppliers and just a Supply Chain Management

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Update to Pentest Metasploit Plugin - published about 7 years ago.
Content: I recently update my Metasploit Pentest Plugin . I added 2 new commands to the plugin and fixed issues when printing information as a table. The update are small ones.Lets take a look at the changes for the plugin. We can start by loading the plugin in a Metasploit Framework session.msf > load pentest ___ _ _ ___ _ ...
https://www.darkoperator.com/blog/2017/10/17/update-to-pentest-metasploit-plugin
Published: 2017 10 19 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar's approach to Security Rating Services

Article: Basics of The Metasploit Framework API - IRB Setup - published about 7 years ago.
Content: Those of you who have taken my "Automating Metasploit Framework" class all this material should not be new. I have decided to start making a large portion of the class available here in the blog as a series. On this post I will cover the basics of setting up IRB so we can start exploring in a general sense the Metasploit Framework API. The API is extensive a...
https://www.darkoperator.com/blog/2017/10/21/basics-of-the-metasploit-framework-irb-setup
Published: 2017 10 23 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Article: Switching Ruby Version in RVM for Metasploit Development - published about 7 years ago.
Content: If you have setup a development environment with RVM to do development in Metasploit Framework you are bound to encounter that the Metasploit team has changed preferred Ruby versions.carlos@ubuntu:/opt$ cd metasploit-framework/ ruby-2.4.2 is not installed. To install do: 'rvm install ruby-2.4.2' You get a useful message that mentions the RVM command you need...
https://www.darkoperator.com/blog/2017/10/22/switching-ruby-version-in-rvm-for-metasploit-development
Published: 2017 10 25 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Cyber Tzar's approach to Security Rating Services

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Windows Defender Exploit Guard ASR VBScript/JS Rule - published about 7 years ago.
Content: Microsoft has been adding to Windows 10 the features of the Enhanced Mitigation Experience Toolkit (EMET) in to the OS. On the 1709 release they added more features and expanded on them as part of Windows Defender Exploit Guard One of the features of great interest for me is Attack Surface Reduction. I have used this feature in EMET with great success as a m...
https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule
Published: 2017 11 07 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Risk Impact Assessments from Cyber Tzar

Article: Windows Defender Exploit Guard ASR Obfuscated Script Rule - published about 7 years ago.
Content: On this blog post I will cover my testing of the Attack Surface Reduction rule for Potentially Obfuscated Scripts. This is one of the features that intrigued me the most. One obfuscates the scripts for several reasons:Bypass detection controls like AV, automatic log analysis and other controls. Hinder analysis of the script to determine its purpose and actio...
https://www.darkoperator.com/blog/2017/11/8/windows-defender-exploit-guard-asr-obfuscated-script-rule
Published: 2017 11 08 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Re-Score Report

Article: Windows Defender Exploit Guard ASR Rules for Office - published about 7 years ago.
Content: On this blog post I continue looking at the ASR rules, this time I'm looking at the ASR rules for Office. The ASR rules for office are:Block Office applications from creating child processesBlock Office applications from creating executable contentBlock Office applications from injecting code into other processesBlock Win32 API calls from Office macroThese ...
https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
Published: 2017 11 14 11:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Risk Impact Assessments from Cyber Tzar

Cyber Tzar Marketplace Benchmark

Article: Some Comments and Thoughts on Tradecraft - published about 7 years ago.
Content: I have been writing a series on the new Windows Defender Exploit Guard features on Attack Surface Reduction where I cover my research on it. I'm researching the controls to add the information in to my personal playbook. Surprisingly in conversations with some Red Teamers I know they dismissed the information as it is a Blue/Defense technology. These comment...
https://www.darkoperator.com/blog/2017/11/20/some-comments-and-thoughts-on-tradecraft
Published: 2017 11 20 11:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar's Automated Penetration Test

Article: Operational Look at Sysinternals Sysmon 6.20 Update - published almost 7 years ago.
Content: Sysmon has been a game changer for many organizations allowing their teams to fine tune their detection of malicious activity when combined with tools that aggregate and correlate events. A new version of Symon was recently released. Version 6.20 fixes bugs and adds new features. Some the of the note worthy changes for me are:Enhancements in WMI Logging. Ab...
https://www.darkoperator.com/blog/2017/11/24/operational-look-at-sysinternals-sysmon-620-update
Published: 2017 11 27 11:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Rebuilding My Playbook .. Knowledge Base - published almost 7 years ago.
Content: I find myself in the situation where I lost my personal playbook by user error. I accidentally deleted the VM where I ran xWiki where it was kept and did not realized the mistake until days later. Even if painful to rebuild it is a good opportunity to think on how to better organize it and put it in a more flexible format. I Initially called my collection o...
https://www.darkoperator.com/blog/2017/12/10/nmba1hrmndda8m3eo7ipoh7bxvphz4
Published: 2017 12 13 11:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Cyber Tzar's Automated Penetration Test

Cyber Tzar Benchmark Summary

Article: Operating Offensively Against Sysmon - published about 6 years ago.
Content: Sysmon is a tool written by Mark Russinovich that I have covered in multiple blog post and even wrote a PowerShell module called Posh-Sysmon to help with the generation of configuration files for it. Its main purpose is for the tracking of potentially malicious activity on individual hosts and it is based on the same technology as Procmon. It differs from ot...
https://www.darkoperator.com/blog/2018/10/5/operating-offensively-against-sysmon
Published: 2018 10 08 10:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Pen Testing at Cyber Tzar

Article: Being Grateful at Heilderburg - published over 5 years ago.
Content: Recently while in the bar of the Crown Plaza in Heidelberg for the Troopers conference I became aware of the number of how grateful I should be for what I have in this industry. For what I’m grateful for is not technical or recognition but of the group of people in the industry, I have the honor to call friends. I would like to share some of them in this blo...
https://www.darkoperator.com/blog/2019/3/24/being-grateful-at-heilderburg
Published: 2019 03 25 01:06:52
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Getting DNS Client Cached Entries with CIM/WMI - published almost 5 years ago.
Content: What is DNS CacheThe DNS cache maintains a database of recent DNS resolution in memory. This allows for faster resolution of hosts that have been queried in the recent past. To keep this cache fresh and reduce the chance of stale records the time of items in the cache is of 1 day on Windows clients. The DNS Client service in Windows is the one that manages t...
https://www.darkoperator.com/blog/2020/1/14/getting-dns-client-cached-entries-with-cimwmi
Published: 2020 02 03 10:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Pen Testing at Cyber Tzar

Cyber Tzar Change Over Time (Basic)

Article: Operational Thoughts in Trying Times - published over 4 years ago.
Content: This post is as much as a reminder to myself of where I should focus on the multiple jobs I have and also share with the community are large what I consider important and key in this trying times. Last year a dinner I had a very nice conversation with my friend Ed Skoudis on security consultancies and how many operated. This conversation covered many aspect...
https://www.darkoperator.com/blog/2020/5/6/operational-thoughts-in-trying-times
Published: 2020 05 06 10:00:31
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Shift Left and SecDevOps Integration

Article: Beyond the Technical - Advise for those starting in Infosec - published almost 4 years ago.
Content:
https://www.darkoperator.com/blog/2020/12/28/beyond-the-technical-advise-for-those-starting-in-infosec
Published: 2020 12 28 12:00:00
Received: 2021 06 06 09:05:08
Feed: Blog
Source: Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Dissecting Weird Packets - published over 5 years ago.
Content: I was investigating traffic in my home lab yesterday, and noticed that about 1% of the traffic was weird. Before I describe the weird, let me show you a normal frame for comparison's sake.This is a normal frame with Ethernet II encapsulation. It begins with 6 bytes of the destination MAC address, 6 bytes of the source MAC address, and 2 bytes of an Ethertype...
https://taosecurity.blogspot.com/2019/05/dissecting-weird-packets.html
Published: 2019 05 09 14:30:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Shift Left and SecDevOps Integration

Cyber Tzar Port Vulnerability Scan Report

Article: Know Your Limitations - published over 5 years ago.
Content: At the end of the 1973 Clint Eastwood movie Magnum Force, after Dirty Harry watches his corrupt police captain explode in a car, he says "a man's got to know his limitations."I thought of this quote today as the debate rages about compromising municipalities and other information technology-constrained yet personal information-rich organizations.Several year...
https://taosecurity.blogspot.com/2019/05/know-your-limitations.html
Published: 2019 05 29 13:55:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar's Third Party Risk Management

Article: Reference: TaoSecurity News - published over 5 years ago.
Content: I started speaking publicly about digital security in 2000. I used to provide this information on my Web site, but since I don't keep that page up-to-date anymore, I decided to publish it here.2017 Mr. Bejtlich led a podcast titled Threat Hunting: Past, Present, and Future, in early July 2017. He interviewed four of the original six GE-CIRT ...
https://taosecurity.blogspot.com/2019/07/reference-taosecurity-news.html
Published: 2019 07 01 12:00:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Reference: TaoSecurity Research - published over 5 years ago.
Content: I started publishing my thoughts and findings on digital security in 1999. I used to provide this information on my Web site, but since I don't keep that page up-to-date anymore, I decided to publish it here.2015 and later: Please visit Academia.edu for Mr. Bejtlich's most recent research.2014 and earlier: Seven Tips for Small Business Security, in the Huff...
https://taosecurity.blogspot.com/2019/07/reference-taosecurity-research.html
Published: 2019 07 01 12:00:00
Received: 2021 06 06 09:05:05
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Cyber Tzar's Third Party Risk Management

Cyber Tzar Port Vulnerability Scan Report

All Articles

Ordered by Date Received : Year: "2021" Month: "06"
Page: << < 185 (of 221) > >>

Total Articles in this collection: 11,093

"All Articles" links back to the front page, effectivly the Planet "Home Page"; shows all articles, with no selections, or groupings.
Default date ordering is by "Received Date" (due to not all RSS feeds having a "Published Date").
Only Published Date selections use the articles Published Date.
The first page always shows fifty items plus from zero to up to a remaining forty-nine items, before they are commited permently to the next page.
All subsequent pages show fifty items.
Pagination is in reverse ordering (so that pages are permamenent links, aka "permalinks", to their content).
"<<" moves you to the first page (aka newest articles)
">>" moves you to the last page (aka oldest articles)
"<" moves you to the previous page (aka newer articles)
">" moves you to the next page (aka older articles)
Return to the top of this page Go Now

Ordered by Date Received : Year: "2021" Month: "06" Page: << < 185 (of 221) > >>

Total Articles in this collection: 11,093

Ordered by Date Received : Year: "2021" Month: "06" Page: << < 185 (of 221) > >>

Total Articles in this collection: 11,093

Navigation Help

Custom HTML Block

Ordered by Date Received : Year: "2021" Month: "06"
Page: << < 185 (of 221) > >>

Ordered by Date Received : Year: "2021" Month: "06"
Page: << < 185 (of 221) > >>