Lucene search
K

513 matches found

ThreatPost
ThreatPost
added 2021/03/04 10:19 p.m.81 views

Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers

Researchers have uncovered more custom malware that is being used by the threat group behind the SolarWinds attack. Researchers with Microsoft and FireEye identified three new pieces of malware that the companies said are being used in late-stage activity by the threat actor previously called...

7.5AI score
Exploits0References19
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/03/04 5:0 p.m.276 views

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. As we have shared previously, we have observed the threat actor using...

Exploits0
The Hacker News
The Hacker News
added 2021/02/23 7:18 a.m.112 views

Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks

Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance FTA servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546. The attacks, which began in mid-December 2020, involved exploiting...

10CVSS0.7AI score0.56686EPSS
Exploits0
FireEye
FireEye
added 2021/02/17 12:0 a.m.228 views

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s now owned by Tesla rebranded ConnectPort X2e device...

7.2CVSS8.6AI score0.01165EPSS
Exploits2References21
Qualys Blog
Qualys Blog
added 2021/02/01 8:40 p.m.1011 views

Unpacking the CVEs in the FireEye Breach – Start Here First

In a blog post on Dec. 22, 2020, Qualys revealed it has identified 7.5 million instances of vulnerability to the stolen FireEye Red Team assessment tools across an anonymized set of its 15,700-member customer base. Of the 7.5 million instances of vulnerability, 99.84% were caused by only 8 CVEs,...

10CVSS0.4AI score0.99999EPSS
Exploits228
Schneier on Security
Schneier on Security
added 2021/01/21 12:31 p.m.73 views

SVR Attacks on Microsoft 365

FireEye is reporting the current known tactics that the SVR used to compromise Microsoft 365 cloud data as part of its SolarWinds operation: Mandiant has observed UNC2452 and other threat actors moving laterally to the Microsoft 365 cloud using a combination of four primary techniques: Steal the...

1.6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/01/20 5:30 p.m.206 views

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

More than a month into the discovery of Solorigate, investigations continue to unearth new details that prove it is one of the most sophisticated and protracted intrusion attacks of the decade. Our continued analysis of threat data shows that the attackers behind Solorigate are skilled campaign...

0.3AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/01/20 5:30 p.m.309 views

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

More than a month into the discovery of Solorigate, investigations continue to unearth new details that prove it is one of the most sophisticated and protracted intrusion attacks of the decade. Our continued analysis of threat data shows that the attackers behind Solorigate are skilled campaign...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/15 11:31 a.m.71 views

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti or APT41, Positive Technologies dated the first...

0.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/01/12 8:50 p.m.45 views

SolarWinds: What Hit Us Could Hit Others

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the companys software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. Mo...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/01/12 7:35 p.m.156 views

Update on SolarWinds Supply-Chain Attack: SUNSPOT and New Malware Family Associations

This update is a continuation of our previous coverage of the SolarWinds supply-chain attack that was discovered by FireEye in December 2020. As of Jan. 11, 2021, new research has been published that expands the security community’s understanding of the breadth and depth of the SolarWinds attack...

0.2AI score
Exploits0
Securelist
Securelist
added 2021/01/11 10:0 a.m.87 views

Sunburst backdoor – code overlaps with Kazuar

Introduction On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named...

7.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/01/05 4:48 p.m.44 views

2020 Ends With A Bang

December 2020 was an eventful month in cyber security. This blog recaps three of the major security events we saw towards the end of last year. December began with FireEye’s breach announcement that included a leak of its red team tools arsenal. Quickly after this announcement, Imperva Threat...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/01 4:50 a.m.80 views

Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code

Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but no...

0.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/12/30 12:0 a.m.25 views

FireEye Endpoint Agent Installed (Windows)

Binary data fireeyeendpointagentwininstalled.nbin...

7.3AI score
Exploits0References1
The Hacker News
The Hacker News
added 2020/12/27 6:24 a.m.131 views

A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used t...

9.8CVSS0.3AI score0.9198EPSS
Exploits3
FireEye
FireEye
added 2020/12/24 12:0 a.m.141 views

SUNBURST Additional Technical Details

FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed...

7AI score
Exploits0References7
Qualys Blog
Qualys Blog
added 2020/12/22 9:17 p.m.1389 views

Qualys Security Advisory: SolarWinds / FireEye

Qualys Researchers found Millions of devices exposed to vulnerabilities used in the stolen FireEye Red Team tools and SolarWinds Orion by analyzing the anonymized set of vulnerabilities across Qualys’ worldwide customer base Qualys to offer a free 60-day integrated Vulnerability Management,...

10CVSS0.2AI score0.99999EPSS
Exploits268
Krebs on Security
Krebs on Security
added 2020/12/18 6:33 p.m.87 views

VMware Flaw a Vector in SolarWinds Breach?

U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a...

9CVSS1AI score0.23771EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2020/12/16 6:37 p.m.29 views

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a "killswitch" designed to turn the sprawling cybercrime operation against...

7.1AI score
Exploits0
Rows per page
Query Builder