Spear Phishing Remains Preferred Point of Entry in Targeted, Persistent Attacks

Persistent targeted attacks against the government, financial services, manufacturing and critical infrastructure take on many characteristics. Attackers can have different backgrounds and motivations, and the tools they use can range from commodity malware to zero-day exploits. One characteristi...

PlugX is Becoming Mature

By Dmitry Tarakanov Recently, a new Remote Administration Tool has been discovered that started appearing here and there in targeted attacks. This tool is “PlugX”. Researchers have even tracked someone suspected of creating that malware – one of the members of the Chinese hacking group NCPH, whic...

Update: Adobe Working to Confirm New Reader Zero-Day Sandbox-Bypass Exploit

Adobe said today it has been in contact with the Russian security company Group-IB, which discovered a zero-day vulnerability in Adobe Reader and yesterday reported the existance of a pricey exploit circulating on the black market. The exploit, according to Group-IB, bypasses Adobe’s sandbox...

An In-Depth Look Into Data Stacking

Mandiant's Nick Bennett and Jake Valletta discussed data stacking at MIRcon™ last month. If you were unable to attend the talk, we will discuss this data analysis technique here on the M-Unition blog. What is Data Stacking? Data stacking is the application of frequency analysis to large volumes o...

Cyber threats a major risk to business

When it comes to security, small and midsize businesses are largely unaware of the risks they face. Cybercrime is a serious problem which affects businesses of all sizes and can have devastating consequences. U.S. small businesses should understand they cannot completely remain safe from...

Gathering Threat Intelligence With Open Tools

Threat intelligence is one of the go-to buzz phrases for many people in the security industry right now, and it’s thrown in so many contexts and situations, it’s quickly becoming almost meaningless. Most people understand that they need to get better information about what’s happening both on the...

Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks

Adobe announced today it was the victim of an APT-style attack after two malicious utilities commonly used in targeted attacks for privilege escalation and pivoting within a network were discovered signed by a valid Adobe digital certificate. Adobe said it will revoke the certificate next week...

New Zero-Day Vulnerability Found in Java 5, 6 and 7; 1.1 Billion Desktops Affected

Just when you thought it was safe to go back to using Java, security researchers have found another gaping hole that could impact potentially more than 1.1 billion desktops running the Oracle-owned platform. A critical vulnerability in all of the latest versions of Java SE software was discovered...

Tool Scans for RTF Files Spreading Malware in Targeted Attacks

Exploits embedded inside Microsoft Office documents such as Word, PDFs and Excel spreadsheets have been at the core of many targeted attacks during the past 24 months. Detection of these attack methods is improving and nimble hackers are recognizing the need for new avenues into enterprise...

Microsoft Changes Mind; Will Patch Flash on IE 10 Before Windows 8 Ships

Microsoft has reversed course and said it will patch a serious Adobe Flash vulnerability in Windows 8 and Internet Explorer 10 before the new Microsoft OS ships Oct. 26. Microsoft had previously said it would wait until after the ship date to update Flash, which is integrated into the browser...

Oracle Releases Fix For Java CVE-2012-4681 Flaw

Oracle on Thursday released a new version of Java that included a fix for the CVE-2012-4681 vulnerability that has been used in limited targeted attacks in the last couple of weeks. The release of Java 7 update 7 comes about four days after the Java flaw was publicly disclosed, but several months...

New Java Zero Day Being Used in Targeted Attacks

There is a newly discovered zero day vulnerability in Java 7 that is being used in some targeted attacks right now. The vulnerability works against Internet Explorer and Firefox and researchers say that attackers are exploiting in the wild and installing a version of the Poison Ivy RAT on...

Adobe Flash Player 11.3 Kern Table Parsing Integer Overflow

This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a specially crafted .otf font file with a large nTables value in the 'kern' header, it is possible to trigger an integer overflow, which results in remote code execution und...

Shamoon Malware : Permanently wiping data from Energy Industry Computers

Malware researchers have uncovered an attack targeting an organization in the energy industry that attempts to wreak havoc by permanently wiping data from an infected computer's hard drive and rendering the machine unusable. Symantec would not name the victimized firm, and so far has seen the...

Microsoft Patches Critical MS12-060 Office Flaw Being Used in Targeted Attacks

Microsoft on Tuesday fixed a critical vulnerability in a component of Office, SQL Server and other widely deployed applications that attackers already are using in targeted attacks. The flaw in the Microsoft Common Controls component, which was one of the 26 vulnerabilities fixed in nine bulletin...

Experts Say Better Security Rests on Cooperation, More Data

LAS VEGAS–Reflecting on the successes and failures in the industry in the last 15 years, a panel of security experts at Black Hat said that while defenses have gotten better, attackers have as well and there is a long way to go before defenders have the upper hand. If that ever happens, they said...

Rash Identity Theft Sweeps Small Kentucky Town

Dozens of individuals from Winchester, a small Kentucky town east of Lexington have been targeted by hackers, according to a report earlier this week in the Lexington Herald-Leader. The newspaper claims between 50 and 100 diners at Puerta Grande, a small Mexican restaurant, were hit with bank fra...

Blackshades RAT Pops Up in Attacks on Syrian Activists

They just do not stop having targeted malware attacks in Syria. Just a few days after the author of the Dark Comet RAT announced he was shutting down development and sales of the tool, partly because it was used in attacks by the Syrian government, experts have found that pro-government attackers...

Targeted Attacks on Small Businesses Increase in 2012

In the first six months of 2012, 36 percent of targeted attacks focused on small businesses of fewer than 250 employees, and there were an average of 58 attacks per day, according to a new research report. At the end of 2011, small businesses were on the receiving end of only 18 percent of such...

Dalai Lama's Birthday Used As Bait In Targeted Attacks

Followers and supporters of Tibetan Buddhist leader the Dalai Lama were the targets of an e-mail borne attack that used news of the spiritual leader’s birthday to trick recipients into installing a surreptitious monitoring program on their computers. Researchers at Kaspersky Lab identified a numb...