545 matches found
End of Life for Internet Explorer 8, 9 and 10
Microsoft has started the year with an announcement that, effective Jan. 12, 2016, support for all older versions of Internet Explorer IE will come to an end known as an EoL, or End of Life. The affected versions are Internet Explorer 7, 8, 9, and 10. What this means for users is that Microsoft...
Sandworm Team and the Ukrainian Power Authority Attacks
Update 1.11.16 - SANS ICS Team Connects Dots Updating the blog entry to bring attention to the recent analysis published by Mike Assante from the SANS ICS team. "After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that...
Sandworm Team and the Ukrainian Power Authority Attacks
Update 1.11.16 - SANS ICS Team Connects Dots Updating the blog entry to bring attention to the recent analysis published by Mike Assante from the SANS ICS team. "After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that...
FLARE Script Series: Automating Obfuscated String Decoding
Introduction We are expanding our script series beyond IDA Pro. This post extends the FireEye Labs Advanced Reverse Engineering FLARE script series to an invaluable tool for the reverse engineer – the debugger. Just like IDA Pro, debuggers have scripting interfaces. For example, OllyDbg uses an...
The EPS Awakens - Part 2
On Wednesday, Dec. 16, 2015, FireEye published The EPS Awakens, detailing an exploit targeting a previously unknown Microsoft Encapsulated Postscript EPS dict copy use-after-free vulnerability that was silently patched by Microsoft on November 10, 2015. The blog described the technical details of...
SlemBunk: An Evolving Android Trojan Family Targeting Users of Worldwide Banking Apps
FireEye mobile researchers recently identified a series of Android trojan apps that are designed to imitate the legitimate apps of 33 financial management institutions and service providers across the globe. We dub the family “SlemBunk,” and have seen it covering three major continents: North...
The EPS Awakens
On September 8, FireEye published details about an attack exploiting zero day vulnerabilities in Microsoft Office CVE-2015-2545 and Windows CVE-2015-2546. The attack was particularly notable because it leveraged PostScript to drive memory corruption in a way that had never been seen before. The...
Uncovering Active PowerShell Data Stealing Campaigns
Loved by administrators, Windows PowerShell enables users to effectively perform automation and administrative tasks on local and remote systems. However, its power, ease of use, and widespread use has also made it attractive to attackers. Researchers first began demonstrating attacks involving...
LATENTBOT: Trace Me If You Can
FireEye Labs recently uncovered LATENTBOT, a new, highly obfuscated BOT that has been in the wild since mid-2013. It has managed to leave hardly any traces on the Internet, is capable of watching its victims without ever being noticed, and can even corrupt a hard disk, thus making a PC useless...
LATENTBOT: Trace Me If You Can
FireEye Labs recently uncovered LATENTBOT, a new, highly obfuscated BOT that has been in the wild since mid-2013. It has managed to leave hardly any traces on the Internet, is capable of watching its victims without ever being noticed, and can even corrupt a hard disk, thus making a PC useless...
Cybercrime News Results In Cybercrime Blues
INTRODUCTION FireEye Labs recently spotted a 2011 article on cybercrime from the news site theguardian.com that redirects users to the Angler Exploit Kit. Successful exploitation by Angler resulted in a malware infection for readers of the article. A spokesperson for the guardian.com responded th...
Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record
In September, Mandiant Consulting identified a financially motivated threat group targeting payment card data using sophisticated malware that executes before the operating system boots. This rarely seen technique, referred to as a ‘bootkit’, infects lower-level system components making it very...
China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets
FireEye Threat Intelligence analysts identified a spear phishing campaign carried out in August 2015 targeting Hong Kong-based media organizations. A China-based cyber threat group, which FireEye tracks as an uncategorized advanced persistent threat APT group and other researchers refer to as...
China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets
FireEye Threat Intelligence analysts identified a spear phishing campaign carried out in August 2015 targeting Hong Kong-based media organizations. A China-based cyber threat group, which FireEye tracks as an uncategorized advanced persistent threat APT group and other researchers refer to as...
ModPOS: Highly-Sophisticated, Stealthy Malware Targeting US POS Systems with High Likelihood of Broader Campaigns
Today, iSIGHT Partners is sharing details about a highly sophisticated criminal malware framework that has been used to target point-of-sale POS systems at US-based retailers. We believe this very hard to detect malware is likely being used in broader campaigns and are disclosing details to help...
Pinpointing Targets: Exploiting Web Analytics to Ensnare Victims
Over the past year, FireEye Threat Intelligence has identified suspected nation-state sponsored cyber-actors engaged in a large-scale reconnaissance effort. This effort makes use of web analytics—the technologies to collect, analyze, and report data The individuals behind this activity have amass...
FLARE IDA Pro Script Series: Automating Function Argument Extraction
...
Top-ranked Advertising Network Leads to Exploit Kit
Threat Overview The online advertisements that people see across a wide range of popular and lesser-known websites can lead to malware infections and other forms of compromise, sometimes without any user interaction whatsoever and without any indicators there is an issue. This emerging threat is...
iBackDoor: High-Risk Code Hits iOS Apps
Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display...
iBackDoor: High-Risk Code Hits iOS Apps
Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display...
XcodeGhost S: A New Breed Hits the US
Just over a month ago, iOS users were warned of the threat to their devices by the XcodeGhost malware. Apple quickly reacted, taking down infected apps from the App Store and releasing new security features to stop malicious activities. Through continuous monitoring of our customers’ networks,...
Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign
Adobe has already released a patch for CVE-2015-3113 with an out-of-band security bulletin . FireEye recommends that Adobe Flash Player users update to the latest version as soon as possible. FireEye MVX detects this threat as a web infection, the IPS engine reports the attack as CVE-2015-3113, a...
MIRcon 2014 – Day 2 Highlights
MIRcon 2014 It seemed fitting that the last day of MIRcon started with a total lunar eclipse and ended with an inspirational keynote address by renowned astrophysicist Dr. Neil deGrasse Tyson. After an amazing two days of content, MIRcon 2014 is officially in the books! Following are some of the...
MIRcon 2014 – Day 1 Highlights
The first day of MIRcon 2014 is officially done and was packed with thought-provoking keynotes, presentations and a one-of-a-kind reception. While there's too much to fit into this blog post, I wanted to provide you with some of the highlights: FireEye's COO, Kevin Mandia kicked-off MIRcon and wa...
Looking Ahead to MIRcon 2014
As targeted cyber attacks become increasingly prevalent, today's cybersecurity professionals are being tested like never before. The upcoming Mandiant Incident Response Conference MIRcon® - October 7 & 8, 2014 - offers attendees the chance to hear insights from some of the most respected and...
FLARE IDA Pro Script Series: Automatic Recovery of Constructed Strings in Malware
The FireEye Labs Advanced Reverse Engineering FLARE Team is dedicated to sharing knowledge and tools with the community. We started with the release of the FLARE On Challenge in early July where thousands of reverse engineers and security enthusiasts participated. Stay tuned for a write-up of the...
Havex, It’s Down With OPC
FireEye recently analyzed the capabilities of a variant of Havex referred to by FireEye as “Fertger” or “PEACEPIPE”, the first publicized malware reported to actively scan OPC servers used for controlling SCADA Supervisory Control and Data Acquisition devices in critical infrastructure e.g., wate...
Turing Test in Reverse: New Sandbox-Evasion Techniques Seek Human Interaction
Last year, we published a paper titled Hot Knives Through Butter, Evading File-Based Sandboxes. In this paper, we explained many sandbox evasion methods--and today's blog post adds to our growing catalog. In the past, for example, we detailed the inner workings of a Trojan we dubbed UpClicker. Th...
Mergers and Acquisitions: When Two Companies and APT Groups Come Together
With Apple’s purchase of Beats, Pfizer’s failed bids for AstraZeneca, and financial experts pointing to a rally in the M&A market, the last month was a busy one for mergers and acquisitions. Of course, when we first see headlines of a high profile company’s plans for a merger or acquisition, we...
Preparing for Managed Security Services
Wade Woolwine Presents at MIRcon® 2013 As a complement to my MIRcon® 2013 presentation titled "Getting the Best Bang for the Buck with Managed Security Providers" and to address some questions I received from the audience, I have prepared a quick summary of my presentation. Many businesses consid...
Critical Infrastructure Beyond the Power Grid
The term "critical infrastructure" has earned its spot on the board of our ongoing game of cyber bingo--right next to "Digital Pearl Harbor," "Cyber 9/11," "SCADA" and "Stuxnet." With "critical infrastructure" thrown about in references to cyber threats nearly every week, we thought it was time f...
General Michael Hayden Talks about the Future of Cybersecurity at MIRcon 2013
When you've got some of the cybersecurity industry's best and brightest practitioners in one room, just how do you top the conversations they're having across the breakfast table? By getting one of the foremost experts on cybersecurity to deliver a top notch speech on the future of the industry,...
MIRcon 2013 – Day 2 Highlights
Thanks for another wonderful MIRcon®, everyone! It's been an honor to bring together so many leading minds in cybersecurity, and to foster conversations about what we can all do to safeguard the information and innovationson which so much of us rely on. The second and final day of MIRcon 2013...
MIRcon 2013 – Day 1 Highlights
Happy Day 2 of MIRcon®! Yesterday, Mandiant's CEO Kevin Mandia kicked off MIRcon 2013 with a keynote on attacking the security gap, discussing the necessity of information-sharing and his experience witnessing the evolution of cybercrime. From there we moved on to thought-provoking discussions in...
MIRcon Preview: What to Expect in the Technical Track
MIRcon 2013, Nov. 5-6, Washington, DC is right around the corner. Have you registered yet? Don't miss out! With targeted attacks continuing for the foreseeable future, you should be sure to take advantage of this opportunity to learn from leading industry cybersecurity experts. The two day...
MIRcon Preview: Why C-Level Executives Should Attend
Security conferences come and go and most are well attended by information security practitioners for professional development and networking. But what about the executives who are responsible for strategy and who hold the budgets - what conferences should they attend? With MIRcon 2013, Nov. 5-6,...
Internet Explorer 8 Exploit Found in Watering Hole Campaign Targeting Chinese Dissidents
On March 16th, we discovered a premeditated waterhole campaign that hosts exploits and malware on websites frequented by a specific target group. In this case the target includes Chinese dissidents. For the attacker, this approach is highly attractive since it is very difficult to discover the...
Redline: Answering Your Questions
Those of you who attended the "Tools of Engagement: Redline™ - We've Got the Tool, If You've Got the Time" webinar last month by David Ross and myself will recall that we ran short on time while answering all of your questions. The webinar covered the latest updates to Redline, Mandiant's free to...
A Look Back at 2012: The Armory
As we are mere hours away from celebrating 2013, we'd like to focus today on M-Unition's Armory channel. The Armory is the place to be if you want to be the first to find out about the latest releases, free tools and of course, our ever popular M-Trends report. The most popular posts in this...
Memoryze for the Mac: Support Added for OS X Mountain Lion (10.8)
Earlier this year, Mandiant launched a new freeware tool: Memoryze for the Mac™. The tool brings many of the features of Memoryze™ to the Apple® Macintosh platform, enabling acquisition of memory images via the command-line or a simple GUI. We are excited to announce it now fully supports OS X...
An In-Depth Look Into Data Stacking
Mandiant's Nick Bennett and Jake Valletta discussed data stacking at MIRcon™ last month. If you were unable to attend the talk, we will discuss this data analysis technique here on the M-Unition blog. What is Data Stacking? Data stacking is the application of frequency analysis to large volumes o...
That’s a Wrap! Highlights from MIRcon 2012
Three years ago when we set out to create a conference that would bring together the greatest minds in the information security industry, we could not imagine the overwhelmingly positive response and growth MIRcon™ would receive year after year. Our goal for MIRcon is simple: to inform innovators...
New Mandiant Offering: Response Readiness Assessment
Today, I am pleased to announce the release of Mandiant's newest Strategic Solutions offering: Response Readiness Assessment. In this post, I'll explain what the service provides, why our customer's requested such a service, and who can benefit from the Response Readiness Assessment offering...
MIRcon 2012: Overall Themes for the Management Track
Mandiant will host its third annual MIRcon on October 17th and 18th in Washington, DC. I attended the previous two MIRcon conferences, first as Director of Incident Response for my previous employer, and last year as Mandiant's Chief Security Officer. Last year we decided to host both a technical...
Unibody Memory Analysis -- Introducing Memoryze™ for the Mac 1.0
Today, Mandiant is introducing a new free tool, Memoryze™ for the Mac 1.0, which brings memory imaging and analysis to the Mac. It joins a growing list of freeware tools Mandiant currently provides. Memoryze™ for the Mac 1.0 brings many of the features of Memoryze™ to the Apple Macintosh platform...