Lucene search
+L
FireeyeRecent

545 matches found

FireEye
FireEye
added 2016/07/27 10:0 a.m.16 views

Red Team Tool Roundup

In many cases Red Team tools are not written because someone feels like writing a tool, or wakes up one morning thinking, “I want to write a tool today”. Red Teamers generally identify tedious tasks in their methodology and then create tools that automate these tasks for current and future...

7.8AI score
Exploits0
FireEye
FireEye
added 2016/07/19 8:45 p.m.12 views

Amazon Same Day Credential Shipping

FireEye has identified a campaign involving phishing websites that appear as legitimate Amazon sites. Amazon is the largest online retailer and threat actors frequently target its customers. In this attack, a person browsing the internet would be directed to authentic looking – yet fake – Amazon...

6.9AI score
Exploits0References3
FireEye
FireEye
added 2016/07/19 4:45 p.m.11 views

Amazon Same Day Credential Shipping

FireEye has identified a campaign involving phishing websites that appear as legitimate Amazon sites. Amazon is the largest online retailer and threat actors frequently target its customers. In this attack, a person browsing the internet would be directed to authentic looking – yet fake – Amazon...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/07/19 4:45 p.m.12 views

Amazon Same Day Credential Shipping

FireEye has identified a campaign involving phishing websites that appear as legitimate Amazon sites. Amazon is the largest online retailer and threat actors frequently target its customers. In this attack, a person browsing the internet would be directed to authentic looking – yet fake – Amazon...

0.7AI score
Exploits0
FireEye
FireEye
added 2016/07/18 12:0 p.m.22 views

Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection

Ransomware is a common method of cyber extortion for financial gain that typically involves users being unable to interact with their files, applications or systems until a ransom is paid. Accessibility of cryptocurrency such as Bitcoin has directly contributed to this ransomware model. Based on...

7AI score
Exploits0References5
FireEye
FireEye
added 2016/07/18 8:0 a.m.44 views

Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection

Ransomware is a common method of cyber extortion for financial gain that typically involves users being unable to interact with their files, applications or systems until a ransom is paid. Accessibility of cryptocurrency such as Bitcoin has directly contributed to this ransomware model. Based on...

0.3AI score
Exploits0
FireEye
FireEye
added 2016/07/18 8:0 a.m.22 views

Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection

Ransomware is a common method of cyber extortion for financial gain that typically involves users being unable to interact with their files, applications or systems until a ransom is paid. Accessibility of cryptocurrency such as Bitcoin has directly contributed to this ransomware model. Based on...

7AI score
Exploits0
FireEye
FireEye
added 2016/07/14 8:37 p.m.258 views

Exploit Kits Quickly Adopt Exploit Thanks to Open Source Release

A security researcher recently published source code for a working exploit for CVE-2016-0189 and the Neutrino Exploit Kit EK quickly adopted it. CVE-2016-0189 was originally exploited as a zero-day vulnerability in targeted attacks in Asia. The vulnerability resides within scripting engines in...

10CVSS9.6AI score0.94996EPSS
Exploits55References3
FireEye
FireEye
added 2016/07/14 4:37 p.m.913 views

Exploit Kits Quickly Adopt Exploit Thanks to Open Source Release

A security researcher recently published source code for a working exploit for CVE-2016-0189 and the Neutrino Exploit Kit EK quickly adopted it. CVE-2016-0189 was originally exploited as a zero-day vulnerability in targeted attacks in Asia. The vulnerability resides within scripting engines in...

10CVSS0.9AI score0.94996EPSS
Exploits55
FireEye
FireEye
added 2016/07/14 4:37 p.m.654 views

Exploit Kits Quickly Adopt Exploit Thanks to Open Source Release

A security researcher recently published source code for a working exploit for CVE-2016-0189 and the Neutrino Exploit Kit EK quickly adopted it. CVE-2016-0189 was originally exploited as a zero-day vulnerability in targeted attacks in Asia. The vulnerability resides within scripting engines in...

10CVSS9.6AI score0.94996EPSS
Exploits55
FireEye
FireEye
added 2016/06/28 5:0 a.m.29 views

The Latest Android Overlay Malware Spreading via SMS Phishing in Europe

Introduction In April 2016, while investigating a Smishing campaign dubbed RuMMS that involved the targeting of Android users in Russia, we also noticed three similar Smishing campaigns reportedly spreading in Denmark February 2016, in Italy February 2016, and in both Denmark and Italy April 2016...

7.2AI score
Exploits0
FireEye
FireEye
added 2016/06/28 5:0 a.m.30 views

The Latest Android Overlay Malware Spreading via SMS Phishing in Europe

Introduction In April 2016, while investigating a Smishing campaign dubbed RuMMS that involved the targeting of Android users in Russia, we also noticed three similar Smishing campaigns reportedly spreading in Denmark February 2016, in Italy February 2016, and in both Denmark and Italy April 2016...

7.3AI score
Exploits0
FireEye
FireEye
added 2016/06/24 5:30 p.m.12 views

Locky is Back Asking for Unpaid Debts

On June 21, 2016, FireEye’s Dynamic Threat Intelligence DTI identified an increase in JavaScript contained within spam emails. FireEye analysts determined the increase was the result of a new Locky ransomware spam campaign. As shown in Figure 1, Locky spam activity was uninterrupted until June 1,...

7.2AI score
Exploits0
FireEye
FireEye
added 2016/06/24 1:30 p.m.14 views

Locky is Back Asking for Unpaid Debts

On June 21, 2016, FireEye’s Dynamic Threat Intelligence DTI identified an increase in JavaScript contained within spam emails. FireEye analysts determined the increase was the result of a new Locky ransomware spam campaign. As shown in Figure 1, Locky spam activity was uninterrupted until June 1,...

0.3AI score
Exploits0
FireEye
FireEye
added 2016/06/24 1:30 p.m.14 views

Locky is Back Asking for Unpaid Debts

On June 21, 2016, FireEye’s Dynamic Threat Intelligence DTI identified an increase in JavaScript contained within spam emails. FireEye analysts determined the increase was the result of a new Locky ransomware spam campaign. As shown in Figure 1, Locky spam activity was uninterrupted until June 1,...

7.2AI score
Exploits0
FireEye
FireEye
added 2016/06/23 9:0 a.m.17 views

Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS)

Introduction and Motivation Have you ever run strings.exe on a malware executable and its output provided you with IP addresses, file names, registry keys, and other indicators of compromise IOCs? Great! No need to run further analysis or hire expensive experts to determine if a file is malicious...

Exploits0
FireEye
FireEye
added 2016/06/23 9:0 a.m.28 views

Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS)

Introduction and Motivation Have you ever run strings.exe on a malware executable and its output provided you with IP addresses, file names, registry keys, and other indicators of compromise IOCs? Great! No need to run further analysis or hire expensive experts to determine if a file is malicious...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/06/20 8:0 p.m.63 views

Red Line Drawn: China Recalculates Its Use of Cyber Espionage

On Sept. 25, 2015, President Barack Obama and Chinese President Xi Jinping agreed that neither government would “conduct or knowingly support cyber-enabled theft of intellectual property” for an economic advantage. Some observers hailed the agreement as a game changer for U.S. and Chinese...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/06/20 8:0 p.m.18 views

Red Line Drawn: China Recalculates Its Use of Cyber Espionage

On Sept. 25, 2015, President Barack Obama and Chinese President Xi Jinping agreed that neither government would “conduct or knowingly support cyber-enabled theft of intellectual property” for an economic advantage. Some observers hailed the agreement as a game changer for U.S. and Chinese...

7.3AI score
Exploits0
FireEye
FireEye
added 2016/06/20 12:0 p.m.27 views

Resurrection of the Evil Miner

At FireEye Labs, we recently detected the resurgence of a coin mining campaign with a novel and unconventional infection vector in the form of an iFRAME inline frame – an HTML document embedded inside another HTML document on a web page that allows users to get content from another separate sourc...

7.2AI score
Exploits0References1
FireEye
FireEye
added 2016/06/20 8:0 a.m.59 views

Resurrection of the Evil Miner

At FireEye Labs, we recently detected the resurgence of a coin mining campaign with a novel and unconventional infection vector in the form of an iFRAME inline frame – an HTML document embedded inside another HTML document on a web page that allows users to get content from another separate sourc...

7AI score
Exploits0
FireEye
FireEye
added 2016/06/20 8:0 a.m.28 views

Resurrection of the Evil Miner

At FireEye Labs, we recently detected the resurgence of a coin mining campaign with a novel and unconventional infection vector in the form of an iFRAME inline frame – an HTML document embedded inside another HTML document on a web page that allows users to get content from another separate sourc...

7.2AI score
Exploits0
FireEye
FireEye
added 2016/06/16 12:0 a.m.10 views

EMEA Organizations Must Rise to the Challenge of Stopping Advanced Threats

Since 2010, Mandiant, a FireEye company, has presented trends, statistics and case studies of cyber attacks involving advanced threat actors. As part of its many global investigations in 2015, Mandiant responded to several breaches in Europe, Middle East and Africa EMEA. Throughout the year we...

6.7AI score
Exploits0
FireEye
FireEye
added 2016/06/16 12:0 a.m.11 views

EMEA Organizations Must Rise to the Challenge of Stopping Advanced Threats

Since 2010, Mandiant, a FireEye company, has presented trends, statistics and case studies of cyber attacks involving advanced threat actors. As part of its many global investigations in 2015, Mandiant responded to several breaches in Europe, Middle East and Africa EMEA. Throughout the year we...

7.2AI score
Exploits0
FireEye
FireEye
added 2016/06/14 12:0 p.m.19 views

Pwned by Vpon

Vpon is one of many mobile ad SDKs marketed towards mainland Chinese and Taiwanese developers and app users. Recently, FireEye mobile security researchers identified a branch of Vpon ad SDK on iOS containing code that allows a malicious actor be it the app developer or the SDK creator to remotely...

7AI score
Exploits0References15
FireEye
FireEye
added 2016/06/14 8:0 a.m.24 views

Pwned by Vpon

Vpon is one of many mobile ad SDKs marketed towards mainland Chinese and Taiwanese developers and app users. Recently, FireEye mobile security researchers identified a branch of Vpon ad SDK on iOS containing code that allows a malicious actor be it the app developer or the SDK creator to remotely...

0.9AI score
Exploits0
FireEye
FireEye
added 2016/06/14 8:0 a.m.11 views

Pwned by Vpon

Vpon is one of many mobile ad SDKs marketed towards mainland Chinese and Taiwanese developers and app users. Recently, FireEye mobile security researchers identified a branch of Vpon ad SDK on iOS containing code that allows a malicious actor be it the app developer or the SDK creator to remotely...

7AI score
Exploits0
FireEye
FireEye
added 2016/06/10 10:0 a.m.11 views

Connected Cars: The Open Road for Hackers

As vehicles become both increasingly complex and better connected to the Internet, their newfound versatility may be manipulated for malicious purposes. Three of the most concerning potential threats looking ahead to the next few years are those posed by manipulating vehicle operation, ransomware...

0.2AI score
Exploits0
FireEye
FireEye
added 2016/06/10 10:0 a.m.20 views

Connected Cars: The Open Road for Hackers

As vehicles become both increasingly complex and better connected to the Internet, their newfound versatility may be manipulated for malicious purposes. Three of the most concerning potential threats looking ahead to the next few years are those posed by manipulating vehicle operation, ransomware...

7AI score
Exploits0
FireEye
FireEye
added 2016/06/07 12:0 p.m.26 views

Rotten Apples: Apple-like Malicious Phishing Domains

At FireEye Labs we have an automated system designed to proactively detect newly registered malicious domains. This system observed some phishing domains registered in the first quarter of 2016 that were designed to appear as legitimate Apple domains. These phony Apple domains were involved in...

6.7AI score
Exploits0References3
FireEye
FireEye
added 2016/06/07 8:0 a.m.90 views

Rotten Apples: Apple-like Malicious Phishing Domains

At FireEye Labs we have an automated system designed to proactively detect newly registered malicious domains. This system observed some phishing domains registered in the first quarter of 2016 that were designed to appear as legitimate Apple domains. These phony Apple domains were involved in...

6.7AI score
Exploits0
FireEye
FireEye
added 2016/06/07 8:0 a.m.75 views

Rotten Apples: Apple-like Malicious Phishing Domains

At FireEye Labs we have an automated system designed to proactively detect newly registered malicious domains. This system observed some phishing domains registered in the first quarter of 2016 that were designed to appear as legitimate Apple domains. These phony Apple domains were involved in...

6.5AI score
Exploits0
FireEye
FireEye
added 2016/06/06 12:0 p.m.10 views

Angler Exploit Kit Evading EMET

We recently encountered some exploits from Angler Exploit Kit EK that are completely evading Microsoft’s Enhanced Mitigation Experience Toolkit EMET. This is something we are seeing for the first time in the wild, and we only observed it affecting systems running Windows 7. Angler EK uses complex...

7.6AI score
Exploits0
FireEye
FireEye
added 2016/06/06 8:0 a.m.19 views

Angler Exploit Kit Evading EMET

We recently encountered some exploits from Angler Exploit Kit EK that are completely evading Microsoft’s Enhanced Mitigation Experience Toolkit EMET. This is something we are seeing for the first time in the wild, and we only observed it affecting systems running Windows 7. Angler EK uses complex...

7.8AI score
Exploits0
FireEye
FireEye
added 2016/06/06 8:0 a.m.18 views

Angler Exploit Kit Evading EMET

We recently encountered some exploits from Angler Exploit Kit EK that are completely evading Microsoft’s Enhanced Mitigation Experience Toolkit EMET. This is something we are seeing for the first time in the wild, and we only observed it affecting systems running Windows 7. Angler EK uses complex...

7.6AI score
Exploits0
FireEye
FireEye
added 2016/06/03 1:30 a.m.431 views

APT Group Sends Spear Phishing Emails to Indian Government Officials

Introduction On May 18, 2016, FireEye Labs observed a suspected Pakistan-based APT group sending spear phishing emails to Indian government officials. This threat actor has been active for several years and conducting suspected intelligence collection operations against South Asian political and...

9.3CVSS7.7AI score0.99966EPSS
Exploits12
FireEye
FireEye
added 2016/06/03 1:30 a.m.387 views

APT Group Sends Spear Phishing Emails to Indian Government Officials

Introduction On May 18, 2016, FireEye Labs observed a suspected Pakistan-based APT group sending spear phishing emails to Indian government officials. This threat actor has been active for several years and conducting suspected intelligence collection operations against South Asian political and...

9.3CVSS0.2AI score0.99966EPSS
Exploits12
FireEye
FireEye
added 2016/06/02 12:0 p.m.16 views

IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems

In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering FLARE team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE...

7.4AI score
Exploits0References5
FireEye
FireEye
added 2016/06/02 8:0 a.m.17 views

IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems

In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering FLARE team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE...

Exploits0
FireEye
FireEye
added 2016/06/02 8:0 a.m.13 views

IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems

In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering FLARE team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE...

7.4AI score
Exploits0
FireEye
FireEye
added 2016/05/22 3:0 a.m.16 views

Targeted Attacks against Banks in the Middle East

Introduction In the first week of May 2016, FireEye’s DTI identified a wave of emails containing malicious attachments being sent to multiple banks in the Middle East region. The threat actors appear to be performing initial reconnaissance against would-be targets, and the attacks caught our...

7.1AI score
Exploits0
FireEye
FireEye
added 2016/05/22 3:0 a.m.18 views

Targeted Attacks against Banks in the Middle East

UPDATE Dec. 8, 2017: We now attribute this campaign to APT34, a suspected Iranian cyber espionage threat group that we believe has been active since at least 2014. Learn more about APT34 and their late 2017 targeting of a government organization in the Middle East. Introduction In the first week ...

7AI score
Exploits0
FireEye
FireEye
added 2016/05/20 2:59 p.m.762 views

How RTF malware evades static signature-based detection

History Rich Text Format RTF is a document format developed by Microsoft that has been widely used on various platforms for more than 29 years. The RTF format is very flexible and therefore complicated. This makes the development of a safe RTF parsers challenging. Some notorious vulnerabilities...

9.3CVSS8.2AI score0.99966EPSS
Exploits35
FireEye
FireEye
added 2016/05/20 2:59 p.m.2457 views

How RTF malware evades static signature-based detection

History Rich Text Format RTF is a document format developed by Microsoft that has been widely used on various platforms for more than 29 years. The RTF format is very flexible and therefore complicated. This makes the development of a safe RTF parsers challenging. Some notorious vulnerabilities...

9.3CVSS9.2AI score0.99966EPSS
Exploits35
FireEye
FireEye
added 2016/05/18 8:0 a.m.23 views

Ransomware Activity Spikes in March, Steadily increasing throughout 2016

UPDATE June 15, 2016: This post has been updated to include new data on ransomware activity, which is also now broken down by region. Cyber extortion for financial gain is typically carried out in one of two ways. The first method is a business disruption attack – a category we discussed at lengt...

0.8AI score
Exploits0
FireEye
FireEye
added 2016/05/18 8:0 a.m.17 views

Ransomware Activity Spikes in March, Steadily increasing throughout 2016

UPDATE June 15, 2016: This post has been updated to include new data on ransomware activity, which is also now broken down by region. Cyber extortion for financial gain is typically carried out in one of two ways. The first method is a business disruption attack – a category we discussed at lengt...

7.1AI score
Exploits0
FireEye
FireEye
added 2016/05/14 12:0 a.m.58 views

CVE-2016-4117: Flash Zero-Day Exploited in the Wild

On May 8, 2016, FireEye detected an attack exploiting a previously unknown vulnerability in Adobe Flash Player CVE-2016-4117 and reported the issue to the Adobe Product Security Incident Response Team PSIRT. Adobe released a patch for the vulnerability in APSB16-15 just four days later. Attackers...

10CVSS8.9AI score0.94354EPSS
Exploits6References1
FireEye
FireEye
added 2016/05/13 8:0 p.m.180 views

CVE-2016-4117: Flash Zero-Day Exploited in the Wild

On May 8, 2016, FireEye detected an attack exploiting a previously unknown vulnerability in Adobe Flash Player CVE-2016-4117 and reported the issue to the Adobe Product Security Incident Response Team PSIRT. Adobe released a patch for the vulnerability in APSB16-15 just four days later. Attackers...

10CVSS8.9AI score0.94354EPSS
Exploits6
FireEye
FireEye
added 2016/05/13 8:0 p.m.241 views

CVE-2016-4117: Flash Zero-Day Exploited in the Wild

On May 8, 2016, FireEye detected an attack exploiting a previously unknown vulnerability in Adobe Flash Player CVE-2016-4117 and reported the issue to the Adobe Product Security Incident Response Team PSIRT. Adobe released a patch for the vulnerability in APSB16-15 just four days later. Attackers...

10CVSS0.5AI score0.94354EPSS
Exploits6
FireEye
FireEye
added 2016/05/12 5:30 p.m.10 views

Cerber Ransomware Partners with the Dridex Spam Distributor

Cerber ransomware incorporates the unusual feature of “speaking” its ransom message after successfully infecting a user machine and encrypting files. Cerber was first seen in the wild at the end of February 2016 and was observed being delivered mostly via exploit kits EK, notably using Magnitude...

6.9AI score
Exploits0References3
Total number of security vulnerabilities545