Security News

  • The Next Web
  • The Hackers News
  • Naked Security
  • HelpNet Security
  • Error
  • Security Week
  • Threat Post
  • Security Week
  • Security Affairs
  • IT World Canada
  • Fire Eye
  • Tech Channel

The Earth’s biosphere contains all the known ingredients necessary for life as we know it. Broadly speaking these are liquid water, at least one source of energy, and an inventory of biologically useful elements and molecules. But the recent discovery of possibly biogenic phosphine in the clouds of Venus reminds us that at least some of these ingredients exist elsewhere in the solar system too. So where are the other most promising locations for extra-terrestrial life? [Read: Are EVs too expensive? Here are 5 common myths, debunked] Mars Mars is one of the most Earth-like worlds in the solar system.…… [...]

TLDR: The Ultimate Google Ads and SEO Certification Bundle offer all web business owners insight into how to take control of their digital marketing fate. There’s a reason why Google’s parent company is the fifth richest company in the world. Because when you virtually control huge swathes of internet commerce, you’re bound to end up with some stunningly large coffers. Google accounts for 75 percent of all desktop search traffic and 95 percent of all mobile search traffic on the web. Search engine optimization (SEO) drives over 1,000 percent more traffic than organic social media. And over 80 percent of…… [...]

Facebook has announced the latest version of its successful standalone virtual reality (VR) headset, the Oculus Quest 2. The new device packs more computing power and a sharper screen than its predecessor, and is also US$100 cheaper. In the video above, Facebook’s Oculus Quest 2 (from AUD$479) — a powerful wireless VR headset for gaming and, Facebook hopes, much more.The Oculus Quest 2 is the latest step in Facebook’s long-term strategy of making VR more accessible and popular. Facebook recently brought all its VR work under the umbrella of Facebook Reality Labs, it has announced new applications like the Infinite…… [...]

In this article, you’ll learn (or remember) what is the one thing you need to start solving any problem. I wrote this originally for a talk I gave a while ago, and I also posted a video on my youtube channel, but I adapted it so you can read it. Ok… let’s start with a story. The drill saga I lived in Amsterdam for 3 years. When I moved there I was very lucky to find an apartment in a building that was recently finished. My wife and I were the first people to ever live in our apartment, and the building even…… [...]

At the start of the pandemic, there was concern that certain drugs for high blood pressure might be linked with worse outcomes for COVID-19 patients. Because of how the drugs work, it was feared they would make it easier for the coronavirus to get inside the body’s cells. Nevertheless, many national medical societies advised patients to continue taking their medication. With the potential for a second wave, it was essential to investigate whether patients could safely continue using these drugs. So, our team at the University of East Anglia set out to discover what effect they have on the progress…… [...]

Back in June, Twitter began testing a feature that would prompt users to read an article before they retweet it. Because, you know, that’s something everyone should be doing. Now the test is rolling out to everyone –and it’s probably one of the smartest things the company has done in a while. As a recap, the feature essentially calls you out when you try to retweet an article that you haven’t opened on Twitter. Before you’re able to share, you’ll see a prompt telling you that “headlines don’t tell the full story.” You’ll then have to confirm you want to…… [...]

Welcome to TNW Basics, a collection of tips, guides, and advice on how to easily get the most out of your gadgets, apps, and other stuff. Apple’s most recent overhaul of iOS adds multiple new bells and whistles to the platform, including the ability to completely change your screen layout and set your own default apps. However, it may be the new privacy updates that are the most important. Here’s what you need to know. There have been multiple additions, like light indicators near the battery display that show you that apps are using your microphone and camera, and clipboard notifications…… [...]

Disney is reportedly adding yet another Disney+ show to its Marvel queue — this time, starring Samuel L Jackson as Nick Fury. While Disney has not yet confirmed it, it would be in keeping with the pattern of the other Disney+ shows: it gives much-needed screentime to a character often crowded out in Avenger-filled movies, of whom we desperately need to see more. The report comes from Variety, which reports that Jackson will reprise his role as the character, while Tyler Bradstreet of Mr. Robot is attached as the show’s writer. In case you aren’t familiar, Jackson claimed the rights to the movie…… [...]

The Smooth XS from Zhiyun is an interesting take on the smartphone gimbal that attempts to snuggle the space between prosumer and novice gear. In many respects it passes with flying colors. The build quality, cost, and usability are all excellent in this gadget. But there are some cons here that could be deal breakers for some users. First off, this is a two-axis gimbal that only works with its own app. Before you read any further you should decide whether you’re shopping for a gimbal or a selfie stick. Because if you need a 3-axis gimbal for walking, riding,…… [...]

GOG and Konami today revealed it’s releasing several Konami titles on PC, including the first two Metal Gear Solid games. We’re getting several Castlevania and Contra games as well. Now we all know what we’re playing this weekend. Konami teased the release by tweeting a closed box emoji and a link to GOG. A mere 15 minutes later, GOG tweeted the news. Up to now, the rumor seemed to be that these games would be getting some kind of a PC release, but we didn’t know exactly when — but now we do. Classic @Konami titles now on GOG! 💜#MetalGear, #MetalGearSolid & Metal Gear Solid 2 redefined…… [...]

FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations

Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems. Developed by a German company, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also [...]

Microsoft Windows XP Source Code Reportedly Leaked Online

Microsoft's long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003. Yes, you heard that right. The source code for Microsoft's 19-year-old operating system was published as a torrent file on notorious bulletin board website 4chan, and it's for the very first [...]

Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers

As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution—with default [...]

Major Instagram App Bug Could've Given Hackers Remote Access to Your Phone

Ever wonder how hackers can hack your smartphone remotely? In a report shared with The Hacker News today, Check Point researchers disclosed details about a critical vulnerability in Instagram's Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image. What's more worrisome is that the flaw not only lets attackers [...]

Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability

If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed 'Zerologon' (CVE-2020-1472) and discovered by Tom Tervoort of Secura, the privilege escalation vulnerability exists due to the [...]

A New Hacking Group Hitting Russian Companies With Ransomware

As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia. The ransomware gang, codenamed "OldGremlin" and believed to be a Russian-speaking threat [...]

Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location

A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others. The logging database, however, doesn't include any personal details such as names or addresses. The data leak, discovered by Ata Hakcil of WizCase on September 12, is a massive 6.5TB cache of log [...]

British Hacker Sentenced to 5 Years for Blackmailing U.S. Companies

A UK man who threatened to publicly release stolen confidential information unless the victims agreed to fulfill his digital extortion demands has finally pleaded guilty on Monday at U.S. federal district court in St. Louis, Missouri. Nathan Francis Wyatt , 39, who is a key member of the infamous international hacking group 'The Dark Overlord,' has been sentenced to five years in prison and [...]

A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems

German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf (UKD) caused a failure of IT systems, resulting in the death of a woman who had to be sent to another hospital that was 20 miles away. The incident marks the first recorded casualty as a consequence of cyberattacks on critical healthcare facilities, which has ramped up in recent months. The [...]

A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network

Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the latest available version on the Google Play Store. ESET security researcher Lukas Stefanko yesterday tweeted an alert demonstrating the exploitation of a recently disclosed high-risk remote command execution vulnerability affecting the Firefox app for Android. Discovered [...]

Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents

Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information. The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with at least two different moving parts — one for [...]

U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence

The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country's Ministry of Intelligence and Security (MOIS) for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors. According to the U.S. Treasury and the Federal Bureau of Investigation (FBI), the sanctions target [...]

Android 11 — 5 New Security and Privacy Features You Need to Know

After a long wait and months of beta testing, Google last week finally released Android 11, the latest version of the Android mobile operating system—with features offering billions of its users more control over their data security and privacy. Android security is always a hot topic and almost always for the wrong reason, including Google's failure to prevent malicious apps from being [...]

Zenscrape: A Simple Web Scraping Solution for Penetration Testers

Did you ever try extracting any information from any website? Well, if you have then you have surely enacted web scraping functions without even knowing it! To put in simpler terms, Web scraping, or also known as web data extraction, is the process of recouping or sweeping data from web-pages. It is a much faster and easier process of retrieving data without undergoing the time-consuming [...]

U.S. Announces Charges Against 2 Russian and 2 Iranian Hackers

Immediately after revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the United States government yesterday also made two separate announcements charging two Iranian and two Russian hackers and added them to the FBI's most-wanted list. The two Russian nationals—Danil Potekhin and Dmitrii Karasavidi—are accused of stealing $16.8 million worth of cryptocurrencies in a series of [...]

FBI adds 5 Chinese APT41 hackers to its Cyber's Most Wanted List

The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking more than 100 companies throughout the world. Named as APT41 and also known as 'Barium,' 'Winnti, 'Wicked Panda,' and 'Wicked Spider,' the cyber-espionage group has been operating since at least 2012 and is not just [...]

2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General

The US Department of Justice (DoJ) on Tuesday indicted two hackers for their alleged involvement in defacing several websites in the country following the assassination of Iranian major general Qasem Soleimani earlier this January. Behzad Mohammadzadeh (aka Mrb3hz4d), 19, and Marwan Abusrour (aka Mrwn007), 25, have been charged with conspiracy to commit intentional damage to a protected [...]

New Report Explains COVID-19's Impact on Cyber Security

Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the Covid-19 pandemic in their cyberattacks. Of course, malicious emails would contain subjects relating to Covid-19, and malicious downloads would be Covid-19 related. This is how cybercriminals operate. Any opportunity to maximize effectiveness, no matter how contemptible [...]

Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web

In a new report into the global cybersecurity industry's exposure on the Dark Web this year, global application security company, ImmuniWeb, uncovered that 97% of leading cybersecurity companies have data leaks or other security incidents exposed on the Dark Web, while on average, there are over 4,000 stolen credentials and other sensitive data exposed per cybersecurity company. Even the [...]

CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies

The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities. "CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People's Republic of China using commercially available information [...]

New Linux Malware Steals Call Details from VoIP Softswitch Systems

Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata. "The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records (CDR)," ESET researchers said in a Thursday analysis. "To steal this [...]

New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) of devices [...]

Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange

Cybercriminals successfully plundered another digital cryptocurrency exchange. European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars. Eterbase, which has now entered maintenance mode until the security issue is resolved, described itself as Europe's Premier Digital Asset [...]

A Successful Self-Service Password Reset (SSPR) Project Requires User Adoption

IT help desks everywhere are having to adjust to the 'new normal' of supporting mainly remote workers. This is a major shift away from visiting desks across the office and helping ones with traditional IT support processes. Many reasons end-users may contact the helpdesk. However, password related issues are arguably the most common. Since the onset of the global pandemic that began earlier [...]

New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed "Raccoon Attack," the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret key used [...]

Blast from the past! Windows XP source code allegedly leaked online

Windows XP source code! Fair game to take a peek, or best to look away? [...]

SMS phishing scam pretends to be Apple “chatbot” – don’t fall for it!

If you got someone else's "free offer" in what looked like a misdirected message, would you take a peek? [...]

Naked Security Live – “The Zerologon hole: are you at risk?”

Naked Security Live - here's the recorded version of our latest video. Enjoy. [...]

A real-life Maze ransomware attack – “If at first you don’t succeed…”

The crooks wanted $15,000,000. They didn't get it. Huzzah! [...]

Zerologon – hacking Windows servers with a bunch of zeros

Cryptography is hard. And cryptographic blunders can be hard to spot. This one was there for years... [...]

Naked Security Live – “Should you worry about your wallpaper?”

Naked Security Live - here's the recorded version of our latest video. Enjoy. [...]

Serious Security: Hacking Windows passwords via your wallpaper

Themes and wallpapers - how dangerous can they really be? [...]

Fake web alerts – how to spot and stop them

How do you spot and deal with fake system alerts on both computers and mobile devices? [...]

Monday review – catch up on our latest articles and videos

Our recent articles and videos, all in one place. [...]

Phishing tricks – the Top Ten Treacheries of 2020

Here's the Top Ten - or perhaps we mean The Worst Ten. How many would you fall for? [...]

Here’s an overview of some of last week’s most interesting news and articles: CISA orders federal agencies to implement Zerologon fix If you had any doubts about the criticality of the Zerologon vulnerability (CVE-2020-1472) affecting Windows Server, here is a confirmation: the US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive instructing federal agencies to “immediately apply the Windows Server August 2020 security update to all domain controllers.” What are the traits … More → The post Week in review: Infosec career misconceptions and challenges, early warning signs of ransomware appeared first on Help Net Security. [...]

Two companies founded on security and privacy are partnering to make online payments quicker and safer. Password manager 1Password and virtual card platform Privacy.com announced an API integration that lets users create virtual cards in their browser quickly and safely when they need to make a payment. The FTC reports that credit card fraud is by far the most common type of identity theft, occurring in 41.8% of all identity theft reports. According to Javelin … More → The post 1Password and Privacy.com let consumers create virtual cards to ensure safe online payments appeared first on Help Net Security. [...]

More and more security professionals are realizing that it’s impossible to fully secure a Windows machine – with all its legacy components and millions of potentially vulnerable lines of code – from within the OS. With attacks becoming more sophisticated than ever, hypervisor-based security, from below the OS, becomes a necessity. Unlike modern OS kernels, hypervisors are designed for a very specific task. Their code is usually very small, well-reviewed and tested, making them very … More → The post Using virtualization to isolate risky applications and other endpoint threats appeared first on Help Net Security. [...]

Despite an 8% decrease in overall malware detections in Q2 2020, 70% of all attacks involved zero day malware – variants that circumvent antivirus signatures, which represents a 12% increase over the previous quarter, WatchGuard found. Malware detections during Q2 2020 Attackers are continuing to leverage evasive and encrypted threats. Zero day malware made up more than two-thirds of the total detections in Q2, while attacks sent over encrypted HTTPS connections accounted for 34%. This … More → The post Layered security becomes critical as malware attacks rise appeared first on Help Net Security. [...]

Government and financial service sectors globally are the most hack-resistant industries in 2020, according to Synack. Government and financial services scored 15 percent and 11 percent higher, respectively, than all other industries in 2020. Government agencies earned the top spot in part due to reducing the time it takes to remediate exploitable vulnerabilities by 73 percent. Throughout the year, both sectors faced unprecedented challenges due to the global pandemic, but still maintained a commitment to … More → The post What are the most hack-resistant industries? appeared first on Help Net Security. [...]

80% of organizations experienced a cybersecurity breach that originated from vulnerabilities in their vendor ecosystem in the past 12 months, and the average organization had been breached in this way 2.7 times, according to a BlueVoyant survey. The research also found organizations are experiencing multiple pain points across their cyber risk management program as they aim to mitigate risk across a network that typically encompasses 1409 vendors. The study was conducted by Opinion Matters and … More → The post Large vendor ecosystems and low visibility increase third-party cyber risk appeared first on Help Net Security. [...]

Business support systems (BSS) are necessary to provide the fast-changing requirements in 5G and enhance customer experiences, a Frost & Sullivan research reveals. They also help communication service providers (CSPs) deliver personalized service experiences for consumers and businesses. BSS market could experience a slowdown Vendors have introduced advanced BSS features, including the ability to support flexible deployments (core and edge) and options for network slice lifecycle management, which are critical in helping CSPs deliver on … More → The post Expansion opportunities in the next-generation wireless BSS market appeared first on Help Net Security. [...]

Honeywell announced the release of Pro-Watch Integrated Security Suite, a software platform designed to help protect people and property, optimize productivity and ensure compliance with industry regulations. The platform provides complete visibility of all connected systems and the scalability of the software makes it easy to grow with the changing needs of a business. Pro-Watch Intelligent Command is a web-based user interface that provides organizations complete situational awareness of their security system to protect people, … More → The post Honeywell launches web-based user interface that provides orgs complete situational awareness appeared first on Help Net Security. [...]

TIBCO empowers its customers to connect, unify, and confidently predict business outcomes, solving the world’s most complex data-driven challenges. TIBCO announced the launch of the TIBCO Any Data Hub, an all-encompassing data management blueprint that embraces distributed data environments. The framework offers necessary capabilities to support the demand for accurate and consistent data across the organization with trust and control, aligning IT and the business. Organizations continue to encounter issues managing inconsistent data and unifying … More → The post TIBCO Any Data Hub: Simplifying data unification appeared first on Help Net Security. [...]

Intel announced new enhanced internet of things (IoT) capabilities. The 11th Gen Intel Core processors, Intel Atom x6000E series, and Intel Pentium and Celeron N and J series bring new artificial intelligence (AI), security, functional safety and real-time capabilities to edge customers. With a robust hardware and software portfolio, an unparalleled ecosystem and 15,000 customer deployments globally, Intel is providing robust solutions for the $65 billion edge silicon market opportunity by 2024. “By 2023, up … More → The post Intel announces new processors enhanced specifically for essential IoT applications appeared first on Help Net Security. [...]

RSS Error: A feed could not be found at http://www.nist.org/nist_plugins/rss_menu/rss.php?1.3. A feed with an invalid mime type may fall victim to this error, or SimplePie was unable to auto-discover it.. Use force_feed() if you are certain this URL is a real feed.

A Chrome 85 update released by Google this week patches several high-severity vulnerabilities, including ones that can be exploited to hack users by convincing them to install malicious extensions. read more [...]

Apple on Thursday informed customers that it patched a total of four vulnerabilities across macOS Catalina, High Sierra and Mojave. read more [...]

Someone has leaked what appear to be source code files for the Windows XP and Windows Server 2003 operating systems read more [...]

Washington state is among those being targeted by a “large-scale, highly sophisticated” nationwide phishing campaign, the office of Gov. Jay Inslee said Thursday. read more [...]

A Maryland man was sentenced to 12 months and one day in prison for hacking into and damaging the computers of his former employer. From January 5, 2004, through August 6, 2015, the man, Shannon Stafford, 50, of Crofton, Maryland, was employed at an unnamed international company with thousands of offices worldwide, in the IT department. read more [...]

A threat actor was able to compromise the network of a federal agency and create a reverse proxy and install malware, the Cybersecurity and Infrastructure Security Agency (CISA) reported on Thursday. read more [...]

Tyler Technologies, a major provider of software and services for state and local governments in the United States, has confirmed that the recently disclosed cybersecurity incident involved ransomware. read more [...]

A Russian citizen accused of offering a Tesla employee $1 million to enable a ransomware attack at the electric car company’s plant in Nevada denied wrongdoing Thursday before a federal magistrate judge. read more [...]

Cisco on Thursday informed customers that it has patched 34 high-severity vulnerabilities affecting its IOS and IOS XE software, including many that can be exploited remotely without authentication. read more [...]

A vulnerability in Instagram allowed an attacker to take over an Instagram account and turn the victim's phone into a spying tool by simply sending a malicious image by any media exchange platform. read more [...]

A Nigerian hacker was sentenced to 36 months in prison in the United States for participating in a scheme that targeted government employees. The man, Olumide Ogunremi, also known as “Tony Williams,” 43, has admitted in federal court to participating in the computer hacking and identity theft scheme. read more [...]

The COVID-19 pandemic has apparently resulted in industrial systems being increasingly targeted by malicious actors through brute-force attacks on the Remote Desktop Protocol (RDP), Kaspersky reported on Thursday. read more [...]

A hacking group whose members are Russian speakers is targeting organizations in Russia and post-Soviet countries with ransomware, Group-IB’s security researchers have discovered. read more [...]

Microsoft says it has observed threat actors actively targeting the Zerologon vulnerability affecting Windows Server. read more [...]

TikTok is urging a federal court to block US President Donald Trump from banning the video app, arguing the move is motivated by election politics rather than legitimate national security concerns. read more [...]

Google this week announced the availability of Chronicle Detect, a threat detection solution for enterprises from Google Cloud. This is the first threat detection product out of the Chronicle cybersecurity platform after Chronicle became part of Google in June last year. read more [...]

The Dark Web Boundaries Are Not Always Clear, and Many Sites Fall in a Gray Area read more [...]

Google recently patched a privilege escalation vulnerability in OS Config, a Google Cloud Platform service for Compute Engine that is designed for managing operating systems running on virtual machine instances. read more [...]

Four leading voices in the bug bounty community answer frequently asked questions from bounty hunters, companies and curious cybersecurity professionals. [...]

The client's default configuration for SSL-VPN has a certificate issue, researchers said. [...]

The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks. [...]

Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone. [...]

An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks. [...]

The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit. [...]

Patches and workaround fixes address flaws on networking hardware running Cisco IOS XE software. [...]

Convincing SMS messages tell victims that they've been selected for a pre-release trial for the soon-to-be-launched device. [...]

A new 'fork' of the Cerberus banking trojan, called Alien, targets victims' credentials from more than 200 mobile apps, including Bank of America and Microsoft Outlook. [...]

A Samba patch and a micropatch for end-of-life servers have debuted in the face of the critical vulnerability. [...]

A Chrome 85 update released by Google this week patches several high-severity vulnerabilities, including ones that can be exploited to hack users by convincing them to install malicious extensions. read more [...]

Apple on Thursday informed customers that it patched a total of four vulnerabilities across macOS Catalina, High Sierra and Mojave. read more [...]

Someone has leaked what appear to be source code files for the Windows XP and Windows Server 2003 operating systems read more [...]

Washington state is among those being targeted by a “large-scale, highly sophisticated” nationwide phishing campaign, the office of Gov. Jay Inslee said Thursday. read more [...]

A Maryland man was sentenced to 12 months and one day in prison for hacking into and damaging the computers of his former employer. From January 5, 2004, through August 6, 2015, the man, Shannon Stafford, 50, of Crofton, Maryland, was employed at an unnamed international company with thousands of offices worldwide, in the IT department. read more [...]

A threat actor was able to compromise the network of a federal agency and create a reverse proxy and install malware, the Cybersecurity and Infrastructure Security Agency (CISA) reported on Thursday. read more [...]

Tyler Technologies, a major provider of software and services for state and local governments in the United States, has confirmed that the recently disclosed cybersecurity incident involved ransomware. read more [...]

A Russian citizen accused of offering a Tesla employee $1 million to enable a ransomware attack at the electric car company’s plant in Nevada denied wrongdoing Thursday before a federal magistrate judge. read more [...]

Cisco on Thursday informed customers that it has patched 34 high-severity vulnerabilities affecting its IOS and IOS XE software, including many that can be exploited remotely without authentication. read more [...]

A vulnerability in Instagram allowed an attacker to take over an Instagram account and turn the victim's phone into a spying tool by simply sending a malicious image by any media exchange platform. read more [...]

A Nigerian hacker was sentenced to 36 months in prison in the United States for participating in a scheme that targeted government employees. The man, Olumide Ogunremi, also known as “Tony Williams,” 43, has admitted in federal court to participating in the computer hacking and identity theft scheme. read more [...]

The COVID-19 pandemic has apparently resulted in industrial systems being increasingly targeted by malicious actors through brute-force attacks on the Remote Desktop Protocol (RDP), Kaspersky reported on Thursday. read more [...]

A hacking group whose members are Russian speakers is targeting organizations in Russia and post-Soviet countries with ransomware, Group-IB’s security researchers have discovered. read more [...]

Microsoft says it has observed threat actors actively targeting the Zerologon vulnerability affecting Windows Server. read more [...]

TikTok is urging a federal court to block US President Donald Trump from banning the video app, arguing the move is motivated by election politics rather than legitimate national security concerns. read more [...]

Google this week announced the availability of Chronicle Detect, a threat detection solution for enterprises from Google Cloud. This is the first threat detection product out of the Chronicle cybersecurity platform after Chronicle became part of Google in June last year. read more [...]

The Dark Web Boundaries Are Not Always Clear, and Many Sites Fall in a Gray Area read more [...]

Google recently patched a privilege escalation vulnerability in OS Config, a Google Cloud Platform service for Compute Engine that is designed for managing operating systems running on virtual machine instances. read more [...]

Hungarian financial institutions and telecommunications infrastructure were hit by a powerful DDoS attack originating from servers in Russia, China and Vietnam A powerful DDoS attack hit some Hungarian banking and telecommunication services that briefly disrupted them. According to telecoms firm Magyar Telekom, the attack took place on Thursday and was launched from servers in Russia, […] The post A powerful DDoS attack hit Hungarian banks and telecoms services appeared first on Security Affairs. [...]

Good news for the victims of the ThunderX ransomware, cybersecurity firm Tesorion has released a decryptor to recover their files for free. Cybersecurity firm Tesorion has released a free decryptor for the ThunderX ransomware that allows victims to recover their files. ThunderX is ransomware that appeared in the threat landscape recently, infections were discovered at the […] The post Victims of ThunderX ransomware can recover their files for free appeared first on Security Affairs. [...]

Singapore-based cryptocurrency exchange KuCoin disclosed a security breach, hackers stole $150 million from its hot wallets. Singapore-based cryptocurrency exchange KuCoin disclosed a major security incident, the hackers breached its hot wallets and stole all the funds, around $150 million. Deposits and withdrawals have been temporarily suspended while the company is investigating the security incident. “We […] The post Hackers stole more than $150 million from KuCoin cryptocurrency exchange appeared first on Security Affairs. [...]

The source code for Microsoft’s Windows XP and Windows Server 2003 operating systems was published as a torrent file on bulletin board website 4chan. The source code for Microsoft’s Windows XP and Windows Server 2003 operating systems was published as a torrent file on the bulletin board website 4chan. This is the first time that […] The post Source Code of Windows XP, Server 2003 leaked appeared first on Security Affairs. [...]

Twitter is warning developers that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache. Twitter is sending emails to developers to warn them that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache. According to the social media firm, […] The post Twitter warns developers of possible API keys leak appeared first on Security Affairs. [...]

Cisco patched 34 high-severity flaws affecting its IOS and IOS XE software, some of them can be exploited by a remote unauthenticated attacker. Cisco on Thursday released security patches for 34 high-severity vulnerabilities affecting its IOS and IOS XE software. The IT giant issued 25 advisories as part of the September 2020 semiannual IOS and IOS […] The post Cisco fixes 34 High-Severity flaws in IOS and IOS XE software appeared first on Security Affairs. [...]

According to SAM Seamless Network, over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes. The configuration of the VPN […] The post Fortinet VPN with default certificate exposes 200,000 businesses to hack appeared first on Security Affairs. [...]

Cybersecurity and Infrastructure Security Agency (CISA) revealed that a hacker breached a US federal agency and exfiltrated data. Cybersecurity and Infrastructure Security Agency (CISA) revealed that a hacker breached a US federal agency and threat actors exfiltrated data. CISA published a detailed incident report related to the incident but didn’t disclose the name of the […] The post CISA says federal agency compromised by malicious cyber actor appeared first on Security Affairs. [...]

Polish police dismantled a major group of hackers that was behind several criminal activities, including ransomware attacks, and banking fraud. Polish authorities have dismantled a major hacker group that was involved in multiple cybercrime activities, including ransomware attacks, malware distribution, SIM swapping, banking fraud, running rogue online stores, and even making bomb threats at the […] The post Polish police shut down major group of hackers in the country appeared first on Security Affairs. [...]

Security researchers spotted a new strain of Android malware, dubbed Alien, that implements multiple features allowing it to steal credentials from 226 apps. Researchers from ThreatFabric have discovered and analyzed a new strain of Android malware, tracked as Alien, that implements multiple features allowing it to steal credentials from 226 applications. Alien first appeared in […] The post Alien Android banking Trojan, the powerful successor of the Cerberus malware appeared first on Security Affairs. [...]

Business leaders are expected to make big decisions. This is especially true in uncertain times when many might lack the boldness to move forward. With COVID-19, timelines have been crushed as overnight a huge percentage of employees have been relocated to home offices. Suddenly, leaders find they no longer have weeks or months to make… The post Yesterday was a dress rehearsal - It’s time to confront real uncertainty first appeared on IT World Canada. [...]

Read about how Canada's Athabasca University (AU) in Alberta doubled down on virtual education from the perspective of the school's CIO Jennifer Schaeffer The post Migrating an entire university to the cloud, during a pandemic: lessons learned first appeared on IT World Canada. [...]

At Microsoft Ignite this week, the company announced that Microsoft Endpoint Manager, its unified management solution, is receiving a series of new features to expand its capabilities. Here are some highlights. The post Microsoft Endpoint Manager expanding to be single hub for management and endpoint security first appeared on IT World Canada. [...]

Microsoft will release a new perpetual Office license in 2021, you’ll soon be able to use Google Maps to keep tabs on COVID outbreaks in your area, and Shopify nabs two employees who stole customer data. The post Hashtag Trending - New Microsoft Office; Google Maps COVID overlay; Shopify employees steal data first appeared on IT World Canada. [...]

Today's podcast reports on a suspected ransomware attack on a US firm, another clumsy employee leaves a database open, social media  users being tricked and why online gamers are targeted by hackers The post Cyber Security Today - More ransomware, another clumsy employee, beware of these social media tricks, online gamers attacked and more first appeared on IT World Canada. [...]

Some CISOs just fell into the job. But a Forrester Research analyst says that is about to change. Read why The post Plan your career, analyst urges CISOs first appeared on IT World Canada. [...]

To keep up with the firehose of news, we’ve decided to deliver some extra news to you on the side every Monday and Thursday morning. Some of it is an extension of our own reporting that didn’t make its way into a story, while others might be content we’ve bookmarked for later reading and thought… The post ITWC Morning Briefing, September 24, 2020 - Microsoft Ignite recap, MaRS attacks Alberta (in a good way), plus more first appeared on IT World Canada. [...]

What new remote work wellbeing features are coming to Microsoft Teams. The post Microsoft Ignite 2020: Teams to get new well being features to reduce stress first appeared on IT World Canada. [...]

Prevention is far less taxing than recovering from a security attack. The post Ransomware threats are real. How are you reducing your risk? first appeared on IT World Canada. [...]

Tesla’s new battery goals, Toronto is a global powerhouse for startups, and new climate pledges for some of the world’s largest companies. The post Hashtag Trending - Tesla’s battery goals; Toronto the startup hub; Climate pledges from the corporate world first appeared on IT World Canada. [...]

With files from Catherine Morin Catherine Morin is the editor for Direction Informatique === At Microsoft Ignite, the tech giant unveiled a long-list of updates for Teams, including unique video meeting capabilities, calling updates, and admin controls, among others to make it easier for people and businesses to operate in the evolving work environment.  The company… The post Microsoft Teams updates delivers new modes, background options, new walkie-talkie features, and MUCH more first appeared on IT World Canada. [...]

According to the UN, the coronavirus pandemic has affected 1.6 billion students in 190+ countries around the world. It’s clear that Covid-19 has been a monumental disruption; what’s not so clear is what should be done to bring education back to some semblance of normalcy moving forward. The world was already facing a learning crisis… The post Building back better in education in the new normal first appeared on IT World Canada. [...]

If you want to fill entry level jobs stop asking for five years of experience, says Forrester Research. And try to broaden your team with more diversity The post Having trouble finding cybersecurity staff? Expand your search, experts say first appeared on IT World Canada. [...]

The pandemic has thrust accelerated digital transformation on organizations worldwide. In a world of new realities and expanding horizons, it is becoming abundantly clear to business leaders that, as important as customers and technology are, employees are an equally critical part of the success equation. The task now facing organizations is gigantic and complex: rebooting… The post Flexibility the key for rebooting the office in the new normal first appeared on IT World Canada. [...]

The new Galaxy S20 FE is the most affordable phone in the S20 series. The post Samsung Galaxy S20 FE lands with cheaper price and fresh colors first appeared on IT World Canada. [...]

Microsoft Canada recently announced the launch of its Canada Skills Program in 12 post-secondary institutions this fall in hopes of enhancing data and AI skills and employability for more than 4,500 Canadian students. The post Digital skills and responsible cloud spending part of Microsoft's Canada Skills Program curriculum first appeared on IT World Canada. [...]

Shopify says two members of the support team accessed data of just under 200 merchants The post Insiders access data of 200 Shopify merchants after two staff members go 'rogue' first appeared on IT World Canada. [...]

A privacy expert explains why she's going to break down global privacy legislation Oct. 7 during the inaugural MapleSEC event. The post Why 2020 has been the year of privacy engineering, and what it means for Canada first appeared on IT World Canada. [...]

Today's podcast reports on a Microsoft database left open on the Internet, home security advice from the NSA, bug bounty payouts by one platform and prison time for a hacker The post Cyber Security Today - Mistake at Microsoft, security advice from the NSA, the money in bug bounties and prison time for a hacker. first appeared on IT World Canada. [...]

We sum up the key announcement at Microsoft Ignite, YouTube moderator sues YouTube for mental health damages, and Toronto’s virtual classes started in chaos. The post Hashtag Trending - Hashtag Trending - Microsoft Ignite; YouTube mod sues; virtual classes fail first appeared on IT World Canada. [...]

Intel and AMD will be able to continue to sell their chips to Huawei. The post Intel granted license to sell to Huawei first appeared on IT World Canada. [...]

Nvidia wants to use Arm to attack the AI market, but what will happen to Arm partners? The post The Arm deal: How Nvidia will remain vendor-neutral and address its partners first appeared on IT World Canada. [...]

Emsisoft says governnents should ban ransomware payments. Experts we spoke to doubt it will be effective The post Forbid paying criminals to end ransomware, says cybersecurity vendor first appeared on IT World Canada. [...]

Trump says no to any Chinese ByteDance’s ownership of TikTok, Microsoft acquires ZeniMax Media, and hackers leak data on thousands of Belarusian police officers. The post Hashtag Trending - TikTok saga continues; Microsoft acquires ZeniMax Media; Hackers leak police data first appeared on IT World Canada. [...]

Canadian IT managers believe work-from-home (WFH) will stretch on into 2021 but worry about the potential cybersecurity risks it could pose as the pandemic wears on. According to a poll taken Thursday during a Canadian CIO virtual roundtable, nearly 80 per cent of IT executives expect their organizations to maintain or increase current levels of… The post Canadian IT leaders point to security as top remote work priority first appeared on IT World Canada. [...]

Image parsing and rendering are basic features of any modern operating system (OS). Image parsing is an easily accessible attack surface, and a vulnerability that may lead to remote code execution or information disclosure in such a feature is valuable to attackers. In this multi-part blog series, I am reviewing Windows OS’ built-in image parsers and related file formats: specifically looking at creating a harness, hunting for corpus and fuzzing to find vulnerabilities. In part one of this series I am looking at color profiles—not an image format itself, but something which is regularly embedded within images.  What is an ICC Color Profile? Wikipedia provides a more-than-adequate… [...]

Today, FireEye Intelligence is releasing a comprehensive report detailing APT41, a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in parallel with financially motivated operations. APT41 is unique among tracked China-based actors in that it leverages non-public malware typically reserved for espionage campaigns in what appears to be activity for personal gain. Explicit financially-motivated targeting is unusual among Chinese state-sponsored threat groups, and evidence suggests APT41 has conducted simultaneous cyber crime and cyber espionage operations from 2014 onward. The full published report covers historical and ongoing activity attributed to APT41, the evolution of the group’s tactics, techniques, and procedures (TTPs),… [...]

Many organizations operating in e-commerce, hospitality, healthcare, managed services, and other service industries rely on web applications. And buried within the application logs may be the potential discovery of fraudulent use and/or compromise! But, let's face it, finding evil in application logs can be difficult and overwhelming for a few reasons, including: The wide variety of web applications with unique functionality The lack of a standard logging format Logging formats that were designed for troubleshooting application issues and not security investigations The need for a centralized log analysis solution or SIEM to process and investigate a large amount of application… [...]

In order to enable emulation of malware samples at scale, we have developed the Speakeasy emulation framework. Speakeasy aims to make it as easy as possible for users who are not malware analysts to acquire triage reports in an automated way, as well as enabling reverse engineers to write custom plugins to triage difficult malware families. Originally created to emulate Windows kernel mode malware, Speakeasy now also supports user mode samples. The project’s main goal is high resolution emulation of the Windows operating system for dynamic malware analysis for the x86 and amd64 platforms. Similar emulation frameworks exist to emulate… [...]

Operational technology (OT) asset owners have historically considered red teaming of OT and industrial control system (ICS) networks to be too risky due to the potential for disruptions or adverse impact to production systems. While this mindset has remained largely unchanged for years, Mandiant's experience in the field suggests that these perspectives are changing; we are increasingly delivering value to customers by safely red teaming their OT production networks. This increasing willingness to red team OT is likely driven by a couple of factors, including the growing number and visibility of threats to OT systems, the increasing adoption of IT… [...]

The FireEye Front Line Applied Research & Expertise (FLARE) Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the lack of novel functionalities and features, this sample employs a sophisticated technique that replaces the Microsoft Intermediate Language (MSIL) at run time to hinder static analysis. At the time of this writing, there is only one publication discussing the MassLogger obfuscation technique in some detail. Therefore, I decided to share my… [...]

The FireEye Mandiant Threat Intelligence Team helps protect our customers by tracking cyber attackers and the malware they use. The FLARE Team helps augment our threat intelligence by reverse engineering malware samples. Recently, FLARE worked on a new C# variant of Dark Crystal RAT (DCRat) that the threat intel team passed to us. We reviewed open source intelligence and prior work, performed sandbox testing, and reverse engineered the Dark Crystal RAT to review its capabilities and communication protocol. Through publishing this blog post we aim to help defenders look for indicators of compromise and other telltale signs of Dark Crystal… [...]

During a recent investigation at a telecommunications company led by Mandiant Managed Defense, our team was tasked with rapidly identifying systems that had been accessed by a threat actor using legitimate, but compromised domain credentials. This sometimes-challenging task was made simple because the customer had enabled the Logon Tracker module within their FireEye Endpoint Security product. Logon Tracker is an Endpoint Security Innovation Architecture module designed to simplify the investigation of lateral movement within Windows enterprise environments. Logon Tracker improves the efficiency of investigating lateral movement by aggregating historical logon activity and provides a mechanism to monitor for new activity.… [...]

FireEye’s Data Science and Information Operations Analysis teams released this blog post to coincide with our Black Hat USA 2020 Briefing, which details how open source, pre-trained neural networks can be leveraged to generate synthetic media for malicious purposes. To summarize our presentation, we first demonstrate three successive proof of concepts for how machine learning models can be fine-tuned in order to generate customizable synthetic media in the text, image, and audio domains. Next, we illustrate examples in which synthetically generated media have been weaponized for information operations (IO), as detected on the front lines by Mandiant Threat Intelligence. Finally,… [...]

The Front Line Applied Research & Expertise (FLARE) team is honored to announce that the popular Flare-On challenge will return for a triumphant seventh year. Ongoing global events proved no match against our passion for creating challenging and fun puzzles to test and hone the skills of aspiring and experienced reverse engineers. The contest will begin at 8:00 p.m. ET on Sept. 11, 2020. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts and security professionals. The contest runs for six full weeks and ends at 8:00 p.m. ET on Oct. 23, 2020. This year’s contest features… [...]

With Business Email Compromises (BECs) showing no signs of slowing down, it is becoming increasingly important for security analysts to understand Office 365 (O365) breaches and how to properly investigate them. This blog post is for those who have yet to dip their toes into the waters of an O365 BEC, providing a crash course on Microsoft’s cloud productivity suite and its assortment of logs and data sources useful to investigators. We’ll also go over common attacker tactics we’ve observed while responding to BECs and provide insight into how Mandiant Managed Defense analysts approach these investigations at our customers using… [...]

Mandiant Threat Intelligence has tied together several information operations that we assess with moderate confidence comprise part of a broader influence campaign—ongoing since at least March 2017—aligned with Russian security interests. The operations have primarily targeted audiences in Lithuania, Latvia, and Poland with narratives critical of the North Atlantic Treaty Organization’s (NATO) presence in Eastern Europe, occasionally leveraging other themes such as anti-U.S. and COVID-19-related narratives as part of this broader anti-NATO agenda. We have dubbed this campaign “Ghostwriter.” Many, though not all of the incidents we suspect to be part of the Ghostwriter campaign, appear to have leveraged website… [...]

Real Quick In case you’re thrown by that fantastic title, our lawyers made us change the name of this project so we wouldn’t get sued. SCANdalous—a.k.a. Scannah Montana a.k.a. Scanny McScanface a.k.a. “Scan I Kick It? (Yes You Scan)”—had another name before today that, for legal reasons, we’re keeping to ourselves. A special thanks to our legal team who is always looking out for us, this blog post would be a lot less fun without them. Strap in folks. Introduction Advanced Practices is known for using primary source data obtained through Mandiant Incident Response, Managed Defense, and product telemetry across… [...]

When we discover new intrusions, we ask ourselves questions that will help us understand the totality of the activity set. How common is this activity? Is there anything unique or special about this malware or campaign? What is new and what is old in terms of TTPs or infrastructure? Is this being seen anywhere else? What information do I have that substantiates the nature of this threat actor? To track a fast-moving adversary over time, we exploit organic intrusion data, pivot to other data sets, and make that knowledge actionable for analysts and incident responders, enabling new discoveries and assessments… [...]

Beginning this year, FireEye observed Chinese actor APT41 carry out one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years. Between January 20 and March 11, FireEye observed APT41 attempt to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central at over 75 FireEye customers. Countries we’ve seen targeted include Australia, Canada, Denmark, Finland, France, India, Italy, Japan, Malaysia, Mexico, Philippines, Poland, Qatar, Saudi Arabia, Singapore, Sweden, Switzerland, UAE, UK and USA. The following industries were targeted: Banking/Finance, Construction, Defense Industrial Base, Government, Healthcare, High Technology, Higher Education, Legal, Manufacturing, Media,… [...]

Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and now SNAKEHOSE (a.k.a. Snake / Ekans), have cost victims across a variety of industry verticals many millions of dollars in ransom and collateral costs. These incidents have also resulted in significant disruptions and delays to the physical processes that enable organizations to produce and deliver goods and services. While lots of information has been shared about the victims and immediate impacts of industrial sector ransomware distribution operations,… [...]

Targeted ransomware incidents have brought a threat of disruptive and destructive attacks to organizations across industries and geographies. FireEye Mandiant Threat Intelligence has previously documented this threat in our investigations of trends across ransomware incidents, FIN6 activity, implications for OT networks, and other aspects of post-compromise ransomware deployment. Since November 2019, we’ve seen the MAZE ransomware being used in attacks that combine targeted ransomware use, public exposure of victim data, and an affiliate model. Malicious actors have been actively deploying MAZE ransomware since at least May 2019. The ransomware was initially distributed via spam emails and exploit kits before later… [...]

One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the value of CTI in enabling vulnerability management, and unveils new research into the latest threats, trends and recommendations. FireEye Mandiant Threat Intelligence documented more zero-days exploited in 2019 than any of the previous three years. While not every instance of zero-day exploitation can be attributed to a tracked group, we noted that a… [...]

One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the value of CTI in enabling vulnerability management, and unveils new research into the latest threats, trends and recommendations. Check out our first post on zero-day vulnerabilities. Attackers are in a constant race to exploit newly discovered vulnerabilities before defenders have a chance to respond. FireEye Mandiant Threat Intelligence research into vulnerabilities exploited in… [...]

In December 2019, we published a blog post on augmenting analysis using Microsoft Excel for various data sets for incident response investigations. As we described, investigations often include custom or proprietary log formats and miscellaneous, non-traditional forensic artifacts. There are, of course, a variety of ways to tackle this task, but Excel stands out as a reliable way to analyze and transform a majority of data sets we encounter. In our first post, we discussed summarizing verbose artifacts using the CONCAT function, converting timestamps using the TIME function, and using the COUNTIF function for log baselining. In this post, we… [...]

There has only been a small number of broadly documented cyber attacks targeting operational technologies (OT) / industrial control systems (ICS) over the last decade. While fewer attacks is clearly a good thing, the lack of an adequate sample size to determine risk thresholds can make it difficult for defenders to understand the threat environment, prioritize security efforts, and justify resource allocation. To address this problem, FireEye Mandiant Threat Intelligence produces a range of reports for subscription customers that focus on different indicators to predict future threats. Insights from activity on dark web forums, anecdotes from the field, ICS vulnerability… [...]

When discussing suspected Middle Eastern hacker groups with destructive capabilities, many automatically think of the suspected Iranian group that previously used SHAMOON – aka Disttrack – to target organizations in the Persian Gulf. However, over the past few years, we have been tracking a separate, less widely known suspected Iranian group with potential destructive capabilities, whom we call APT33. Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government. Recent investigations by FireEye’s Mandiant incident response consultants combined with… [...]

FireEye Labs recently detected a limited APT campaign exploiting zero-day vulnerabilities in Adobe Flash and a brand-new one in Microsoft Windows. Using the Dynamic Threat Intelligence Cloud (DTI), FireEye researchers detected a pattern of attacks beginning on April 13th, 2015. Adobe independently patched the vulnerability (CVE-2015-3043) in APSB15-06. Through correlation of technical indicators and command and control infrastructure, FireEye assess that APT28 is probably responsible for this activity. Microsoft is aware of the outstanding local privilege escalation vulnerability in Windows (CVE-2015-1701). While there is not yet a patch available for the Windows vulnerability, updating Adobe Flash to the latest version… [...]

Executive Summary FireEye Labs has been tracking a recent spike in malicious email detections that we attribute to a campaign that began in 2013. While malicious email campaigns are nothing new, this one is significant in that we are observing mass-targeting attackers adopting the malware evasion methods pioneered by the stealthier APT attackers. And this is certainly a high-volume business, with anywhere from a few hundred to ten thousand malicious emails sent daily – usually distributing between 50 and 500,000 emails per outbreak. Through the FireEye Dynamic Threat Intelligence (DTI) cloud, FireEye Labs discovered that each and every major spike… [...]

FireEye has just released its 2013 Advanced Threat Report (ATR), which provides a high-level overview of the computer network attacks that FireEye discovered last year. In this ATR, we focused almost exclusively on a small, but very important subset of our overall data analysis – the advanced persistent threat (APT). APTs, due to their organizational structure, mission focus, and likely some level of nation-state support, often pose a more serious danger to enterprises than a lone hacker or hacker group ever could. Over the long term, APTs are capable of cyber attacks that can rise to a strategic level, including… [...]

5/31/18 Androids with Pre-installed Malware & The Markley Quiz [...]

5/31/18 New Speculative Execution Vulnerability [...]

5/24/18 Satori scanning for Etherium mining rigs [...]

5/17/18 GandCrab Hides on Legitimate Websites [...]

4/26/18 Book Review: The Car Hacker’s Handbook by Craig Smith [...]