ICS Tactical Security Trends: Analysis of the Most Frequent Security Risks Observed in the Field
Introduction
FireEye iSIGHT Intelligence compiled extensive data from dozens of
ICS security health assessment engagements (ICS Healthcheck) performed
by Mandiant, FireEye's consulting team, to identify the most pervasive
and highest priority security risks in industrial facilities....
2018 Flare-On Challenge Solutions
We are pleased to announce the conclusion of the fifth annual
Flare-On Challenge. The numbers are in and we can safely say that this
was by far the most difficult challenge we’ve ever hosted. We plan to
...
FLARE Script Series: Reverse Engineering WebAssembly Modules Using the idawasm IDA Pro Plugin
Introduction
This post continues the FireEye Labs Advanced Reverse Engineering
(FLARE) script series. Here, we introduce idawasm, an IDA Pro plugin
that provides a loader and processor modules for WebAssembly modules.
idawasm works on all operating...
APT38: Details on New North Korean Regime-Backed Threat Group
Today, we are releasing details on the threat group that we believe
is responsible for conducting financial crime on behalf of the North
Korean regime, stealing millions of dollars from banks worldwide. The
group is particularly...
Increased Use of a Delphi Packer to Evade Malware Classification
Introduction
The concept of "packing" or "crypting" a
malicious program is widely popular among threat actors looking to
bypass or defeat analysis by static and dynamic analysis tools.
Evasion of classification and detection is an arms...
Click It Up: Targeting Local Government Payment Portals
FireEye has been tracking a campaign this year targeting web payment
portals that involves on-premise installations of Click2Gov. Click2Gov
is a web-based, interactive self-service bill-pay software solution
developed by Superion. It includes various modules that allow...
APT10 Targeting Japanese Corporations Using Updated TTPs
Introduction
In July 2018, FireEye devices detected and blocked what appears to
be APT10 (Menupass) activity targeting the Japanese media sector.
APT10 is a Chinese cyber espionage group that FireEye has tracked
since 2009, and they...
Fallout Exploit Kit Used in Malvertising Campaign to Deliver Gandcrab Ransomware
Towards the end of August 2018, FireEye identified a new exploit kit
(EK) that was being served up as part of a malvertising campaign
affecting users in Japan, Korea, the Middle East, Southern Europe, and
other...
Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East
FireEye has identified a suspected influence operation that appears
to originate from Iran aimed at audiences in the U.S., U.K., Latin
America, and the Middle East. This operation is leveraging a network
of inauthentic news sites...
Announcing the Fifth Annual Flare-On Challenge
The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual
reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24,
2018. This is a CTF-style challenge for all active and aspiring
reverse engineers, malware analysts,...
BIOS Boots What? Finding Evil in Boot Code at Scale!
The second issue is that reverse engineering all boot records is
impractical. Given the job of determining if a single system is
infected with a bootkit, a malware analyst could acquire a disk image
and then...
On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation
On Aug. 1, 2018, the United
States District Attorney’s Office for the Western District of
Washington unsealed indictments and announced the arrests of three
individuals within the leadership ranks of a criminal organization
...
Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign
Campaign Details
In September 2017, FireEye identified the FELIXROOT backdoor as a
payload in a campaign targeting Ukrainians and reported it to our
intelligence customers. The campaign involved malicious Ukrainian bank
documents, which contained a macro...
How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners
Introduction
Cyber criminals tend to favor cryptocurrencies because they provide
a certain level of anonymity and can be easily monetized. This interest
has increased in recent years, stemming far beyond the desire to
simply...
Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally
Introduction
FireEye has examined a range of TEMP.Periscope activity revealing
extensive interest in Cambodia's politics, with active compromises of
multiple Cambodian entities related to the country’s electoral system.
This includes compromises of Cambodian government entities charged
...
Japan Orders Facebook to Improve Data Protection
The Japanese government on Monday ordered Facebook to improve protection of users' personal information following data breaches affecting tens of millions of people worldwide.
read more
If Facebook buys a security company, how will it retain the staff who absolutely hate Facebook?
According to reports, Facebook is planning to acquire a cybersecurity firm. But what will the security boffins think of working for Mark Zuckerberg of all people?
jQuery? More like preyQuery: File upload tool can be exploited to hijack at-risk websites
Flaw present for the past eight years, easy to exploit, and there are thousands of forks A serious vulnerability in a widely used, and widely forked, jQuery file upload plugin may have been exploited for years by hackers to...
Watch how a Tesla Model S was stolen with just a tablet
Criminals were able to dupe the Tesla’s passive entry system into giving them access, and letting them drive away.
(But only after they struggled to unplug it.)
Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition
Goal appears both a bid to bolster its own security and its tattered reputation for privacy, according to reporting by The Information.
