The FireEye Approach to Operational Technology Security
Today FireEye launches the Cyber Physical Threat Intelligence
subscription, which provides cyber security professionals with
unmatched context, data and actionable analysis on threats and risk to
cyber physical systems. In light of this release, we thought...
Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)
Attackers have a dirty little secret that is being used to conduct
big intrusions. We’ll explain how they're "unpatching" an
exploit and then provide new Outlook hardening guidance that is not
available elsewhere. Specifically, this blog...
Excelerating Analysis – Tips and Tricks to Analyze Data with Microsoft Excel
Incident response investigations don’t always involve standard
host-based artifacts with fully developed parsing and analysis tools.
At FireEye Mandiant, we frequently encounter incidents that involve a
number of systems and solutions that utilize custom logging or
...
FIDL: FLARE’s IDA Decompiler Library
IDA Pro and the Hex Rays decompiler are a core part of any toolkit
for reverse engineering and vulnerability research. In a previous blog
post we discussed how the Hex-Rays
API can be used to solve...
Attention is All They Need: Combatting Social Media Information Operations With Neural Language Models
Information operations have flourished on social media in part
because they can be conducted cheaply, are relatively low risk, have
immediate global reach, and can exploit the type of viral
amplification incentivized by platforms. Using networks...
MESSAGETAP: Who’s Reading Your Text Messages?
FireEye Mandiant recently discovered a new malware family used by
APT41 (a Chinese APT group) that is designed to monitor and save SMS
traffic from specific phone numbers, IMSI numbers and keywords for
subsequent theft. Named...
CertUtil Qualms: They Came to Drop FOMBs
This blog post covers an interesting intrusion attempt that FireEye
Managed Defense thwarted involving the rapid weaponization of a
recently disclosed vulnerability combined with the creative use of WMI
compiled “.bmf” files and CertUtil for
obfuscated execution.
This...
Shikata Ga Nai Encoder Still Going Strong
One of the most popular exploit frameworks in the world is
Metasploit. Its vast library of pocket exploits, pluggable payload
environment, and simplicity of execution makes it the de facto base
platform. Metasploit is used by...
Definitive Dossier of Devilish Debug Details – Part Deux: A Didactic Deep Dive into Data Driven Deductions
In Part
One of this blog series, Steve Miller outlined what PDB paths
are, how they appear in malware, how we use them to detect malicious
files, and how we sometimes use them to...
LOWKEY: Hunting for the Missing Volume Serial ID
In August 2019, FireEye released the “Double
Dragon” report on our newest graduated threat group: APT41. A
China-nexus dual espionage and financially-focused group, APT41
targets industries such as gaming, healthcare, high-tech, higher
education, telecommunications, and...
Staying Hidden on the Endpoint: Evading Detection with Shellcode
True red team assessments require a secondary objective of avoid
detection. Part of the glory of a successful red team assessment is
not getting detected by anything or anyone on the system. As modern
Endpoint Detection...
Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques
During several recent incident response engagements, FireEye Mandiant
investigators uncovered new tools in FIN7’s malware arsenal and kept
pace as the
global criminal operators attempted new evasion techniques. In
this blog, we reveal...
Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil
Attackers often make their lives easier by relying on pre-existing
operating system and third party applications in an enterprise
environment. Leveraging these applications assists them with blending
in with normal network activity and removes the need...
IDA, I Think It’s Time You And I Had a Talk: Controlling IDA Pro With Voice Control Software
Introduction
This blog post is the next episode in the FireEye Labs Advanced
Reverse Engineering (FLARE) team Script Series. Today, we are sharing
something quite unusual. It is not a tool or a virtual machine
distribution,...
Head Fake: Tackling Disruptive Ransomware Attacks
Within the past several months, FireEye has observed
financially-motivated threat actors employ tactics that focus on
disrupting business processes by deploying ransomware in mass
throughout a victim’s environment. Understanding that normal business
processes are critical...
Pensacola confirms ransomware attack
Pensacola
officials confirmed that an ongoing
cyberattack that began early Saturday morning is a ransomware attack.
While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...
Trickbot Operators Now Selling Attack Tools to APT Actors
North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
The Great $50M African IP Address Heist
A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...
Intel Issues Fix for ‘Plundervolt’ SGX Flaw
Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
How to stop spam calls right now
Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.
