Windows Management Instrumentation (WMI) Offense, Defense, and Forensics
Windows Management Instrumentation (WMI) is a remote management framework that enables the collection of host information, execution of code, and provides an eventing system that can respond to...
View ArticleCVE-2015-2419 – Internet Explorer Double-Free in Angler EK
The Angler Exploit Kit (EK) recently added support for an Internet Explorer (IE) vulnerability (CVE-2015-2419) that was patched in July 2015. Quickly exploiting recently patched vulnerabilities is...
View ArticleIns0mnia: Unlimited Background Time and Covert Execution on Non-Jailbroken...
Anatomy of the Attack To understand this vulnerability, you need to understand that one of the ways Apple protects its users is by controlling how third-party software interacts with iOS. An iOS...
View ArticleClik here to view.
2015 FLARE-ON Challenge Solutions
The first few challenges narrowed the playing field drastically, with most serious contestants holding firm through challenges 4-9. The last two increased the difficulty level and proved a difficult...
View ArticleFireEye: Best Practices in Supply Chain Management
As the leading security vendor addressing advanced cyber threats, FireEye is heavily invested in the growing topic of supply chain security, insuring our products are built and delivered with strict...
View ArticleClik here to view.
SYNful Knock – A Cisco router implant – Part II
In our previous blog, we detailed the inner workings of the SYNful Knock Cisco router implant. You may be asking yourself: "How do I detect and mitigate such a threat in my network?" The detection...
View ArticleClik here to view.
Pinpointing Targets: Exploiting Web Analytics to Ensnare Victims
Over the past year, FireEye Threat Intelligence has identified suspected nation-state sponsored cyber-actors engaged in a large-scale reconnaissance effort. This effort makes use of web analytics—the...
View ArticleClik here to view.
China-based Cyber Threat Group Uses Dropbox for Malware Communications and...
FireEye Threat Intelligence analysts identified a spear phishing campaign carried out in August 2015 targeting Hong Kong-based media organizations. A China-based cyber threat group, which FireEye...
View ArticleClik here to view.
Thriving Beyond The Operating System: Financial Threat Group Targets Volume...
In September, Mandiant Consulting identified a financially motivated threat group targeting payment card data using sophisticated malware that executes before the operating system boots. This rarely...
View ArticleClik here to view.
LATENTBOT: Trace Me If You Can
FireEye Labs recently uncovered LATENTBOT, a new, highly obfuscated BOT that has been in the wild since mid-2013. It has managed to leave hardly any traces on the Internet, is capable of watching its...
View ArticleClik here to view.
Uncovering Active PowerShell Data Stealing Campaigns
Loved by administrators, Windows PowerShell enables users to effectively perform automation and administrative tasks on local and remote systems. However, its power, ease of use, and widespread use has...
View ArticleClik here to view.
The EPS Awakens
On September 8, FireEye published details about an attack exploiting zero day vulnerabilities in Microsoft Office (CVE-2015-2545) and Windows (CVE-2015-2546). The attack was particularly notable...
View ArticleClik here to view.
SlemBunk: An Evolving Android Trojan Family Targeting Users of Worldwide...
FireEye mobile researchers recently identified a series of Android trojan apps that are designed to imitate the legitimate apps of 33 financial management institutions and service providers across the...
View ArticleClik here to view.
The EPS Awakens – Part 2
On Wednesday, Dec. 16,2015, FireEye published The EPS Awakens, detailing an exploit targeting a previously unknown Microsoft Encapsulated Postscript (EPS) dict copy use-after-free vulnerability that...
View Article