Clik here to view.
Angler Exploit Kit Evading EMET
We recently encountered some exploits from Angler Exploit Kit (EK) that are completely evading Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). This is something we are seeing for the first...
View ArticleClik here to view.
Rotten Apples: Apple-like Malicious Phishing Domains
At FireEye Labs we have an automated system designed to proactively detect newly registered malicious domains. This system observed some phishing domains registered in the first quarter of 2016 that...
View ArticleClik here to view.
Connected Cars: The Open Road for Hackers
As vehicles become both increasingly complex and better connected to the Internet, their newfound versatility may be manipulated for malicious purposes. Three of the most concerning potential threats...
View ArticleClik here to view.
Pwned by Vpon
Vpon is one of many mobile ad SDKs marketed towards mainland Chinese and Taiwanese developers and app users. Recently, FireEye mobile security researchers identified a branch of Vpon ad SDK on iOS...
View ArticleEMEA Organizations Must Rise to the Challenge of Stopping Advanced Threats
Since 2010, Mandiant, a FireEye company, has presented trends, statistics and case studies of cyber attacks involving advanced threat actors. As part of its many global investigations in 2015, Mandiant...
View ArticleClik here to view.
Resurrection of the Evil Miner
At FireEye Labs, we recently detected the resurgence of a coin mining campaign with a novel and unconventional infection vector in the form of an iFRAME (inline frame) – an HTML document embedded...
View ArticleClik here to view.
Red Line Drawn: China Recalculates Its Use of Cyber Espionage
On Sept. 25, 2015, President Barack Obama and Chinese President Xi Jinping agreed that neither government would “conduct or knowingly support cyber-enabled theft of intellectual property” for an...
View ArticleClik here to view.
Locky is Back Asking for Unpaid Debts
On June 21, 2016, FireEye’s Dynamic Threat Intelligence (DTI) identified an increase in JavaScript contained within spam emails. FireEye analysts determined the increase was the result of a new Locky...
View ArticleClik here to view.
The Latest Android Overlay Malware Spreading via SMS Phishing in Europe
Introduction In April 2016, while investigating a Smishing campaign dubbed RuMMS that involved the targeting of Android users in Russia, we also noticed three similar Smishing campaigns reportedly...
View ArticleClik here to view.
Exploit Kits Quickly Adopt Exploit Thanks to Open Source Release
A security researcher recently published source code for a working exploit for CVE-2016-0189 and the Neutrino Exploit Kit (EK) quickly adopted it. CVE-2016-0189 was originally exploited as a zero-day...
View ArticleClik here to view.
Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection
Ransomware is a common method of cyber extortion for financial gain that typically involves users being unable to interact with their files, applications or systems until a ransom is paid....
View ArticleClik here to view.
Amazon Same Day Credential Shipping
FireEye has identified a campaign involving phishing websites that appear as legitimate Amazon sites. Amazon is the largest online retailer and threat actors frequently target its customers. In this...
View ArticleClik here to view.
Red Team Tool Roundup
In many cases Red Team tools are not written because someone feels like writing a tool, or wakes up one morning thinking, “I want to write a tool today”. Red Teamers generally identify tedious tasks in...
View ArticleClik here to view.
FakeNet-NG: Next Generation Dynamic Network Analysis Tool
As a reverse engineer on the FLARE (FireEye Labs Advanced Reverse Engineering) team, I regularly perform basic dynamic analysis of malware samples. The goal is to quickly observe runtime...
View ArticleClik here to view.
Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
In the past several years, a flood of vulnerabilities has hit industrial control systems (ICS) – the technological backbone of electric grids, water supplies, and production lines. These...
View ArticleClik here to view.
Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns
Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware. The campaigns have affected various industries, with the healthcare industry being hit the...
View ArticleClik here to view.
WMI vs. WMI: Monitoring for Malicious Activity
Hello my name is: WMI WMI has been a core component of Windows since Windows 98, but it is not exactly old wine in a new bottle. WMI more closely resembles that bottle of ‘61 Bordeaux wine that...
View ArticleClik here to view.
Embedded Hardware Hacking 101 – The Belkin WeMo Link
Why Embedded Hacking? Devices that are connected to the Internet or run a full operating system are becoming more and more prevalent in today’s society. From devices for locomotives to wireless light...
View ArticleUnsealing the Deal: Cyber Threats to Mergers and Acquisitions Persist in a...
Risks Posed by Sensitive Corporate Communications, Broadened Attack Surface In 2015, a record $5 trillion dollars was tied up in mergers and acquisitions (M&A) deals, according to JP Morgan. So...
View ArticleClik here to view.
Announcing the Third Annual Flare-On Challenge
Let fall be the season for reverse engineering! On Sept. 23, 2016, the FireEye Labs Advanced Reverse Engineering (FLARE) team will be hosting its third annual Flare-On reverse engineering contest with...
View Article