Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory

0
Continuing our discussion of image parsing vulnerabilities in Windows, we take a look at a comparatively less popular vulnerability class: uninitialized memory. In this post, we will look at...

So Unchill: Melting UNC2198 ICEDID to Ransomware Operations

0
Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye released a...

Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion

0
Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell...

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two)

0
In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device (referred to throughout as X2e device). In Part One, we discussed the X2e at a...

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

0
In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s...

Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication

0
FireEye Email Security recently encountered various phishing campaigns, mostly in the Americas and Europe, using source code obfuscation with compromised or bad domains. These domains were masquerading as authentic...

Training Transformers for Cyber Security Tasks: A Case Study on Malicious URL Prediction

0
Highlights        Perform a case study on using Transformer models to solve cyber security problems Train a Transformer model to detect malicious URLs under multiple training regimes Compare our model...

Emulation of Kernel Mode Rootkits With Speakeasy

0
In August 2020, we released a blog post about how the Speakeasy emulation framework can be used to emulate user mode malware such as shellcode. If you haven’t had...

Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452

0
In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452. In some, but not all, of the intrusions associated with this...

SUNBURST Additional Technical Details

0
FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers...