New steganography attack targets Azerbaijan
A lure document targeting Azerbaijan uses steganography to conceal a remote administration Trojan.
This blog post was authored by Hossein Jazi
Threat actors often vary their techniques to thwart security...
Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory
Continuing our discussion of image parsing vulnerabilities in Windows, we take a look at a comparatively less popular vulnerability class: uninitialized memory. In this post, we will look at...
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452. In some, but not all, of the intrusions associated with this...
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two)
In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device (referred to throughout as X2e device). In Part One, we discussed the X2e at a...
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell...
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)
In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s...
Emulation of Kernel Mode Rootkits With Speakeasy
In August 2020, we released a blog post about how the Speakeasy emulation framework can be used to emulate user mode malware such as shellcode. If you haven’t had...
ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat
A review of what's changed in malware in 2022, and what hasn't, based on Adam Kujawa's talk at RSAC 2022.
Earlier this year Malwarebytes released its 2022 Threat Review,...
Credential-stealing malware disguises itself as Telegram, targets social media users
Spyware.FFDroider is an information stealer that exfiltrates browser data in an attempt to steal credentials and valid session cookies.
A credential-stealing Windows-based malware, Spyware.FFDroider, is after social media credentials...
Don’t let scammers ruin your Valentine’s Day
No matter the occasion, you can always count on scammers to show up.
Today is Valentine’s Day, so we thought we’d show you how cybercriminals use special times...
