FireEye – Page 17 – WindowsTechs.com

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections

Posted on July 19, 2019 by Tara Seals

The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal. Continue reading Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections→

FireEye launches two new service delivery options for managed detection and response

Posted on July 17, 2019 by Industry News

FireEye, the intelligence-led security company, announced the availability of two new managed detection and response (MDR) service offerings – FireEye Managed Defense Nights and Weekends and FireEye Managed Defense for Endpoint Security. “Managed Defen… Continue reading FireEye launches two new service delivery options for managed detection and response→

Threat actors are doing their homework, researchers identify new impersonation techniques

Posted on June 27, 2019 by Help Net Security

There is an increase in three main areas: spoofed phishing attempts, HTTPS encryption in URL-based attacks, and cloud-based attacks focused on publicly hosted, trusted file-sharing services, FireEye found, after analyzing a sample set of 1.3 billion em… Continue reading Threat actors are doing their homework, researchers identify new impersonation techniques→

Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says

Posted on June 26, 2019 by Jeff Stone

A cyber-espionage group widely believed to be carrying out attacks on behalf of the Iranian government resorted to new hacking tools after its malicious activity was unveiled earlier this year, according to research scheduled to be published Wednesday. The threat intelligence company Recorded Future determined the hacking group APT33 or “a closely aligned threat actor” has used more than 1,200 web domains to conduct cyberattacks since March 28. That’s the date researchers from Symantec released findings exposing an APT33 operation that targeted 50 organizations in Saudi Arabia and the United States. But Recorded Future also found that in the months since, APT33 apparently has resorted to new remote access trojans, which is yet another indication that suspected Iranian hackers are ramping up their activity amid ongoing international tension. “Our research found that APT33 or a closely aligned threat actor continues to conduct and prepare for widespread cyber-espionage activity … with a […]

The post Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says appeared first on CyberScoop.

Continue reading Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says→

NSA technical director: Iran-linked operations are about espionage, not destruction

Posted on June 22, 2019 by Shannon Vavra

Even as geopolitical tensions spike between Iran and the U.S. following an Iranian takedown of a U.S. drone, Iran-linked cyber-operations continue to focus on espionage and not necessarily destructive activities, a senior U.S. intelligence official says. David Hogue, the technical director for the National Security Agency’s Threat Operations Center, tells CyberScoop Iranian-linked hacking groups are focused on traditional intelligence gathering. “I think they’re trying to get more insights onto what U.S. policymakers are either knowledgeable of or think of them,” Hogue said in an interview with CyberScoop on Friday. The past year has enflamed geopolitical tensions between Iran and the U.S. following the Trump administration’s withdrawal from the Iran nuclear deal. In April, the Trump administration took the unprecedented step of declaring a branch of Iran’s military to be a terrorist organization. Just last week, the administration blamed Tehran for attacks on two oil tankers in the Gulf of Oman. The Pentagon subsequently announced increased […]

The post NSA technical director: Iran-linked operations are about espionage, not destruction appeared first on CyberScoop.

Continue reading NSA technical director: Iran-linked operations are about espionage, not destruction→

FIN8 tries to breach U.S. hotel with new malware variant, researchers say

Posted on June 11, 2019 by Sean Lyngaas

A well-known criminal hacking group tried to breach the computer network of a U.S. hotel using a variant of malware the group had last deployed in 2017, according to research from endpoint security firm Morphisec. FIN8, as the financially-driven group is known, made several upgrades to its ShellTea malware, aiming it at the network of the hotel between March and May, according to Morphisec. Researchers believe it was an attempted attack on a point-of-sale POS) system, or one that processes payment card data. The intrustion attempt was blocked. In a blog post published Monday, Morphisec warned of the vulnerability of POS networks to groups like FIN8. “Many POS networks are running on the POS version of Window 7, making them more susceptible to vulnerabilities,” wrote Morphisec CTO Michael Gorelik. “The techniques implemented can easily evade standard POS defenses.” The research did not identify the hotel by name or specificy its location, […]

The post FIN8 tries to breach U.S. hotel with new malware variant, researchers say appeared first on CyberScoop.

Continue reading FIN8 tries to breach U.S. hotel with new malware variant, researchers say→

Malware peddlers hit Office users with old but reliable exploit

Posted on June 10, 2019 by Zeljka Zorz

Emails delivering RTF files equipped with an exploit that requires no user interaction (except for opening the booby-trapped file) are hitting European users’ inboxes, Microsoft researchers have warned. Exploit delivers backdoor The exploit takes… Continue reading Malware peddlers hit Office users with old but reliable exploit→

Researchers uncover new MuddyWater targeting of government, telecommunications entities

Posted on June 6, 2019 by Sean Lyngaas

Undeterred by the reported dumping of its data online, an Iran-linked hacking group has been using malicious documents and files to target telecommunications organizations and impersonate government entities in Iraq, Pakistan, and Tajikistan, researchers said Thursday. The so-called MuddyWater group has been carrying out attacks in two stages against the targets, according to research published by Israeli company ClearSky Cyber Security. The first stage uses lure documents to exploit a known vulnerability in Microsoft Office that allows for remote code execution. The second stage lets the attackers communicate with hacked servers to download an infected file. “This is the first time MuddyWater has used these two vectors in conjunction,” ClearSky said in its research, which warned that just three antivirus engines were detecting the malicious documents analyzed. In one example, a document disguised as a United Nations development plan for Tajikistan was actually packed with malware. The malware was uploaded to VirusTotal, the […]

The post Researchers uncover new MuddyWater targeting of government, telecommunications entities appeared first on CyberScoop.

Continue reading Researchers uncover new MuddyWater targeting of government, telecommunications entities→

Verodin, Palo Alto, & Okta – Enterprise Security Weekly #139

Posted on May 29, 2019 by Security Weekly Productions

John Strand and Paul Asadoorian discuss how Okta joins forces with Secret Double Octopus, Tenable unveils new innovations for Cyber Exposure analytics, Barracuda launches bot protection feature for firewall offerings, and some acquisition and fundi… Continue reading Verodin, Palo Alto, & Okta – Enterprise Security Weekly #139→

FireEye acquires Verodin for $250 million

Posted on May 29, 2019 by Industry News

FireEye announced the acquisition of Verodin, the leader in validating the effectiveness of cyber security controls. The transaction closed today and is valued at approximately $250 million in cash and stock, net of acquired net cash and excluding assu… Continue reading FireEye acquires Verodin for $250 million→