Rooting a Logitech Harmony Hub: Improving Security in Today’s IoT World

Introduction
FireEye’s Mandiant Red Team recently discovered vulnerabilities
present on the Logitech Harmony Hub Internet of Things (IoT) device
that could potentially be exploited, resulting in root access to the
device via SSH. The Harmon… Continue reading Rooting a Logitech Harmony Hub: Improving Security in Today’s IoT World

Establishing a Baseline for Remote Desktop Protocol

For IT staff and Windows power users, Microsoft Terminal Services
Remote Desktop Protocol (RDP) is a beneficial tool that allows for the
interactive use or administration of a remote Windows system.
However, Mandiant consultants have also observe… Continue reading Establishing a Baseline for Remote Desktop Protocol

Metamorfo Campaigns Targeting Brazilian Users

FireEye Labs recently identified several widespread malspam (malware
spam) campaigns targeting Brazilian companies with the goal of
delivering variants of a banking Trojan that we identify as Metamorfo.
Across the stages of these campai… Continue reading Metamorfo Campaigns Targeting Brazilian Users

How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: Blockchain Infrastructure Use

Introduction
Cyber criminals have always been attracted to cryptocurrencies
because it provides a certain level of anonymity and can be easily
monetized. This interest has increased in recent years, stemming far
beyond the desire to simply use cr… Continue reading How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape:
Blockchain Infrastructure Use

Solving Ad-hoc Problems with Hex-Rays API

Introduction

IDA Pro is the de
facto standard when it comes to binary reverse engineering. Besides
being a great disassembler and debugger, it is possible to extend it
and include a powerful decompiler by purchasing an additional license
fro… Continue reading Solving Ad-hoc Problems with Hex-Rays API

Fake Software Update Abuses NetSupport Remote Access Tool

Over the last few months, FireEye has tracked an in-the-wild campaign
that leverages compromised sites to spread fake updates. In some
cases, the payload was the NetSupport Manager remote access tool
(RAT). NetSupport Manager is a commercially av… Continue reading Fake Software Update Abuses NetSupport Remote Access Tool

SANNY Malware Delivery Method Updated in Recently Observed Attacks

Introduction
In the third week of March 2018, through FireEye’s Dynamic Threat
Intelligence, FireEye discovered malicious macro-based Microsoft Word
documents distributing SANNY malware to multiple governments
worldwide. Each malicious docu… Continue reading SANNY Malware Delivery Method Updated in Recently Observed Attacks

DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques

Skilled attackers continually seek out new attack vectors, while
employing evasion techniques to maintain the effectiveness of old
vectors, in an ever-changing defensive landscape. Many of these threat
actors employ obfuscation frameworks for com… Continue reading DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques

Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries

Intrusions Focus on the Engineering and Maritime Sector
Since early 2018, FireEye (including our FireEye as a Service
(FaaS), Mandiant Consulting, and iSIGHT Intelligence teams) has been
tracking an ongoing wave of intrusions targeting engineering … Continue reading Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S.
Engineering and Maritime Industries