September 18, 2012 | Jaime Blasco

The connection between the Plugx Chinese gang and the latest Internet Explorer Zeroday

Some hours ago my friend PhysicalDrive0 pointed me to a new version of Moh2010.swf that was found in the wild as part of some content exploiting the last Internet Explorer Zeroday. The exploit code was being served on hosted on: The exploit scheme is the same one, the original vector is hosted under /Exploit.html.…

September 17, 2012 | Jaime Blasco

New Internet Explorer zero day being exploited in the wild

After the [no longer available] last zero day exploit on Java we reported some weeks ago it appears that a new 0day has been found in Internet Explorer by the same authors that created the Java one. Yesterday, Eric Romang reported the findings of a new exploit code on the…

Get the latest security news in your inbox.

Subscribe via Email

September 13, 2012 | Jaime Blasco

Tracking down the author of the PlugX RAT

Some days ago, TrendMicro published some information about a new version of a RAT called PlugX. From the last few months we have been tracking a group using the PlugX RAT that has been attacking different targets especially in Japan, Taiwan, Korea and against Tibetan organizations and individuals. In this post we will focus on the intelligence we have extracted…

August 28, 2012 | Barmak Meftah

AlienVault Named a World Economic Forum 2013 Technology Pioneer!

Today is an exciting, inspiring and humbling day for our team. The World Economic Forum just announced that AlienVault has been selected as one of the organization’s Technology Pioneers for 2013. A renowned international organization committed to “improving the state of the world” by bringing together leaders in business, politics, academia and other areas of society to…

August 27, 2012 | Jaime Blasco

New Java 0day exploited in the wild

A few hours ago, FireEye published some information related to a new Java 0day exploited in the wild. The malicious JAR file was served from / meeting / index.html The html loads the Java applet passing some parameters that are used later to build the URL to download the payload. The HTML is encrypted using “Dadong’s JSXX 0.44…

August 15, 2012 | Jaime Blasco

CVE-2012-1535: Adobe Flash being exploited in the wild

Yesterday Adobe issued a security update to address CVE-2012-1535 that was being exploited in the wild. The sample that we analyzed is a Microsoft Office Word document with an embedded malicious Flash file. The name of the malicious doc file is iPhone 5 Battery.doc, md5: 7e3770351aed43fd6c5cab8e06dc0300 The doc file contains…

August 6, 2012 | Jaime Blasco

Feeding Alienvault’s Open Threat Exchange (OTX) threat information to ArcSight

When we launched the Open Threat Exchange (OTX) project, one of our goals was creating an open and free threat database and exchange system. We want it to be used by as many users as possible using a wide range of technologies. That is why we are publishing some code to feed our Open Threat Exchange (OTX) data to an…

August 6, 2012 | Russ Spitler

Poisoning the Well, or Securing the Future

Here we go again. You know the expression, “No good deed goes unpunished”?  Well that idea has surfaced with regard to our OTX, or Open Threat Exchange.  Let me explain what I mean. First, some background.   We launched OTX back in February with a passionate belief in the power of transparency and open source models.   But we’re also as…

August 2, 2012 | Dominique Karg

The 2nd United Nations: The World Comes Together to Open-Source Cyber Security

2300 contributions from 77 countries since February of this year generates some interesting and unique threat data. From the top malicious IPs by country, to information on the top malicious content by activity, type, on web sites and more, AlienVault’s collaborative shared-intelligence platform, the Open Threat Exchange (OTX), is providing compelling and actionable IP reputation information. Download OSSIM and check…

August 2, 2012 | Dominique Karg

The Power of All

A little bit over five months ago, AlienVault released the first public version of its Open Threat eXchange, OTX. We’ve just created an info graphic – titled “The 2nd United Nations: The World Comes Together to Open-Source Cyber Security” – in order to share some interesting findings from the first five months of use. The goal…

July 18, 2012 | Jaime Blasco

New AlienVault OSSIM v4.0 is out: New correlation capabilities

Today we are launching the new AlienVault OSSIM v4.0. You can download it from here. Apart from tons of new features, we have improved the correlation engine capabilities, two of the most impressive features are: - Taxonomy correlation based on the Category and Subcategory of the events. - Correlation using the Open Threat Exchange (OTX) data. The correlation directives editor…

July 6, 2012 | Jaime Blasco

Nmap Script to detect Poison Ivy Clients

I want to share with you a Nmap script that will help you detecting Poison Ivy clients (due to the Poison Ivy nomenclature, the term client refers to the malicious server where the victims connect in order to receive commands). The Poison Ivy’s protocol uses a challenge-response handshake in order to perform the authentication. The server (victim)…

Watch a Demo ›
Get Price Free Trial