Jaime Blasco | AlienVault Blogs

OAuth Worm Targeting Google Users - You Need to Watch Cloud Services

May 4, 2017 | Jaime Blasco
Jaime Blasco

Jaime Blasco

Vice President and Chief Scientist

Jaime Blasco is a renowned Security Researcher with broad experience in network security, malware analysis and incident response. At AlienVault, Jaime leads the Lab Intelligence and Research team that leads the charge of researching and integrating threat intelligence into detection mechanisms. Prior to working at AlienVault he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. He is based in San Francisco. Jaime’s work in emerging threats and targeted attacks is frequently cited in international publications such as New York Times, BBC, Washington Post and Al Jazeera.

https://twitter.com/jaimeblascob

May 4, 2017 | Jaime Blasco

OAuth Worm Targeting Google Users - You Need to Watch Cloud Services

Yesterday, many people received an e-mail from someone they knew and trusted asking them to open a "Google Doc.” The email looked, felt, and smelled like the real thing—an email that Google normally sends whenever a share request is made. However, the email contained a button that mimicked a link to open a document in Google Docs.…

March 14, 2017 | Jaime Blasco

Apache Struts Vulnerability Being Exploited by Attackers

Last week a new vulnerability affecting Apache Struts was reported (CVE-2017-5638) that affects the Apache Struts Jakarta Multipart parser. The vulnerability allows an unauthenticated attacker to execute code in the affected system by creating a specially crafted Content-Type HTTP header.Starting last Thursday (March 9, 2017), we have seen a high number of attackers trying to exploit this vulnerability. Different payloads…

Get the latest security news in your inbox.

Subscribe via Email

March 9, 2017 | Jaime Blasco

11 Simple Yet Important Tips to Secure AWS

This is the first in a series of blogs dedicated to Amazon Web Services (AWS) security monitoring and best practices.AWS Security Best PracticesAs more and more organizations of all sizes are moving applications and workloads to the public cloud, it is critical to understand the security challenges of the cloud in general, and AWS in particular. IT environments…

February 24, 2016 | Jaime Blasco

Operation BlockBuster unveils the actors behind the Sony attacks

Today, a coordinated coalition involving AlienVault and several other security companies led by Novetta is announcing Operation BlockBuster. This industry initiative was created to share information and potentially disrupt the infrastructure and tools from an actor named the Lazarus Group. The Lazarus Group has been responsible for several operations since at least 2009, including the attack that affected Sony Pictures Entertainment…

July 28, 2015 | Jaime Blasco

Open Threat Exchange (OTX) - Now Including Social Sharing of Threat Data

The threat landscape is constantly evolving and it is even more of a challenge for organizations, especially those in the mid-market, to detect where the true threats lie without tapping into a broader and often already stretched IT Budget. To help solve this problem, AlienVault developed a free platform called Open Threat Exchange (OTX) to help organizations gain greater visibility…

June 11, 2015 | Jaime Blasco

Watering holes exploiting JSONP hijacking to track users in China

By: Eddie Lee and Jaime Blasco Imagine if an authoritarian state had a tool to get private information about users visiting certain websites, including real names, mail addresses, sex, birthdays, phone numbers, etc. Imagine that even users that run TOR or VPN connections to bypass the tools that the authoritarian government uses to block and monitor these websites were…

October 28, 2014 | Jaime Blasco

From Russia with love: Sofacy/Sednit/APT28 is in town

Yesterday, another cyber espionage group with Russian roots made it to the New York Times headlines again courtesy of FireEye and a new report they published.FireEye did a pretty good job on attribution and giving some technical indicators; however, they neglected to reference previous work on this threat actor from companies like PWC, TrendMicro, ESET and others.We have…

September 25, 2014 | Jaime Blasco

Attackers exploiting Shellshock (CVE-2014-6271) in the wild

Yesterday, a new vulnerability affecting Bash (CVE-2014-6271) was published. The new vulnerability allows attackers to execute arbitrary commands formatting an environmental variable using a specific format. It affects Bash (the Bourne Again SHell), the default command shell for Linux and other UNIX flavors inlcuding Mac OS X. The vulnerability is critical since it can be exposed on web servers…

September 15, 2014 | Jaime Blasco

Archie: Just another Exploit kit

We have previously described how Exploit Kits are some of the favorite techniques used by cybercriminals to install malicious software on victims' systems.The number of Exploit Kits available has experienced exponential growth in the last few years. Since Blackhole’s author was arrested in 2013, the number of Exploit Kits has increased - including Neutrino, Magnitude, Nuclear, Rig and…

August 28, 2014 | Jaime Blasco

Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks

A few days ago we detected a watering hole campaign in a website owned by one big industrial company.The website is related to software used for simulation and system engineering in a wide range of industries, including automotive, aerospace, and manufacturing.The attackers were able to compromise the website and include code that loaded a…

July 25, 2014 | Jaime Blasco

Attackers abusing Internet Explorer to enumerate software and detect security products

During the last few years we have seen an increase on the number of malicious actors using tricks and browser vulnerabilities to enumerate the software that is running on the victim’s system using Internet Explorer.In this blog post we will describe some of the techniques that attackers are using to perform reconnaisance that gives them information for…

April 10, 2014 | Jaime Blasco

What should I do about Heartbleed?

Heartbleed is not an exploit you want to ignore as an IT professional. It exposes passwords and cryptographic keys, and requires not only that you patch OpenSSL for each of the services using the OpenSSL library, but also that you replace the private keys and certificates so that attackers won’t be able to use any of the data…

Watch a Demo ›
GET PRICE FREE TRIAL