Hunting for Linux library injection with Osquery

June 20, 2019 | Jaime Blasco
Jaime Blasco

Jaime Blasco

Vice President and Chief Scientist

Jaime Blasco is a renowned Security Researcher with broad experience in network security, malware analysis and incident response. At AT&T Cybersecurity, Jaime leads the Alien Labs Intelligence and Research team that leads the charge of researching and integrating threat intelligence into detection mechanisms. Prior to working at AT&T, Jaime was Chief Scientest at AlienVault. Prior to that, he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. He is based in San Francisco. Jaime's work in emerging threats and targeted attacks is frequently cited in international publications such as New York Times, BBC, Washington Post and Al Jazeera.

April 11, 2014 | Jaime Blasco

What should I do about Heartbleed?

Heartbleed is not an exploit you want to ignore as an IT professional. It exposes passwords and cryptographic keys, and requires not only that you patch OpenSSL for each of the services using the OpenSSL library, but also that you replace the private keys and certificates so that attackers won’t be able to use any of the data…

March 11, 2014 | Jaime Blasco

Botnet bruteforcing Point Of Sale terminals via Remote Desktop

Every single day our automated systems analyze hundreds of thousands of malicious samples. Yesterday one of the samples caught my attention because the malware started performing bruteforce attacks against Remote Desktop using certain username and passwords. MD5: c1fab4a0b7f4404baf8eab4d58b1f821 Other similar samples: c0c1f1a69a1b59c6f2dab1813…

Get the latest security news in your inbox.

Subscribe via Email

February 21, 2014 | Jaime Blasco

Analysis of an attack exploiting the Adobe Zero-day - CVE-2014-0502

Yesterday FireEye reported about a new Zero-Day affecting Adobe Flash that is being exploited in the wild and Adobe issued a security update regarding the vulnerability. Several websistes were redirecting visitors to a malicious server containing the exploit including: Peterson Institute for International Economics American Research Center in Egypt Smith Richardson Foundation as reported by FireEye. The malicious Flash…

February 11, 2014 | Jaime Blasco

Building an Effective Incident Response Framework Infographic

Organizations are bombarded with potential threats every day. Most of these are small and irritating, not truly critical—but among those needles are little threads of larger actions at work. An incident response program enables you to pull out the needles that make up the haystack of the big picture. The ultimate goal of an incident response program is…

November 14, 2013 | Jaime Blasco

OTX Snapshot and top Threat Intelligence headlines from the last month

It's that time again: time to wrap up some of the top research findings and headlines about Internet security threats that intrigued the AlienVault Labs team in October. October was as busy a month for security news as ever; it even went mainstream in national press with Adobe having at least 38 million accounts being breached. Having been immersed in…

November 6, 2013 | Jaime Blasco

Microsoft Office Zeroday used to attack Pakistani targets

Earlier today Microsoft released a security advisory alerting about a new Microsoft Office vulnerability being exploited in the wild. The vulnerability affects Office 2003/2007 and Office 2010 only running on Windows XP/2003. The vulnerability is related to the parsing of TIFF images and Microsoft released a FixIt that basically block the rendering of TIFF images on the system. The exploit we…

October 24, 2013 | Jaime Blasco

PHP.net potentially compromised and redirecting to an exploit kit

This morning we woke up with news indicating that Google was flagging the php.net website as potentialy harmful.    You can read more information on: - http://news.netcraft.com/archives/2013/10/24/php-net-blocked-by-google-false-positive-or-not.html - http://barracudalabs.com/2013/10/php-net-compromise/ We couldn't replicate the behavior as it seem the webmaster modified the files that were producing the…

October 16, 2013 | Jaime Blasco

OTX Snapshot: Top Malware Detected

This month, AlienVault launched a new Threat Update Newsletter with the goal of sharing recent threat data from our Open Threat Exchange™ (OTX), as well as recaps of some of the most interesting (or troubling) research and industry news. You can subscribe via e-mail to the Threat Update Newsletter, or subscribe to this blog to get additional information and…

October 2, 2013 | Jaime Blasco

Identifying suspicious domains using DNS records

Very often when cybercriminals are migrating to new infrastructure or when the previous has been taken down, they point their domain names (sleep) to temporary specific adresses including but not limited to: 127.0.0.1 127.0.0.2 255.255.255.254 255.255.255.255 0.0.0.0 1.1.1.1 Besides these, other common addresses where they point their domains are DNS servers and other infrastructure of big internet companies such as Google. We are going to describe…

September 26, 2013 | Jaime Blasco

Latest Internet Explorer 0day used against Taiwan targets

Last week, Microsoft published some details regarding a new zero-day vulnerability affecting Internet Explorer that was being used in targeted attacks against Japanese targets as Fireeye published last week. We have identified a version of the exploit hosted on a subdomain of Taiwan's Government e-Procurement System. When users visit the main webpage a Javascript code will redirect them to the…

September 17, 2013 | Jaime Blasco

Announcing a new free service: Reputation Monitor Alert

A few weeks ago we launched a new free service called Reputation Monitor Alert. The service aims to alert companies about potential compromised systems and other security problems in their infrastructure. To do this we use all the threat intelligence we gather using our IP reputation database among other external reputation sources. Once you login you just have to enter…

August 27, 2013 | Jaime Blasco

Several domains including New York Times and Twitter ones attacked by Syrian Electronic Army

During the last few hours several domains including the one from The New York Times have been redirected to a Syrian Electronic Army server. Here is the list of domains pointing to that server: Returned 39 RRs in 1.50 seconds. sokiland.fr.nf. A 141.105.64.37 sea.sy. A 141.105.64.37 m.sea.sy. A 141.105.64.37 mob.sea.sy. A 141.105.64.37 www.mob.sea.sy. A 141.105.64.37 leaks.sea…

Watch a Demo ›
Get Price Free Trial