May 12, 2017 | AlienVault Labs

Ongoing WannaCry Ransomware Spreading Through SMB Vulnerability

As of early this morning (May 12th, 2017), the AlienVault Labs team is seeing reports of a wave of infections using a ransomware variant called “WannaCry” that is being spread by a worm component that leverages a Windows-based vulnerability.There have been reports of large telecommunication companies, banks and hospitals being affected. Tens of thousands of networks worldwide have…

May 6, 2017 | Chris Doman

MacronLeaks – A Timeline of Events

It's been a very familiar feeling reading about the documents leaked to impact the elections in France tomorrow.Often the best defence is to have a proper understanding of what has happened. A quick draft timeline of events from an analysis of document meta-data and forum posts is below.Attacks in March and AprilA number of domains, identified…

Get the latest security news in your inbox.

Subscribe via Email

May 4, 2017 | Jaime Blasco

OAuth Worm Targeting Google Users - You Need to Watch Cloud Services

Yesterday, many people received an e-mail from someone they knew and trusted asking them to open a "Google Doc.” The email looked, felt, and smelled like the real thing—an email that Google normally sends whenever a share request is made. However, the email contained a button that mimicked a link to open a document in Google Docs.…

March 31, 2017 | Chris Doman

New Features in Open Threat Exchange (OTX)

Its been a busy couple of months for the OTX team, making lots of improvements to make OTX more useful for security researchers and InfoSec professionals. Thought it was time to give you and update. Here's what's new in OTX:Easier Way to Create PulsesWe've rebuilt the way you create pulses from scratch. So you can…

March 14, 2017 | Jaime Blasco

Apache Struts Vulnerability Being Exploited by Attackers

Last week a new vulnerability affecting Apache Struts was reported (CVE-2017-5638) that affects the Apache Struts Jakarta Multipart parser. The vulnerability allows an unauthenticated attacker to execute code in the affected system by creating a specially crafted Content-Type HTTP header.Starting last Thursday (March 9, 2017), we have seen a high number of attackers trying to exploit this vulnerability. Different payloads…

October 3, 2016 | Kate Brew

Malware Hiding Techniques to Watch for: AlienVault Labs

I saw a webcast done by Peter Ewane and Javvad Malik recently. The summary of what Peter had to say and Q&A follows; you can also view the recorded webcast.What is Malware?Malware can be a lot of things. It can be a virus, a worm, spyware, a Trojan horse, or ransomware. It’s basically any…

June 27, 2016 | Kate Brew

Reverse Engineering Malware

The AlienVault Labs team does a lot of malware analysis as a part of their security research. I interviewed a couple members of our Labs team, including Patrick Snyder, Eddie Lee, Peter Ewane and Krishna Kona, to learn more about how they do it.Here are some of the approaches and tools and techniques they use for reverse engineering malware,…

April 4, 2016 | Peter Ewane

PowerWare or PoshCoder? Comparison and Decryption

PowerWare was brought to my attention by Carbon Black via their blog post. PowerWare is downloaded by a malicious macro-enabled Microsoft Word document that is distributed via a phishing email campaign. The malicious document in question attempts to convince the user to enable macros by informing them that the file is protected by Microsoft Office. This, of course, is a…

March 21, 2016 | AlienVault Labs

OS X Malware Samples Analyzed

By Eddie Lee and Krishna KonaA couple of months ago, as we rang in 2016, we thought it would be interesting to take a quick look back at some OSX malware from 2015 and 2014. As reported by the team at Bit9+Carbon Black [1], 2015 marked “the most prolific year in history for OS X malware”. We collected a few samples…

February 24, 2016 | Jaime Blasco

Operation BlockBuster unveils the actors behind the Sony attacks

Today, a coordinated coalition involving AlienVault and several other security companies led by Novetta is announcing Operation BlockBuster. This industry initiative was created to share information and potentially disrupt the infrastructure and tools from an actor named the Lazarus Group. The Lazarus Group has been responsible for several operations since at least 2009, including the attack that affected Sony Pictures Entertainment…

February 17, 2016 | Eddie Lee

OceanLotus for OS X – an Application Bundle Pretending to be an Adobe Flash Update

In May 2015, researchers at Qihoo 360 published a report on OceanLotus that included details about malware targeting Chinese infrastructure. In that report, there is a description about a piece of malware that targets OS X systems. A sample of that malware was uploaded to VirusTotal a few months ago. Curiously, as of February 8th, 2016, none of the 55 anti-virus solutions used by…

December 17, 2015 | AlienVault Labs

POS Malware Families: An insight into the Behavior of POS Malware

In a previous blog, we discussed why Point of Sale (POS) devices remain such an attractive target and described some different attack methods. As you can see from the infographic below, retail and POS have been (pardon the pun) “Targets” on an ongoing basis for the past few years, and the trend doesn’t appear to be…

Watch a Demo ›