June 11, 2015 | Jaime Blasco

Watering holes exploiting JSONP hijacking to track users in China

By: Eddie Lee and Jaime Blasco Imagine if an authoritarian state had a tool to get private information about users visiting certain websites, including real names, mail addresses, sex, birthdays, phone numbers, etc. Imagine that even users that run TOR or VPN connections to bypass the tools that the authoritarian government uses to block and monitor these websites were…

October 28, 2014 | Jaime Blasco

From Russia with love: Sofacy/Sednit/APT28 is in town

Yesterday, another cyber espionage group with Russian roots made it to the New York Times headlines again courtesy of FireEye and a new report they published.FireEye did a pretty good job on attribution and giving some technical indicators; however, they neglected to reference previous work on this threat actor from companies like PWC, TrendMicro, ESET and others.We have…

Get the latest security news in your inbox.

Subscribe via Email

September 25, 2014 | Jaime Blasco

Attackers exploiting Shellshock (CVE-2014-6271) in the wild

Yesterday, a new vulnerability affecting Bash (CVE-2014-6271) was published. The new vulnerability allows attackers to execute arbitrary commands formatting an environmental variable using a specific format. It affects Bash (the Bourne Again SHell), the default command shell for Linux and other UNIX flavors inlcuding Mac OS X. The vulnerability is critical since it can be exposed on web servers…

September 15, 2014 | Jaime Blasco

Archie: Just another Exploit kit

We have previously described how Exploit Kits are some of the favorite techniques used by cybercriminals to install malicious software on victims' systems.The number of Exploit Kits available has experienced exponential growth in the last few years. Since Blackhole’s author was arrested in 2013, the number of Exploit Kits has increased - including Neutrino, Magnitude, Nuclear, Rig and…

August 28, 2014 | Jaime Blasco

Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks

A few days ago we detected a watering hole campaign in a website owned by one big industrial company.The website is related to software used for simulation and system engineering in a wide range of industries, including automotive, aerospace, and manufacturing.The attackers were able to compromise the website and include code that loaded a…

July 25, 2014 | Jaime Blasco

Attackers abusing Internet Explorer to enumerate software and detect security products

During the last few years we have seen an increase on the number of malicious actors using tricks and browser vulnerabilities to enumerate the software that is running on the victim’s system using Internet Explorer.In this blog post we will describe some of the techniques that attackers are using to perform reconnaisance that gives them information for…

March 11, 2014 | Jaime Blasco

Botnet bruteforcing Point Of Sale terminals via Remote Desktop

Every single day our automated systems analyze hundreds of thousands of malicious samples. Yesterday one of the samples caught my attention because the malware started performing bruteforce attacks against Remote Desktop using certain username and passwords.MD5: c1fab4a0b7f4404baf8eab4d58b1f821Other similar samples: c0c1f1a69a1b59c6f2dab1813…

February 25, 2014 | Bill Smartt

Detecting malware on Mac OS X with USM and MIDAS

Let’s briefly review what we accomplished in the first post:Understood the capabilities and design of MIDAS Deployed MIDAS on a Mac OS X endpoint installed the MIDAS plugin in AlienVault USM Verified the integration by running MIDAS and confirming the events in the SIEMHow does this make us safer? More generally, what does this mean?To…

February 21, 2014 | Jaime Blasco

Analysis of an attack exploiting the Adobe Zero-day - CVE-2014-0502

Yesterday FireEye reported about a new Zero-Day affecting Adobe Flash that is being exploited in the wild and Adobe issued a security update regarding the vulnerability.Several websistes were redirecting visitors to a malicious server containing the exploit including:Peterson Institute for International Economics American Research Center in Egypt Smith Richardson Foundationas reported by FireEye.The malicious Flash…

February 20, 2014 | Bill Smartt

Securing Mac OS X with USM and MIDAS

Protecting Mac OS X systems is a hot topic these days. Their prevalence in enterprise environments has been on the rise over the past decade, and the question of how to secure them remains a mystery to many.  This post will discuss new methods for securing Mac OS X.The internal security teams at Etsy, Facebook and GitHub recently…

February 19, 2014 | Alberto Ortega

Yara signatures for “Careto” - The Masked APT

Last week, Kaspersky Lab released their research (Unveiling "Careto" - The Masked APT) on a fresh APT campaign, which is supposed to had been running for several years. The campaign has different pieces of malware designed for Windows and OSX systems, and also clues of components for Android and iOS devices.The main targets of…

November 14, 2013 | Jaime Blasco

OTX Snapshot and top Threat Intelligence headlines from the last month

It's that time again: time to wrap up some of the top research findings and headlines about Internet security threats that intrigued the AlienVault Labs team in October.October was as busy a month for security news as ever; it even went mainstream in national press with Adobe having at least 38 million accounts being breached. Having been immersed in…

Watch a Demo ›