February 20, 2014 | Bill Smartt

Securing Mac OS X with USM and MIDAS

Protecting Mac OS X systems is a hot topic these days. Their prevalence in enterprise environments has been on the rise over the past decade, and the question of how to secure them remains a mystery to many.  This post will discuss new methods for securing Mac OS X.The internal security teams at Etsy, Facebook and GitHub recently…

February 19, 2014 | Alberto Ortega

Yara signatures for “Careto” - The Masked APT

Last week, Kaspersky Lab released their research (Unveiling "Careto" - The Masked APT) on a fresh APT campaign, which is supposed to had been running for several years. The campaign has different pieces of malware designed for Windows and OSX systems, and also clues of components for Android and iOS devices.The main targets of…

Get the latest security news in your inbox.

Subscribe via Email

November 14, 2013 | Jaime Blasco

OTX Snapshot and top Threat Intelligence headlines from the last month

It's that time again: time to wrap up some of the top research findings and headlines about Internet security threats that intrigued the AlienVault Labs team in October.October was as busy a month for security news as ever; it even went mainstream in national press with Adobe having at least 38 million accounts being breached. Having been immersed in…

November 5, 2013 | Jaime Blasco

Microsoft Office Zeroday used to attack Pakistani targets

Earlier today Microsoft released a security advisory alerting about a new Microsoft Office vulnerability being exploited in the wild. The vulnerability affects Office 2003/2007 and Office 2010 only running on Windows XP/2003.The vulnerability is related to the parsing of TIFF images and Microsoft released a FixIt that basically block the rendering of TIFF images on the system.The exploit we…

October 24, 2013 | Jaime Blasco

PHP.net potentially compromised and redirecting to an exploit kit

This morning we woke up with news indicating that Google was flagging the php.net website as potentialy harmful.  You can read more information on:- http://news.netcraft.com/archives/2013/10/24/php-net-blocked-by-google-false-positive-or-not.html- http://barracudalabs.com/2013/10/php-net-compromise/We couldn't replicate the behavior as it seem the webmaster modified the files that were producing the…

October 17, 2013 | Alberto Ortega

Ransomware now accepts bitcoin as a payment method

Looking at the evolution of ransomware, accepting bitcoin as a payment method is probably taking too long for most common ransomware families.Not long ago, we have seen a ransomware family that accepts MoneyPak, Ukash, cashU and Bitcoin as payment methods. Its name is CryptoLocker and is detected by Microsoft as Crilock.A.Just one month after Microsoft released the…

October 16, 2013 | Jaime Blasco

OTX Snapshot: Top Malware Detected

This month, AlienVault launched a new Threat Update Newsletter with the goal of sharing recent threat data from our Open Threat Exchange™ (OTX), as well as recaps of some of the most interesting (or troubling) research and industry news. You can subscribe via e-mail to the Threat Update Newsletter, or subscribe to this blog to get additional information and…

October 10, 2013 | Alberto Ortega

Yara rules for leaked KINS toolkit

Just a few days ago, the source code of the famous KINS banking trojan was leaked.KINS is a professional-grade banking trojan, destinated to infect as much computers as possible in order to steal credit cards, bank account credentials and related information from victims. Seen as a replacement to Citadel, it was identified in the wild not long ago. Now,…

October 4, 2013 | Alberto Ortega

How public tools are used by malware developers, the antivm tale

Malware authors are aware of new technologies and research made by the security community. This is palpable when they implement new vulnerability exploitation on their tools or even reuse source code that belongs to public projects.We have discussed antivm and antisandbox analysis tricks seen in malware samples several times.Not long ago we came across a malware sample that…

October 2, 2013 | Jaime Blasco

Identifying suspicious domains using DNS records

Very often when cybercriminals are migrating to new infrastructure or when the previous has been taken down, they point their domain names (sleep) to temporary specific adresses including but not limited to:127.0.0.1 127.0.0.2 255.255.255.254 255.255.255.255 0.0.0.0 1.1.1.1Besides these, other common addresses where they point their domains are DNS servers and other infrastructure of big internet companies such as Google.We are going to describe…

September 26, 2013 | Jaime Blasco

Latest Internet Explorer 0day used against Taiwan targets

Last week, Microsoft published some details regarding a new zero-day vulnerability affecting Internet Explorer that was being used in targeted attacks against Japanese targets as Fireeye published last week.We have identified a version of the exploit hosted on a subdomain of Taiwan's Government e-Procurement System. When users visit the main webpage a Javascript code will redirect…

September 24, 2013 | Eduardo De la Arada

OSX/Leverage.a Analysis

A few days ago, a new OSX malware was detected in the wild. It looks like a picture and behaves like it when you click on it. Everything looks fine when the clicked picture is opened on the screen, but the malware also performs some other actions.After the first look, we saw that the malware copies itself to /Users…

Watch a Demo ›
GET PRICE FREE TRIAL