The AlienVault Blogs: Taking On Today’s Threats

The most recent posts from across the AlienVault blogs.

Subscribe: Via Email | RSS


Late-breaking discoveries and in-depth analysis.

Subscribe: Via Email | RSS


Practical, how-to advice, tips and guidance.

Subscribe: Via Email | RSS

Posted in Blog: Labs

Summary: This remote access trojan (RAT) has capabilities ranging from manipulating the registry to opening a reverse shell. From stealing credentials stored in browsers to accessing the victims webcam. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread utilizing physic devices, such as USB drives, but also to use… Read more

Tags: rat, kilerrat, njrat, remote access trojan

Posted in Blog: Labs

By: Eddie Lee and Jaime Blasco   Imagine if an authoritarian state had a tool to get private information about users visiting certain websites, including real names, mail addresses, sex, birthdays, phone numbers, etc. Imagine that even users that run TOR or VPN connections to bypass the tools that the authoritarian government uses to block and monitor these websites were… Read more

Tags: china, tor, watering holes, watering hole attacks, malicious javascript, privacy, censorship

Posted in Blog: Labs

Yesterday, another cyber espionage group with Russian roots made it to the New York Times headlines again courtesy of FireEye and a new report they published. FireEye did a pretty good job on attribution and giving some technical indicators; however, they neglected to reference previous work on this threat actor from companies like PWC, TrendMicro, ESET and others. We have… Read more

Tags: malware, apt, cve-2012-0158, internet explorer, exploit, cve-2013-1347, spearphishing, phishing, web compromises, apt28, sofacy, cve-2010-3333, cve-2014-1776, cve-2014-1761, cve-2013-3897, sednit

Posted in Blog: Labs

Yesterday, a new vulnerability affecting Bash (CVE-2014-6271) was published. The new vulnerability allows attackers to execute arbitrary commands formatting an environmental variable using a specific format. It affects Bash (the Bourne Again SHell), the default command shell for Linux and other UNIX flavors inlcuding Mac OS X. The vulnerability is critical since it can be exposed on web servers… Read more

Tags: botnet, exploit, irc, cve-2014-6721, bash

Posted in Blog: Labs

We have previously described how Exploit Kits are some of the favorite techniques used by cybercriminals to install malicious software on victims' systems. The number of Exploit Kits available has experienced exponential growth in the last few years. Since Blackhole’s author was arrested in 2013, the number of Exploit Kits has increased - including Neutrino, Magnitude, Nuclear, Rig and… Read more

Tags: malware, internet explorer, exploit, exploit kit

Get Email Updates

Labs Research
Security Essentials
All Blogs

Gartner MQ

Featured Content

Our Authors:

AlienVault Labs