The AlienVault Blogs: Taking On Today’s Threats

The most recent posts from across the AlienVault blogs.

Subscribe: Via Email | RSS


Late-breaking discoveries and in-depth analysis.

Subscribe: Via Email | RSS


Practical, how-to advice, tips and guidance.

Subscribe: Via Email | RSS

Posted in Blog: Labs

Yesterday, another cyber espionage group with Russian roots made it to the New York Times headlines again courtesy of FireEye and a new report they published. FireEye did a pretty good job on attribution and giving some technical indicators; however, they neglected to reference previous work on this threat actor from companies like PWC, TrendMicro, ESET and others. We have… Read more

Tags: malware, apt, cve-2012-0158, internet explorer, exploit, cve-2013-1347, spearphishing, phishing, apt28, sofacy, web compromises, cve-2014-1776, cve-2010-3333, cve-2014-1761, cve-2013-3897, sednit

Posted in Blog: Labs

Yesterday, a new vulnerability affecting Bash (CVE-2014-6271) was published. The new vulnerability allows attackers to execute arbitrary commands formatting an environmental variable using a specific format. It affects Bash (the Bourne Again SHell), the default command shell for Linux and other UNIX flavors inlcuding Mac OS X. The vulnerability is critical since it can be exposed on web servers… Read more

Tags: botnet, exploit, irc, cve-2014-6721, bash

Posted in Blog: Labs

We have previously described how Exploit Kits are some of the favorite techniques used by cybercriminals to install malicious software on victims' systems. The number of Exploit Kits available has experienced exponential growth in the last few years. Since Blackhole’s author was arrested in 2013, the number of Exploit Kits has increased - including Neutrino, Magnitude, Nuclear, Rig and… Read more

Tags: malware, internet explorer, exploit, exploit kit

Posted in Blog: Labs

A few days ago we detected a watering hole campaign in a website owned by one big industrial company. The website is related to software used for simulation and system engineering in a wide range of industries, including automotive, aerospace, and manufacturing. The attackers were able to compromise the website and include code that loaded a… Read more

Tags: scanbox, watering hole

Posted in Blog: Labs

During the last few years we have seen an increase on the number of malicious actors using tricks and browser vulnerabilities to enumerate the software that is running on the victim’s system using Internet Explorer. In this blog post we will describe some of the techniques that attackers are using to perform reconnaisance that gives them information for… Read more

Tags: sykipot, internet explorer, waterhole, vulnerabilities, angler exploit kit, detecting endpoint software

Get Email Updates

Labs Research
Security Essentials
All Blogs

Gartner MQ

Featured Content

Our Authors:

AlienVault Labs
Interactive Demo