Entries filed under 'Vulnerabilities'
Threat Research Blog
FireEye posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. These blog posts cover everything from exploits and vulnerabilities, to advanced malware and targeted attacks.
April 4, 2016 8:30 AM By Jing Xie, Jimmy Su | Vulnerabilities
FireEye has seen the development of various third-party solutions that allow developers to remotely hot patch an iOS app on a non-jailbroken device without going through Apple’s review process, leading to security risks. This blog examines Rollout.io, a commercial solution that addresses the remote patching problem while remaining focused on security.Read more...
March 15, 2016 8:00 AM By Tony Lee, Charles Carmakal | Vulnerabilities
Our experience shows that attackers are increasingly using Citrix solutions to remotely access victim environments post-compromise, instead of using traditional backdoors, remote access tools, or other types of malware. Mandiant and Citrix teamed up to provide guidance on the most significant risks posed to Citrix XenApp and XenDesktop implementations.Read more...
February 11, 2016 7:53 AM By Matthew Dunwoody | Vulnerabilities
Mandiant is continuously investigating attacks that leverage Powershell throughout all phases of the attack. A common issue we experience is a lack of available logging that adequately shows what actions the attacker performed using PowerShell. In those investigations, Mandiant routinely offers guidance on increasing PowerShell logging to provide investigators a detection mechanism for malicious activity and a historical record of how PowerShell was used on systems. This blog post details various PowerShell logging options and how they can help you obtain the visibility needed to better respond, investigate, and remediate attacks involving PowerShell.Read more...
September 22, 2015 9:36 PM By Yulong Zhang, Zhaofeng Chen, Yong Kang | Vulnerabilities
A new malicious campaign lets attackers take total control over Android users' devices. The attackers appear to be based in China.