FireEye recently identified a malicious mobile application that installs a fake banking application capable of stealing user credentials. The top-level app acts as a bogus Google Play application, falsely assuring the user that it is benign. FireEye Mobile Threat Prevention platform detects this application as Android.KorBanker. This blog post details both the top-level installer as well as the fake banking application embedded inside the top-level app. The app targets the following banks, Read more...
Archive for 'November 2013'
Exploit Proliferation: Additional Threat Groups Acquire CVE-2013-3906
November 12, 2013 6:14 PM By Nart Villeneuve, Mike Scott
Last week, we blogged about a zero-day vulnerability (CVE-2013-3906) that was being used by at least two different threat groups. Although it was the same exploit, the two groups deployed it differently and dropped very different payloads. One group, known as Hangover, engages in targeted attacks, usually, against targets in Pakistan. The second group, known as Arx, used the exploit to spread the Citadel Trojan, and we have found that they are Read more...
Monitoring Vulnaggressive Apps on Google Play
November 17, 2013 10:45 AM By Yulong Zhang, Dawn Song, Hui Xue, Tao Wei
Vulnaggressive Characteristics in Mobile Apps and LibrariesFireEye mobile security researchers have discovered a rapidly-growing class of mobile threats represented by popular ad libraries affecting apps with billions of downloads. These ad libraries are aggressive at collecting sensitive data and able to perform dangerous operations such as downloading and running new code on demand. They are also plagued with various classes of vulnerabilities that enable attackers to turn their aggressive behaviors against users. Read more...
MS Windows Local Privilege Escalation Zero-Day in The Wild
November 27, 2013 3:39 PM By Xiaobo Chen, Dan Caselden
FireEye Labs has identified a new Windows local privilege escalation vulnerability in the wild. The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP. This local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability. The exploit targets Adobe Reader Read more...
Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method
November 10, 2013 3:59 PM By Ned Moran, Sai Omkar Vashisht, Mike Scott, Thoufique Haq
Recently, we discovered a new IE zero-day exploit in the wild, which has been used in a strategic Web compromise. Specifically, the attackers inserted this zero-day exploit into a strategically important website, known to draw visitors that are likely interested in national and international security policy. We have identified relationships between the infrastructure used in this attack and that used in Operation DeputyDog. Furthermore, the attackers loaded the payload used in this Read more...
Supply Chain Analysis: From Quartermaster to Sunshop
November 11, 2013 1:25 PM By Ned Moran, James T. Bennett
Today, we released a new report from FireEye Labs entitled Supply Chain Analysis: From Quartermaster to Sunshop. The report details how many seemingly unrelated cyber attacks may, in fact, be part of a broader offensive fueled by a shared development and logistics infrastructure — a finding that suggests some targets are facing a more organized menace than they realize. Our research points to centralized planning and development by one or more advanced Read more...
The Dual Use Exploit: CVE-2013-3906 Used in Both Targeted Attacks and Crimeware Campaigns
November 7, 2013 2:45 AM By Xiaobo Chen, Mike Scott, Dan Caselden
A zero-day vulnerability was recently discovered that exploits a Microsoft graphics component using malicious Word documents as the initial infection vector. Microsoft has confirmed that this exploit has been used in “attacks observed are very limited and carefully carried out against selected computers, largely in the Middle East and South Asia.” Our analysis has revealed a connection between these attacks and those previously documented in Operation Hangover, which adds India and Pakistan Read more...
Critical Infrastructure Beyond the Power Grid
November 19, 2013 4:26 PM By Intel TeamThe term "critical infrastructure" has earned its spot on the board of our ongoing game of cyber bingo--right next to "Digital Pearl Harbor," "Cyber 9/11," "SCADA" and "Stuxnet."
Read more...MIRcon 2013 – Day 2 Highlights
November 7, 2013 7:47 PM By Helena BritoThanks for another wonderful MIRcon®, everyone! It's been an honor to bring together so many leading minds in cybersecurity, and to foster conversations about what we can all do to safeguard the information and innovationson which so much of us rely on. The second and final day of MIRcon 2013 featured many great discussions, including these highlights:
Read more...MIRcon 2013 – Day 1 Highlights
November 6, 2013 8:54 PM By Helena BritoHappy Day 2 of MIRcon®! Yesterday, Mandiant's CEO Kevin Mandia kicked off MIRcon 2013 with a keynote on attacking the security gap, discussing the necessity of information-sharing and his experience witnessing the evolution of cybercrime. From there we moved on to thought-provoking discussions in both our management and technical tracks.
Read more...General Michael Hayden Talks about the Future of Cybersecurity at MIRcon 2013
November 13, 2013 6:15 PM By Helena BritoWhen you've got some of the cybersecurity industry's best and brightest practitioners in one room, just how do you top the conversations they're having across the breakfast table? By getting one of the foremost experts on cybersecurity to deliver a top notch speech on the future of the industry, threat actors, and strategies for businesses to survive and prosper in a hostile environment! This was the scene last week as General Michael Hayden, a thirty-nine year military veteran, former director of the National Security Administration (NSA) and CIA, and currently Principal at the Chertoff Group, addressed a packed house at MIRcon® 2013.
Read more...Are NIST’s Cybersecurity Standards Driving Digital Security Policy?
November 25, 2013 6:27 PM By Helena BritoIn late October, National Institute of Standards and Technology (NIST) released a cybersecurity framework in response to the Presidential Executive Order on cybersecurity. But what happens next? Policymakers, legislators, and pundits have taken an even greater interest in the safety of our systems and the targeted attackers who use and abuse them. So will Congress step in and develop
Read more...New IE Zero-Day Found in Watering Hole Attack
November 8, 2013 11:53 PM By Xiaobo Chen, Dan Caselden
FireEye Labs has identified a new IE zero-day exploit hosted on a breached website based in the U.S. It's a brand new IE zero-day that compromises anyone visiting a malicious website; classic drive-by download attack. The exploit leverages a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution.ExploitationThe information leak uses a very interesting vulnerability to retrieve the timestamp from the PE headers of msvcrt.dll. The timestamp Read more...
Sign up for email updates
Get information and insight on today's advanced threats from the leader in advanced threat prevention.
