APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…Upgrading from API v2 to v3: What You Need to Know
The VirusTotal API is a versatile and powerful tool that can be utilized in so many ways. Although it is commonly used for threat intelligence enrichment and threat analysis, the potential uses are virtually limitless. The latest version, VirusTotal API v3, is continuously updated with new features to enhance its capabilities with every new release. […] more…Pipelining VT Intelligence searches and sandbox report lookups via APIv3 to automatically generate indicators of compromise
TL;DR: VirusTotal APIv3 includes an endpoint to retrieve all the dynamic analysis reports for a given file. This article showcases programmatic retrieval of sandbox behaviour reports in order to produce indicators of compromise that you can use to power-up your network perimeter/endpoint defenses. We are also releasing a set of python scripts alongside this blog […] more…The XcodeGhost Plague – How Did It Happen?
The iOS app store has traditionally been viewed as a safe source of apps, thanks to Apple’s policing of its walled garden. However, that is no longer completely the case, thanks to the discovery of multiple legitimate apps in the iOS app store that contained malicious code, which was dubbed XcodeGhost. So, how did XcodeGhost […] more…Smart Meter Attack Scenarios
In our previous post, we looked at how smart meters were being introduced across multiple countries and regions, and why these devices pose security risks to their users. At their heart, a smart meter is simply… a computer. Let’s look at our existing computers – whether they are PCs, smartphones, tablets, or embedded devices. Similarly, these […] more…Talking insider threats at the CSO40 Security Confab and Awards
These days, the threat landscape for most companies is massive. But while there is a litany of outside threats that their security teams need to worry about, there is often an even greater danger much closer to home. Insider threats are an issue that no company is safe from, with breaches not just occurring at […] more…More information
- Citrix Patches DoS Vulnerabilities in Hypervisor
- Security Experts Describe AI Technologies They Want to See
- Industrial Cybersecurity Firm Dragos Raises $110 Million
- ‘Sowbug’ Hackers Hit Diplomatic Targets Since 2015
- Insecure Android apps put connected cars at risk
- Resolved: Known Error impacting Digital Identity Management Console (DIMC)
- Securing Big Data and Hadoop
- Travel database exposed PII on US government employees
- Best Practices for Securing your Mobile Device
- Evasi0n iOS 6 Jailbreak Team ‘Evad3rs’ To Speak at HITB Amsterdam