VTPRACTITIONERS{ACRONIS}: Tracking FileFix, Shadow Vector, and SideWinder
Introduction We have recently started a new blog series called #VTPRACTITIONERS. This series aims to share with the community what other practitioners are able to research using VirusTotal from a technical point of view. Our first blog saw our colleagues at SEQRITE tracking UNG0002, Silent Lynx, and DragonClone. In this new post, Acronis Threat Research […] more…Microsoft to tap Anthropic for Office 365 as enterprises weigh risks of AI lock-in
Microsoft is reportedly preparing to integrate Anthropic’s AI models into Office 365, marking a shift from its longstanding reliance on OpenAI technology. The addition would bring Anthropic’s capabilities into productivity tools such as Word, Excel, Outlook, and PowerPoint, expanding the range of AI options available to customers, according to a report from The Information. The […] more…APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…Upgrading from API v2 to v3: What You Need to Know
The VirusTotal API is a versatile and powerful tool that can be utilized in so many ways. Although it is commonly used for threat intelligence enrichment and threat analysis, the potential uses are virtually limitless. The latest version, VirusTotal API v3, is continuously updated with new features to enhance its capabilities with every new release. […] more…Pipelining VT Intelligence searches and sandbox report lookups via APIv3 to automatically generate indicators of compromise
TL;DR: VirusTotal APIv3 includes an endpoint to retrieve all the dynamic analysis reports for a given file. This article showcases programmatic retrieval of sandbox behaviour reports in order to produce indicators of compromise that you can use to power-up your network perimeter/endpoint defenses. We are also releasing a set of python scripts alongside this blog […] more…The XcodeGhost Plague – How Did It Happen?
The iOS app store has traditionally been viewed as a safe source of apps, thanks to Apple’s policing of its walled garden. However, that is no longer completely the case, thanks to the discovery of multiple legitimate apps in the iOS app store that contained malicious code, which was dubbed XcodeGhost. So, how did XcodeGhost […] more…Smart Meter Attack Scenarios
In our previous post, we looked at how smart meters were being introduced across multiple countries and regions, and why these devices pose security risks to their users. At their heart, a smart meter is simply… a computer. Let’s look at our existing computers – whether they are PCs, smartphones, tablets, or embedded devices. Similarly, these […] more…Talking insider threats at the CSO40 Security Confab and Awards
These days, the threat landscape for most companies is massive. But while there is a litany of outside threats that their security teams need to worry about, there is often an even greater danger much closer to home. Insider threats are an issue that no company is safe from, with breaches not just occurring at […] more…More information
- Microchip Technology Confirms Personal Information Stolen in Ransomware Attack
- Facebook news feed changes – it’s a hoax!
- News in brief: Snowden supporters petition Obama; iOS Onion browser now free; bank bans WhatsApp
- Digital Assistants, Cryptocurrency, Mobile Malware: Trends from ‘McAfee Labs Threats Report’
- Only 7.5 percent of Android phones are running Marshmallow
- SecurityWeek Analysis: Over 210 Cybersecurity M&A Deals Announced in First Half of 2023
- How to stop insider threats
- Hacked Twitter account embarrasses UK Labour leader Jeremy Corbyn
- U.S. Cyber Command Shares Malware via VirusTotal
- Microsoft Windows Kernel CVE-2015-2529 Local Security Bypass Vulnerability