APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…Upgrading from API v2 to v3: What You Need to Know
The VirusTotal API is a versatile and powerful tool that can be utilized in so many ways. Although it is commonly used for threat intelligence enrichment and threat analysis, the potential uses are virtually limitless. The latest version, VirusTotal API v3, is continuously updated with new features to enhance its capabilities with every new release. […] more…Pipelining VT Intelligence searches and sandbox report lookups via APIv3 to automatically generate indicators of compromise
TL;DR: VirusTotal APIv3 includes an endpoint to retrieve all the dynamic analysis reports for a given file. This article showcases programmatic retrieval of sandbox behaviour reports in order to produce indicators of compromise that you can use to power-up your network perimeter/endpoint defenses. We are also releasing a set of python scripts alongside this blog […] more…The XcodeGhost Plague – How Did It Happen?
The iOS app store has traditionally been viewed as a safe source of apps, thanks to Apple’s policing of its walled garden. However, that is no longer completely the case, thanks to the discovery of multiple legitimate apps in the iOS app store that contained malicious code, which was dubbed XcodeGhost. So, how did XcodeGhost […] more…Smart Meter Attack Scenarios
In our previous post, we looked at how smart meters were being introduced across multiple countries and regions, and why these devices pose security risks to their users. At their heart, a smart meter is simply… a computer. Let’s look at our existing computers – whether they are PCs, smartphones, tablets, or embedded devices. Similarly, these […] more…Talking insider threats at the CSO40 Security Confab and Awards
These days, the threat landscape for most companies is massive. But while there is a litany of outside threats that their security teams need to worry about, there is often an even greater danger much closer to home. Insider threats are an issue that no company is safe from, with breaches not just occurring at […] more…More information
- Adylkuzz CoinMiner Spreading Like WannaCry
- Resolved: Known Error impacting MyPennState Admissions: Investigation Underway
- Security upgrades show Snowden won
- Cisco Patches Serious Vulnerabilities in Data Center Network Manager
- Microsoft Windows CVE-2016-0181 Security Bypass Vulnerability
- Microsoft Windows Graphics Component CVE-2017-8527 Remote Code Execution Vulnerability
- Blizzard Entertainment concludes its data breach investigation – fifteen months later!
- New PureLocker Ransomware Linked to MaaS Provider for Cobalt Gang, FIN6
- The New iMessage Is Great. But Why on Earth Isn’t It on Android?
- Regain your surfing privacy with Spotflux