September’s 3x CON: Part 2
What, Where & When: The 0x07th edition of SEC-T, an annual Stockholm-based conference, was held on 18-19 September at the stunning Anrika Nalen venue, just a 15 minute walk from the famous Gamla Stan. The Schedule This conference features only one track of presentations, which – in my opinion – is quite a good thing, […] more…September’s 3x CON: Part 1
What, Where & When: the 4th edition of 44CON, an annual IT Security Conference organized by Sense/Net Ltd, took place on 10-12 September in London, at a venue near the Earl’s Court exhibition center. Geeks, who happened to enjoy somewhat spooky historical monuments, could take a five minute walk from the venue to visit an […] more…How AI is shaping malware analysis
We just released our “Empowering Defenders: How AI is shaping malware analysis” report, where we want to share VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, this time focusing on how AI complements traditional malware analysis tools by providing a new functionality, leading to very […] more…The definitive VirusTotal’s admin guide
Check out our Walkthrough guide for VirusTotal group administrators! VirusTotal administrators’ tasks are key for the good health of the groups they manage. Unfortunately it is not always clear the best way to do this or that task. But we heard our beloved community, and we created the definitive guide for everything a VirusTotal group […] more…The path from VT Intelligence queries to VT Livehunt rules: A CTI analyst approach
This post will explain the process you can follow to create a VT Livehunt rule from a VT Intelligence query. Something typical in threat hunting and threat intelligence operations. Let’s assume that, as a threat hunter, you created robust VT intelligence (VTI) queries getting you reliable results without false positives. Your queries are so good […] more…Intel’s Tower Semiconductor acquisition fails, as China witholds OK
Intel’s planned $5.4 billion acquisition of Israel-based Tower Semiconductor has fallen apart, as China reportedly failed to approve the deal in time to meet a deadline agreed upon by the two companies for the deal to close. Intel said in a statement late Tuesday said that the two companies mutually agreed to terminate the deal […] more…VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques
We just released a new edition of our “VirusTotal Malware Trends Report” series, where we want to share VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, this time focusing on “Emerging Formats and Delivery Techniques”. Here are some of the main ideas presented there: Email […] more…Actionable Threat Intel (IV) – YARA beyond files: extending rules to network IoCs
We are extremely excited to introduce YARA Netloc, a powerful new hunting feature that extends YARA supported entities from traditional files to network infrastructure, including domains, URLs and IP addresses. This opens endless possibilities and brings your hunting to a whole new level. Let’s get started! Creating Network rules YARA Netloc is based on extended […] more…Inside of the WASP’s nest: deep dive into PyPI-hosted malware
Photo by Matheus Queiroz on Unsplash In late 2022 we decided to start monitoring PyPI, arguably the most important Python repository, as there were a number of reports on it hosting malware. PyPI took exceptional relevance amongst all repositories as, historically, it was trusted by default by many software developers. Any security breach or abuse […] more…Actionable Threat Intel (II) – IoC Stream
Access to RELEVANT threat data is a recurring challenge highlighted by SOCs and CTI teams, at VirusTotal we want to help you understand your unique threat landscape. Indeed, tracking campaigns and threat actors in VirusTotal’s Threat Landscape module should be a smooth and simple experience. We are excited to announce that VirusTotal users can now […] more…VirusTotal += Mandiant Permhash: Unearthing adversary infrastructure and toolkits by leveraging permissions similarity
Last Monday our colleagues over at Mandiant rolled out Permhash. In their own words, Permhash is an extensible framework to hash the declared permissions applied to Chromium-based browser extensions and APKs allowing for clustering, hunting, and pivoting similar to import hashing and rich header hashing. We are excited to announce that we have been working […] more…APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…Siemens Drives Rise in ICS Vulnerabilities Discovered in 2022: Report
The number of vulnerabilities discovered in industrial control systems (ICS) continues to increase, and many of them have a ‘critical’ or ‘high’ severity rating, according to a new report from industrial cybersecurity firm SynSaber. The report compares the number of ICS and ICS medical advisories published by CISA between 2020 and 2022. While the number […] more…Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. It is not new. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores – giving them greater apparent validity to targets. The scam is a version […] more…Is malware abusing your infrastructure? Find out with VirusTotal!
Any organization’s infrastructure might inadvertently be abused by attackers as part of a malicious campaign. It is therefore important to monitor any suspicious activity. VirusTotal can help you identify these threats and improve your threat detection and protection capabilities. In this post we will first analyze different available search modifiers and then we will provide […] more…Lessons learned from 2022
One of our goals is sharing with the security community as much as we learn from VirusTotal’s data to help stop, monitor and mitigate malicious activity. When looking back to 2022 we observe different interesting trends; we decided to go deeper into the three most interesting ones: evolution of distribution vectors, trending malware artifacts and […] more…More information
- Police seize robot and its shopping, including drugs, master keys and stash can
- FISA court reverses order to destroy NSA phone data
- Deceive in order to detect
- Facebook partners with Panda Security
- DLP tools deliver strong endpoint protection
- Apple toughens up app security with API control
- Taxpayers shrug off ID fraud warnings even as attacks rise
- Mobile insecurity at work? Blame highly paid dudes
- Sam Ramji Discusses Cloud Foundry and Open Source Opportunities
- Intel Security เปิดให้ลูกค้าใช้ McAfee Cloud Visibility – Community Edition ฟรี !!