The path from VT Intelligence queries to VT Livehunt rules: A CTI analyst approach
This post will explain the process you can follow to create a VT Livehunt rule from a VT Intelligence query. Something typical in threat hunting and threat intelligence operations. Let’s assume that, as a threat hunter, you created robust VT intelligence (VTI) queries getting you reliable results without false positives. Your queries are so good […] more…It’s all about the structure! Creating YARA rules by clicking
Since we made our (extended) vt module available for LiveHunt YARA rules we understand it is not easy for analysts to keep in mind all the new potential possibilities – too many of them! Our goal is to make YARA rule creation as easy as possible while providing security experts everything they need to make […] more…APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…Cisco issues critical security warning for Nexus data-center switches
Cisco issued some 40 security advisories today but only one of them was deemed “critical” – a vulnerability in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode data-center switch that could let an attacker secretly access system resources. The exposure, which was given a Common Vulnerability Scoring System importance of 9.8 out of 10, […] more…Authorities Dismantle Ransomware Cybergang
Five Romanian nationals suspected of being part of a cybercrime g read more more…Moving Beyond "Moving Left": The Case for Developer Enablement
For far too long software security has been comprised of a curious bifurcation of roles. Developers develop and IT security testers test for security issues. Fortunately, a confluence of circumstances has forced a recalibration of the developer’s role in software security. In fact, I think we are about to see a new wave of what […] more…3 ways IoT security concerns are taken out of context
This Saturday was like most every other day for me. I opened my RSS Internet of Things (IoT) news feed and there were three more articles telling me that consumers don’t trust IoT security. IoT security alerts have been so frequent and regular for so long now that just like a “check engine light” in […] more…Setting the Record Straight on Moplus SDK and the Wormhole Vulnerability
A vulnerability known as Wormhole that reportedly affected the software development kit (SDK), Moplus by Baidu is making waves due to the severity of the impact once successfully exploited. The said vulnerability was discovered by WooYun.og, a vulnerability reporting platform in China. However, as our investigation on this security bug unfolded, we found out that […] more…More information
- Even before NSA scandal, US residents were anxious about privacy breaches
- Microsoft Skype for Business Server CVE-2019-1490 Spoofing Vulnerability
- How Threats Disguise Their Network Traffic
- SAP Releases August 2018 Security Updates
- Utah County Struck by Ransomware
- Additional Healthcare Firms Disclose Impact From Netgain Ransomware Attack
- Apple Extends HTTPS Deadline for iOS Apps
- SAP Security Updates Patch 19 New Flaws
- December Patch Tuesday round-up: Winding down for the year
- Snowden-inspired crypto-email service Lavaboom launches