Continuing our discussion of image parsing vulnerabilities in Windows, we take a look at a comparatively less popular vulnerability class: uninitialized memory. In this...
Read moreSo Unchill: Melting UNC2198 ICEDID to Ransomware Operations
February 25 2021Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye ...
Read moreSo Unchill: Melting UNC2198 ICEDID to Ransomware Operations
February 25 2021Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye ...
Read moreCyber Criminals Exploit Accellion FTA for Data Theft and Extortion
February 22 2021Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered...
Read moreCyber Criminals Exploit Accellion FTA for Data Theft and Extortion
February 22 2021Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered...
Read moreShining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)
February 17 2021In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged ...
Read moreShining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two)
February 17 2021In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device (referred to throughout as X2e device). In Part One, we...
Read moreShining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)
February 17 2021In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged ...
Read moreShining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two)
February 17 2021In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device (referred to throughout as X2e device). In Part One, we...
Read morePhishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication
January 26 2021FireEye Email Security recently encountered various phishing campaigns, mostly in the Americas and Europe, using source code obfuscation with compromised or bad domains. These domains were...
Read more
Recent Comments