What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-29 14:00:00 | De l'assistant à l'analyste: la puissance de Gemini 1.5 Pro pour l'analyse des logiciels malveillants From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis (lien direct) |
Executive Summary A growing amount of malware has naturally increased workloads for defenders and particularly malware analysts, creating a need for improved automation and approaches to dealing with this classic threat. With the recent rise in generative AI tools, we decided to put our own Gemini 1.5 Pro to the test to see how it performed at analyzing malware. By providing code and using a simple prompt, we asked Gemini 1.5 Pro to determine if the file was malicious, and also to provide a list of activities and indicators of compromise. We did this for multiple malware files, testing with both decompiled and disassembled code, and Gemini 1.5 Pro was notably accurate each time, generating summary reports in human-readable language. Gemini 1.5 Pro was even able to make an accurate determination of code that - at the time - was receiving zero detections on VirusTotal. In our testing with other similar gen AI tools, we were required to divide the code into chunks, which led to vague and non-specific outcomes, and affected the overall analysis. Gemini 1.5 Pro, however, processed the entire code in a single pass, and often in about 30 to 40 seconds. Introduction The explosive growth of malware continues to challenge traditional, manual analysis methods, underscoring the urgent need for improved automation and innovative approaches. Generative AI models have become invaluable in some aspects of malware analysis, yet their effectiveness in handling large and complex malware samples has been limited. The introduction of Gemini 1.5 Pro, capable of processing up to 1 million tokens, marks a significant breakthrough. This advancement not only empowers AI to function as a powerful assistant in automating the malware analysis workflow but also significantly scales up the automation of code analysis. By substantially increasing the processing capacity, Gemini 1.5 Pro paves the way for a more adaptive and robust approach to cybersecurity, helping analysts manage the asymmetric volume of threats more effectively and efficiently. Traditional Techniques for Automated Malware Analysis The foundation of automated malware analysis is built on a combination of static and dynamic analysis techniques, both of which play crucial roles in dissecting and understanding malware behavior. Static analysis involves examining the malware without executing it, providing insights into its code structure and unobfuscated logic. Dynamic analysis, on the other hand, involves observing the execution of the malware in a controlled environment to monitor its behavior, regardless of obfuscation. Together, these techniques are leveraged to gain a comprehensive understanding of malware. Parallel to these techniques, AI and machine learning (ML) have increasingly been employed to classify and cluster malware based on behavioral patterns, signatures, and anomalies. These methodologies have ranged from supervised learning, where models are trained on labeled datasets, to unsupervised learning for clustering, which identifies patterns without predefined labels to group similar malware. | Malware Hack Tool Vulnerability Threat Studies Prediction Cloud Conference | Wannacry | ★★★ |
|
2024-04-04 14:00:00 | Cutting avant, partie 4: Ivanti Connect Secure VPN Post-Exploitation Mouvement latéral Études de cas Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies (lien direct) |
Written by: Matt Lin, Austin Larsen, John Wolfram, Ashley Pearson, Josh Murchie, Lukasz Lamparski, Joseph Pisano, Ryan Hall, Ron Craft, Shawn Chew, Billy Wong, Tyler McLellan
Since the initial disclosure of CVE-2023-46805 and CVE-2024-21887 on Jan. 10, 2024, Mandiant has conducted multiple incident response engagements across a range of industry verticals and geographic regions. Mandiant\'s previous blog post, Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts, details zero-day exploitation of CVE-2024-21893 and CVE-2024-21887 by a suspected China-nexus espionage actor that Mandiant tracks as UNC5325. This blog post, as well as our previous reports detailing Ivanti exploitation, help to underscore the different types of activity that Mandiant has observed on vulnerable Ivanti Connect Secure appliances that were unpatched or did not have the appropriate mitigation applied. Mandiant has observed different types of post-exploitation activity across our incident response engagements, including lateral movement supported by the deployment of open-source tooling and custom malware families. In addition, we\'ve seen these suspected China-nexus actors evolve their understanding of Ivanti Connect Secure by abusing appliance-specific functionality to achieve their objectives. As of April 3, 2024, a patch is readily available for every supported version of Ivanti Connect Secure affected by the vulnerabilities. We recommend that customers follow Ivanti\'s latest patching guidance and instructions to prevent further exploitation activity. In addition, Ivanti released a new enhanced external integrity checker tool (ICT) to detect potential attempts of malware persistence across factory resets and system upgrades and other tactics, techniques, and procedures (TTPs) observed in the wild. We also released a remediation and hardening guide |
Malware Tool Vulnerability Threat Studies Mobile Cloud | Guam | ★★★ |
|
2024-03-28 11:00:00 | La vie après la mort?Les campagnes de l'IO liées à un homme d'affaires russe notoire Prigozhin persiste après sa chute politique et sa mort Life After Death? IO Campaigns Linked to Notorious Russian Businessman Prigozhin Persist After His Political Downfall and Death (lien direct) |
Written by: Alden Wahlstrom, David Mainor, Daniel Kapellmann Zafra
In June 2023, Russian businessman Yevgeniy Prigozhin and his private military company (PMC) “Wagner” carried out an armed mutiny within Russia. The events triggered the meteoric political downfall of Prigozhin, raising questions about the future of his various enterprises that were only underscored when he died two months later under suspicious circumstances. Up to that point, Prigozhin and his enterprises worked to advance the Kremlin\'s interests as the manifestation of the thinnest veil of plausible deniability for state-guided actions on multiple continents. Such enterprises included the Wagner PMC; overt influence infrastructure, like his media company Patriot Group that housed his media companies, including the “RIA FAN” Federal News Agency; covert influence infrastructures; and an array of businesses aimed at generating personal wealth and the resourcing necessary to fund his various ventures. Mandiant has for years tracked and reported on covert information operations (IO) threat activity linked to Prigozhin. His involvement in IO was first widely established in the West as part of the public exposure of Russian-backed interference in the 2016 U.S. presidential election-this included activity conducted by Russia\'s Internet Research Agency (IRA), which the U.S. Government publicly named Prigozhin as its financier. Subsequently, Prigozhin was publicly connected to a web of IO activity targeting the U.S., EU, Ukraine, Russian domestic audiences, countries across Africa, and further afield. Such activity has worked not only to advance Russian interests on matters of strategic importance, but also has attempted to exploit existing divisions in societies targeting various subgroups across their population. Throughout 2023, Mandiant has observed shifts in the activity from multiple IO campaigns linked to Prigozhin, including continued indicators that components of these campaigns have remained viable since his death. This blog post examines a sample of Prigozhin-linked IO campaigns to better understand their outcomes thus far and provide an overview of what can be expected from these activity sets in the future. This is relevant not only because some of the infrastructure of these campaigns remains viable despite Prigozhin\'s undoing, but also because we advance into a year in which Ukraine continues to dominate Russia\'s strategic priorities and there are multiple global elections that Russia may seek to influence. Mandiant and Google\'s Threat Analysis Group (TAG) work together in support of our respective missions at Google. TAG has likewise been tracking coordinated influence operations linked to Prigozhin and the Internet Research Agency (IRA) for years; and in 2023, Google took over 400 enforcement actions to disrupt IO campaigns linked to the IRA, details of which are reported in the quarterly TAG Bulletin. TAG has not observed significant activity from the IRA or other Prigozhin-linked entities specifically on Google platforms since Prigozhin\'s death, |
Threat Studies Legislation Prediction | ★★★ | |
|
2023-09-28 12:00:00 | Analyse des tendances du temps à exploiter: 2021-2022 Analysis of Time-to-Exploit Trends: 2021-2022 (lien direct) |
résumé exécutif
Mandiant Intelligence a analysé 246 vulnérabilités qui ont été exploitées entre 2021 et 2022.
soixante-deux pour cent (153) des vulnérabilités ont d'abord été exploitées sous forme de vulnérabilités de jour zéro.
Le nombre de vulnérabilités exploitées chaque année continue d'augmenter, tandis que les temps à exploiter (TTES) globaux que nous voyons diminuent.
L'exploitation d'une vulnérabilité est le plus susceptible de se produire avant la fin du premier mois suivant la sortie d'un correctif.
Microsoft, Google et Apple continuent d'être les fournisseurs les plus exploités d'une année à l'autre, mais les deux dernières années
Executive Summary Mandiant Intelligence analyzed 246 vulnerabilities that were exploited between 2021 and 2022. Sixty-two percent (153) of the vulnerabilities were first exploited as zero-day vulnerabilities. The number of exploited vulnerabilities each year continues to increase, while the overall times-to-exploit (TTEs) we are seeing are decreasing. Exploitation of a vulnerability is most likely to occur before the end of the first month following the release of a patch. Microsoft, Google, and Apple continue to be the most exploited vendors year-over-year, but the last two years |
Vulnerability Studies | ★★★★ | |
|
2022-11-09 15:00:00 | Menace d'initié: études d'impact Insider Threat: Impact Studies (lien direct) |
Notre précédent article de menace d'initiés a partagé des détails sur Types de menaces d'initiés et pourquoi ils sont une préoccupation .Dans cet article, nous partageons quelques exemples et stratégies d'atténuation.
Exemples d'incidents de menace d'initiés significatifs
Avec une technologie en évolution rapide, la menace d'un initié et le coût associé pour contenir et répondre à un incident se développe.Il y a eu des incidents importants où les organisations ont non seulement souffert de lésions de la marque ou de perte de données critiques, mais ont également fini par subir de grandes pertes financières.Certains des cas publics notables sont:
le supérieur
Our previous insider threat post shared details on types of insider threats and why they are a concern. In this post we share some examples and mitigation strategies. Examples of Significant Insider Threat Incidents With rapidly evolving technology, the threat of an insider and the associated cost for containing and responding to an incident is growing. There have been some significant incidents where organizations not just suffered from brand damage, or loss of critical data, but also ended up bearing large financial losses. Some of the notable public cases are: The superior |
Threat Studies | ★★★ | |
|
2021-09-14 04:04:51 | Grâce à l'objectif de l'analyste: la puissance réelle des services de détection et de réponse gérés Through the Analyst Lens: The Real Power of Managed Detection and Response Services (lien direct) |
La menace constante de la violation de données fait que les organisations examinent leur capacité à protéger l'entreprise de la prochaine grande attaque.Mais la technologie à elle seule n'a pas réduit votre temps moyen à détecter et à répondre.Selon Craig Robinson, directeur de programme au sein de la pratique de recherche sur les services de sécurité d'IDC \\ et auteur de la dernière étude IDC Marketscape dans les services de détection et de réponse gérés aux États-Unis, «Il y aura de plus en plus de besoin de MDRServices à l'avenir.Dans les talons de la publication IDC Marketscape, je me suis assis avec Craig pour découvrir ce que les clients et les vendeurs voient
The constant threat of data breach has organizations scrutinizing their ability to protect the business from the next big attack. But technology alone won\'t reduce your mean-time-to-detect and respond. According to Craig Robinson, Program Director within IDC\'s Security Services research practice and author of the latest IDC MarketScape study in U.S. Managed Detection and Response (MDR) Services, “there is going to be more and more of a need for MDR Services in the future.” On the heels of the IDC MarketScape publication, I sat down with Craig to discover what customers and vendors are seeing |
Data Breach Threat Studies | ★★★ | |
|
2021-04-13 08:45:00 | M-Trends 2021: une vue depuis les lignes de front M-Trends 2021: A View From the Front Lines (lien direct) |
Nous sommes ravis de lancer M-Trends 2021 , le 12 Th édition de notre publication annuelle Fireeye Mandiant.L'année dernière a été unique, car nous avons été témoins d'une combinaison sans précédent d'événements mondiaux.Les opérations commerciales se sont déplacées en réponse aux acteurs mondiaux de pandémie et de menace ont continué à dégénérer la sophistication et l'agressivité de leurs attaques, tandis que des événements mondiaux inattendus se sont mis à profit parallèles à leur avantage.
Nous discutons de tout cela et bien plus encore dans le rapport complet, qui est Disponible au téléchargement aujourd'hui .Mais d'abord, voici un aperçu des M-Trends les plus populaires
We are thrilled to launch M-Trends 2021, the 12th edition of our annual FireEye Mandiant publication. The past year has been unique, as we witnessed an unprecedented combination of global events. Business operations shifted in response to the worldwide pandemic and threat actors continued to escalate the sophistication and aggressiveness of their attacks, while in parallel leveraged unexpected global events to their advantage. We discuss all of this and much more in the full report, which is available for download today. But first, here is a sneak preview of the most popular M-Trends metric |
Threat Studies | ★★★★ | |
|
2021-01-21 17:30:00 | Transformers de formation pour les tâches de cybersécurité: une étude de cas sur la prédiction de l'URL malveillante Training Transformers for Cyber Security Tasks: A Case Study on Malicious URL Prediction (lien direct) |
Fait saillie
Effectuez une étude de cas sur l'utilisation de modèles de transformateurs pour résoudre les problèmes de cybersécurité
Former un modèle de transformateur pour détecter les URL malveillantes sous plusieurs régimes de formation
Comparez notre modèle avec d'autres méthodes d'apprentissage en profondeur et montrez qu'elle fonctionne sur la page avec d'autres modèles de premier plan
Identifiez les problèmes de l'application de la pré-formation générative à la détection de l'URL malveillante, qui est une pierre angulaire de la formation des transformateurs dans les tâches de traitement du langage naturel (PNL)
Introduire une nouvelle fonction de perte qui équilibre la classification et la perte générative pour obtenir des performances améliorées sur le
Highlights Perform a case study on using Transformer models to solve cyber security problems Train a Transformer model to detect malicious URLs under multiple training regimes Compare our model against other deep learning methods, and show it performs on-par with other top-scoring models Identify issues with applying generative pre-training to malicious URL detection, which is a cornerstone of Transformer training in natural language processing (NLP) tasks Introduce novel loss function that balances classification and generative loss to achieve improved performance on the |
Studies | ★★★ | |
|
2020-02-20 13:00:00 | M-Trends 2020: Insignes des lignes de front M-Trends 2020: Insights From the Front Lines (lien direct) |
Aujourd'hui, nous publions M-Trends 2020 , l'édition 11 th de notre populaire rapport annuel Fireeye Mandiant.Cette dernière M-Trends contient toutes les statistiques, les tendances, les études de cas et les recommandations de durcissement auxquelles les lecteurs s'attendent au cours des années et plus.
L'un des plats les plus excitants du rapport de cette année: le temps de résidence médiane mondiale est maintenant de 56 jours.Cela signifie que l'attaquant moyen ne fait pas partie d'un réseau pendant moins de deux mois-an M-Trends en premier.Il s'agit d'une statistique très prometteuse qui démontre jusqu'où nous venons depuis 2011, lorsque le temps de résidence médian mondiale était de 416
Today we release M-Trends 2020, the 11th edition of our popular annual FireEye Mandiant report. This latest M-Trends contains all of the statistics, trends, case studies and hardening recommendations that readers have come to expect through the years-and more. One of the most exciting takeaways from this year\'s report: the global median dwell time is now 56 days. That means the average attacker is going undetected on a network for under two months-an M-Trends first. This is a very promising statistic that demonstrates how far we\'ve come since 2011 when the global median dwell time was 416 |
Studies | ★★★ |
1
We have: 9 articles.
We have: 9 articles.
To see everything:
Our RSS (filtrered)
