Threats

featured
Posted on

RTF zero day in the wild

FireEye recently published an RTF zero day that has been used in the wild since July. This zero day was used to spread FinSpy/FinFisher malware, a “lawful intercept” product with RAT-like capabilities. The disclosed vulnerability is a logical vulnerability, which means most EMET style anti-exploitation techniques (ASLR, DEP, CFG) are irrelevant. As are any other pre-execution security mechanisms […]

READ MORE
Posted on

Are we done with WannaCry?

Several customers and industry analysts frequently ask us (and other vendors) about independent validation of our capabilities. We wanted to share information about a recent test conducted by MRG-Effitas to validate the effectiveness of various traditional and next-generation endpoint security suites against the EternalBlue and Doublepulsar exploits/backdoor. These threats were unearthed by “The Shadow Brokers” […]

READ MORE
Posted on

New “Widia” Ransomware Asks for Credit Card for Payment

By Caleb Fenton and Itai Liba, Senior Security Researchers, SentinelOne Labs While hunting for new types of undetected ransomware, we came across a sample we’re calling Widia. Below is the ransom note it displays once it’s infected the device: Your documents, photos, databases and other important files have been encrypted with the strongest encryption and unique […]

READ MORE
Posted on

Introducing: SentinelOne Enterprise Risk Index

SentinelOne’s new Enterprise Risk Index (ERI) provides new evidence of the proportion of attacks that simply cannot be stopped by traditional, static, file inspection security solutions. It’s further proof that attack methods have rendered AV redundant. The ERI is intended as a resource on the commonly encountered threat vectors seen in production environments, as well […]

READ MORE
Posted on

CVE-2017-0199: What REAL 0-Day Vulnerability Protection Looks Like

News of a Microsoft Word 0-day vulnerability spread like wildfire this week. Discovered by FireEye, the attack uses is executed when a user opens a Word attachment that includes a malicious OLE2 (Object Linking and Embedding) embedded in a specially-crafted Word document that can then spread the Dridex banking Trojan. The 0-day vulnerability, CVE-2017-0199, was […]

READ MORE
Posted on

APT28 Moves to Attacking Japan

Earlier this week, it was discovered that the group known as APT28* (and several other monikers including Fancy Bear and Sofacy) that is believed to be behind the U.S. election hacking has now turned to Japan. After investigating smaller name servers routinely used by APT28, researchers discovered this latest campaign in Japan – dubbed “Snake Wine” […]

READ MORE
Posted on

NSA Hackers Release Last Cache of Stolen Hacking Tools

APTs aren’t exactly a regimented bunch. They spring up, release a list of breached credentials, merge with other groups, disappear, and then return under suspicious circumstances. This is all par for the course, which is why it’s no surprise that the APT group known as “The Shadow Brokers” have announced that they’re going dark for […]

READ MORE
Posted on

Breaking and evading Linux with a new novel technique

The focus of any malware research is on anticipating where an attack may go, or where it’s already been in order to develop and implement new prevention techniques. While reverse engineering some recent Linux malware samples, I found an interesting and novel technique being used that’s important to share with the broader community. A malicious […]

READ MORE
Posted on

The 7 ‘Most Common’ RATS In Use Today

Sniffing out RATS — remote access Trojans — is a challenge for even the most hardened cyber defender. Here’s a guide to help you in the hunt. Earlier this month, the Office of Personnel Management reported that 21.5 million Americans had their social security numbers and other sensitive data stolen in the second breach to […]

READ MORE