#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

FireEye | Breaking Cybersecurity News | The Hacker News

Google Buys Cybersecurity Firm Mandiant for $5.4 Billion

Google Buys Cybersecurity Firm Mandiant for $5.4 Billion

Mar 08, 2022
Google is officially buying threat intelligence and incident response company Mandiant in an all-cash deal approximately valued at $5.4 billion, the two technology firms announced Tuesday. Mandiant is expected to be folded into Google Cloud upon the closure of the acquisition, which is slated to happen later this year, adding to the latter's growing portfolio of security offerings such as BeyondCorp Enterprise , VirusTotal , Chronicle , and the Cybersecurity Action Team . "Today, organizations are facing cybersecurity challenges that have accelerated in frequency, severity and diversity, creating a global security imperative," Google  said  in a statement. "To address these risks, enterprises need to be able to detect and respond to adversaries quickly; analyze and automate threat intelligence to scale threat detection across organizations; orchestrate and automate remediation; validate their protection against known threats; and visualize their IT environment i
Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack

Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack

May 04, 2021
Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as  CVE-2021-22893  (CVSS score 10), the flaw concerns "multiple use after free" issues in Pulse Connect Secure that could allow a remote unauthenticated attacker to execute arbitrary code and take control of the affected system. All Pulse Connect Secure versions prior to 9.1R11.4 are impacted. The flaw came to light on April 20 after FireEye  disclosed  a series of intrusions targeting defense, government, and financial organizations in the U.S. and elsewhere by leveraging critical vulnerabilities in the remote access solution to bypass multi-factor authentication protections and breach enterprise networks. The development promoted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue an  Emergency Directive  urging fede
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

Mar 05, 2021
FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the  sprawling espionage campaign  continues to yield fresh clues about the threat actor's tactics and techniques.  Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of malware adds to a growing list of malicious tools such as  Sunspot ,  Sunburst  (or Solorigate),  Teardrop , and  Raindrop  that were stealthily delivered to enterprise networks by  alleged Russian operatives . "These tools are new pieces of malware that are unique to this actor," Microsoft  said . "They are tailor-made for specific networks and are assessed to be introduced after the actor has gained access through compromised credentials or the SolarWinds binary and after moving laterally with Teardrop and other hands-on-keyboard actions." Microsoft al
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware

FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware

Oct 24, 2018
Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia. TRITON , also known as Trisis, is a piece of ICS malware designed to target the Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric which are often used in oil and gas facilities. Triconex Safety Instrumented System is an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically if a dangerous state is detected. Since malware of such capabilities can't be created by a computer hacker without possessing necessary knowledge of Industrial Control Systems (ICS), researchers believe with "high confidence" that Moscow-based lab Central Scientific Research Institute of Chemistry and
'LeakTheAnalyst' Hacker Who Claimed to Have Hacked FireEye Arrested

'LeakTheAnalyst' Hacker Who Claimed to Have Hacked FireEye Arrested

Nov 02, 2017
Remember the hacker who claimed to have breached FireEye late July this year? That alleged hacker has been arrested and taken into custody Thursday by international law enforcement, FireEye CEO Kevin Mandia informed the media. Late July, the hacker, whose name has not yet been disclosed, managed to hack the personal online accounts of a ‎Senior Threat Intelligence Analyst at Mandiant—a Virginia-based cybersecurity firm owned by the FireEye—and leaked nearly 32 megabytes of data belonging to Peretz. At that time, the hacker claimed that he had started #LeakTheAnalyst operation that aimed at doxing the security analysts who hunt hackers. The hacker also claimed to have had complete access to the company's internal networks since 2016. "Let's trash their reputation in the field," the hacker said. "It was fun to be inside a giant company named "Mandiant" we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reve
Hacker Leaks Data From Mandiant (FireEye) Senior Security Analyst

Hacker Leaks Data From Mandiant (FireEye) Senior Security Analyst

Jul 31, 2017
Reportedly, at least one senior cyber security analyst working with Mandiant, a Virginia-based cybersecurity firm owned by the FireEye, appears to have had its system compromised by hackers, exposing his sensitive information on the Internet. On Sunday, an anonymous group of hackers posted some sensitive details allegedly belonged to Adi Peretz , a ‎Senior Threat Intelligence Analyst at Mandiant, claiming they have had complete access to the company's internal networks since 2016. The recent hack into Mandiant has been dubbed Operation # LeakTheAnalyst . Further Leaks from Mandiant Might Appear The hackers have leaked nearly 32 megabytes of data—both personal and professional—belonging to Peretz on Pastebin as proof, which suggests they have more Mandiant data that could be leaked in upcoming days. "It was fun to be inside a giant company named "Mandiant" we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reverse
Chinese Hackers spied on European Diplomats during recent G20 meetings

Chinese Hackers spied on European Diplomats during recent G20 meetings

Dec 13, 2013
Security firm FireEye has released a new report  detailing cyber espionage attacks on European Ministries of Foreign Affairs (MFA) during recent G20 meetings by Chinese Hackers . According to FireEye's researcher Nart Villeneuve , hackers infiltrated the computer networks of five European foreign ministries by sending emails containing malware files to staff and gained access to their systems to steal credentials and high-value information. "We believe that the Ke3chang attackers are operating out of China and have been active since at least 2010," The cyber espionage campaign named as " Operation Ke3chang " and if the victim will download & open the malware file which disguised itself as files detailing a possible intervention in Syria ( US_military_options_in_Syria . pdf . zip ), it gets installed on the victim's computer with a backdoor. " They have also leveraged a Java zero-day vulnerability (CVE-2012-4681), as well as older, reliable exploits for Mi
Internet Explorer zero-day vulnerability actively being exploited in the wild

Internet Explorer zero-day vulnerability actively being exploited in the wild

Nov 11, 2013
Security researchers at FireEye have detected a new series of drive-by attacks based on a new Internet Explorer zero-day vulnerability. The attackers breached a website based in the US to deploy the exploit code to conduct a classic watering hole attack. The discovery was announced just a few days after Microsoft revealed the Microsoft Zero-day CVE-2013-3906 , a Zero-day vulnerability in Microsoft graphics component that is actively exploited in targeted attacks using crafted Word documents sent by email. Microsoft graphics component zero-day vulnerability allows attackers to install a malware via infected Word documents and target Microsoft Office users running on Windows Vista and Windows Server 2008. Recently reported new Internet Explorer zero-day vulnerability detected by FireEye affects the English versions of IE 7 and 8 in Windows XP and IE 8 on Windows 7, but according the experts it can be easily changed to leverage other languages. Experts at FireEye conf
World War C report - Motives behind State Sponsored Cyber Attacks

World War C report - Motives behind State Sponsored Cyber Attacks

Oct 03, 2013
Nation-state driven cyber attacks are routinely conducted on a global scale to defend national sovereignty and project national power. We are living in the cyber era, human conflict is involving also the fifth domain of warfare , the cyberspace . As never before disputes take place with blows of bits, militias of every government are developing cyber capabilities dedicating great effort for the establishment of cyber units . Network security company, FireEye, has released a report titled " World War C: Understanding Nation-State Motives Behind Today's Advanced Cyber Attacks " which describes the effort spent by governments in cyber warfare context, the document analyzes in detail the different approaches adopted by various countries in conducting nation-state driven cyber attacks . Security experts highlight the intensification of state-sponsored attacks for both cyber espionage and sabotage purpose, campaigns such as Moonlight Maze and Titan Rain or the destruc
Internet Explorer zero-day exploit targets U.S. nuke researchers

Internet Explorer zero-day exploit targets U.S. nuke researchers

May 06, 2013
Security researchers revealed that series of " Watering Hole " has been conducted exploiting a IE8 zero-day vulnerability to target U.S. Government experts working on nuclear weapons research. The news is not surprising but it is very concerning, the principal targets of the attacks are various groups of research such as the components of U.S. Department of Labor and the U.S. Department of Energy, the news has been confirmed by principal security firms and by Microsoft corporate. The flaw has been used in a series of "watering hole" attacks, let's remind that "Watering Hole" is a technique of attack realized compromising legitimate websites using a " drive-by " exploit. The attackers restrict their audience to a individuals interested to specific content proposed by targeted website, in this way when the victim visits the page a backdoor Trojan is installed on his computer. The website compromised to exploit the IE8 zero-day is the Dep
New Adobe Reader Zero-Day Vulnerability spotted in the wild

New Adobe Reader Zero-Day Vulnerability spotted in the wild

Feb 14, 2013
FireEye researchers recently came across a zero-day security flaw in Adobe Reader that's being actively exploited in the wild. The zero-day vulnerability is in Adobe PDF Reader 9.5.3, 10.1.5, 11.0.1 and earlier versions. According to researchers, once malware takes advantage of the flaw, its payload drops two dynamic-link libraries, or DLLs, which are application extensions used by executable files to perform a task. In this case, they allow the infected computer to communicate with a hacker-owned server. No additional details about the zero-day vulnerabilities have been publicly released, and but researchers with antivirus provider Kaspersky Lab have confirmed the exploit can successfully escape the Adobe sandbox. " We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files ," said FireEye team. But until the vulnerability gets patched,
Cybersecurity Resources