Rapid advancements in artificial intelligence (AI) are unlocking new possibilities for the way we work and accelerating innovation in science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing
Continue ReadingCategory: Google Cloud Threat Intelligence
ScatterBrain: Unmasking the Shadow of PoisonPlug’s Obfuscator
Written by: Nino Isakovic Introduction Since 2022, Google Threat Intelligence Group (GTIG) has been tracking multiple cyber espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW. These operations employ a custom obfuscating compiler that we refer to
Continue ReadingSecuring Cryptocurrency Organizations
Written by: Joshua Goddard The Rise of Crypto Heists and the Challenges in Preventing Them Cryptocurrency crime encompasses a wide range of illegal activities, from theft and hacking to fraud, money laundering, and even terrorist financing,
Continue ReadingYour Single-Page Applications Are Vulnerable: Here’s How to Fix Them
Written by: Steven Karschnia, Truman Brown, Jacob Paullus, Daniel McNamara Executive Summary Due to their client-side nature, single-page applications (SPAs) will typically have multiple access control vulnerabilities By implementing a robust access control policy on supporting APIs,
Continue ReadingBackscatter: Automated Configuration Extraction
Written by: Josh Triplett Executive Summary Backscatter is a tool developed by the Mandiant FLARE team that aims to automatically extract malware configurations. It relies on static signatures and emulation to extract this information without dynamic
Continue ReadingIvanti Connect Secure VPN Targeted in New Zero-Day Exploitation
Written by: John Wolfram, Josh Murchie, Matt Lin, Daniel Ainsworth, Robert Wallace, Dimiter Andonov, Dhanesh Kizhakkinan, Jacob Thompson Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add
Continue ReadingXRefer: The Gemini-Assisted Binary Navigator
Written by: Muhammad Umair Here at Mandiant FLARE, malware reverse engineering is a regular part of our day jobs. At times we are required to perform basic triages on binaries, where every hour saved is critical
Continue ReadingBridging the Gap: Elevating Red Team Assessments with Application Security Testing
Written by: Ilyass El Hadi, Louis Dion-Marcil, Charles Prevost Executive Summary Whether through a comprehensive Red Team engagement or a targeted external assessment, incorporating application security (AppSec) expertise enables organizations to better simulate the tactics and techniques
Continue Reading(QR) Coding My Way Out of Here: C2 in Browser Isolation Environments
Written by: Thibault Van Geluwe de Berlaere Executive Summary Browser isolation is a security technology where web browsing activity is separated from the user's local device by running the browser in a secure environment, such as
Continue ReadingSeeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations
Written by: Vanessa Molter Special thanks to Mandiant's Ryan Serabian for his contributions to this analysis. This blog post details GLASSBRIDGE—an umbrella group of four different companies that operate networks of inauthentic news sites and newswire
Continue Reading