Showing page 1191 of 1200 of 1750 results.

Blog

Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise

Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security (ES) product that were being exploited in the wild.
https://www.mandiant.com/resources/blog/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise
Blog

Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity

New evidence allows us to assess that UNC1151, a suspected state-sponsored cyber espionage actor, conducts at least some components of Ghostwriter influence activity.
https://www.mandiant.com/resources/blog/espionage-group-unc1151-likely-conducts-ghostwriter-influence-activity
Blog

Abusing AD FS Replication: Stealing AD FS Secrets Over the Network

We show how a threat actor, with the right privilege, can extract the encrypted Token Signing Certificate from anywhere on the internal network.
https://www.mandiant.com/resources/blog/abusing-replication-stealing-adfs-secrets-over-the-network
Blog

Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service

How attackers use the Background Intelligent Transfer Service (BITS), techniques for detecting attacker activity, and the public release of our BitParser tool.
https://www.mandiant.com/resources/blog/attacker-use-of-windows-background-intelligent-transfer-service
Blog

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two)

Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user.
https://www.mandiant.com/resources/blog/solarcity-exploitation-of-x2e-iot-device-part-two
Blog

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user.
https://www.mandiant.com/resources/blog/solarcity-exploitation-of-x2e-iot-device-part-one
Blog

Turla: A Galaxy of Opportunity

A suspected Turla Team operation distributing a reconnaissance utility and backdoor to malware victims in Ukraine.
https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
Blog

Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace

In this post we  share insights from Mandiant's analysis of 2022 zero-day exploitation.
https://www.mandiant.com/resources/blog/zero-days-exploited-2022
Blog

Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China

Mandiant is investigating a Barracuda ESG appliance zero-day vulnerability being exploited in the wild.
https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
Blog

The Spies Who Loved You: Infected USB Drives to Steal Secrets

In the first half of 2023, we  observed a threefold increase in the number of attacks using infected USB drives to steal secrets.
https://www.mandiant.com/resources/blog/infected-usb-steal-secrets