The recent WannaCry ransomware takes advantage of a Server Message Block vulnerability to compromise Windows machines, load malware, and propagate to other machines in a network.

In this blog we take a closer look at the powerful, versatile backdoor known as CARBANAK (aka , Anunak, ).

This is the first of two blogs that discuss the implementation of the Windows console architecture from years past, with a primary focus on the current implementation present on modern versions of Windows.

FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability.

Mandiant recently responded to an incident at a critical infrastructure organization where an attacker deployed malware designed to manipulate industrial safety systems.

Mandiant is releasing a tool named GoReSym to parse Go symbol information and other embedded metadata.

In this blog post we discuss multiple targeted phishing campaigns designed to download and deploy a backdoor we track as MINEBRIDGE.

Blockchain technology offers the promise of enhanced security, but also presents its own challenges.

FireEye is tracking an in-the-wild campaign that leverages compromised sites to spread fake updates, and sometimes NetSupport Manager remote access tool is the payload.

We are releasing GeoLogonalyzer to help organizations analyze logs to identify malicious logins based on GeoFeasibility.