Google has introduced the Mobile Vulnerability Rewards Program (Mobile VRP), a new bug bounty initiative aimed at incentivizing security researchers to uncover vulnerabilities in the company’s Android applications. The program offers monetary rewards to bughunters who can find and help fix weaknesses in Google-developed or maintained first-party Android apps. In [...]
As we all are aware the major cybersecurity firm FireEye has been hacked, confirmed by the CEO Kevin Mandia in a blog post on Tuesday. One of the largest cybersecurity companies in the US, FireEye is investigating the cyberattacks in collaboration with Microsoft and the FBI is also working on the case. The hackers stole FireEye’s “Red Team” tools, a collection of malware & exploits used to test customers’ vulnerabilities. CEO Mandia also mentioned that none of the tools was a zero-day exploit i.e. a vulnerability that fix hasn’t been released.
“The attack is different from the tens of thousands of incident that has happened throughout the years,” a statement by the firms in SEC filing.
The FBI’s investigation so far came on the indications that hack is of the high level of sophistication consistent with a nation-state also Microsoft confirmed that the hackers used a rare combination of techniques to steal FireEye’s tools.
Microsoft also said that this is one of the major reasons why the security industry should work with collaboration so as to defend against these types of incidents and with regards Microsoft commended for the disclosure & collaboration with them to FireEye.
Though FireEye hasn’t seen any evidence that its stolen tools have been used, still the company will continue to monitor for any activity, said CEO Mandia, and for the same company has released countermeasures for tracing the use of any of its tool on GitHub.
Taking under the observation & as mentioned above the attacker’s the method were highly sophisticated to trace & to make any forensics investigations difficult, the combination of techniques hadn’t been seen before by the company.
Although FireEye hasn’t observed any usage or any kind of data breaching from the company or took any information about its customers.
Its a world-wide incident and probably one of the decades biggest heist, also as stated by Rep. Adam Schiff, chairman of the house select committee on intelligence “This news about FireEye is especially concerning because reportedly a nation-state actor made off with advanced tools that could help them mount future attacks.”
“We are expecting that companies take real steps to secure their systems, but this case also shows the difficulty of stopping determined nation-state hackers.”
A new variant of the InterPlanetary Storm malware has been discovered, which comes with fresh detection-evasion tactics and now targets Mac and Android devices (in addition to Windows and Linux, ...
Post comments (0)