A Malicious “Resume” from Sammy Fields, a Less than Ideal Candidate

A Malicious “Resume” from Sammy Fields, a Less than Ideal Candidate Compromising an organization via resume submissions couldn’t be more enticing from an attacker’s perspective....

Read More

Conficker May Not be a Risk…But its Host is!

Conficker May Not be a Risk…But its Host is! My recent blog post on infections on the CHS network generated a lot of questions and criticism. The most common response to the post was that Conficker is dead and evidence that it exists is irrelevant....

Read More

Where there are Breaches, there are Infections

Community Health Systems (CHS) recently announced their network of 206 Hospitals was hacked impacting the information of 4.5 million patients. On the surface, one would think that a company that deals with patient information would be vigilant about security, considering the high cost of HIPAA...

Read More

Behind the Scenes of a Failed Phishing Attempt

One of our customers recently asked us to analyze a phishing email claiming to be from Wells Fargo that was well enough crafted to bypass their spam filters. What makes this phishing attempt unique is where the link actually sends you once it has been...

Read More

VirusTotal + Maltego = Visualizing Actionable Malware IOCs

Setting up your own malware zoo and collecting all indicators of compromise related to those samples of malware can be time consuming and expensive. While there’s a long list of benefits to doing this on your own, it doesn’t make sense for every organization. All...

Read More

Shaping the Threat Intelligence Management Market

There has been significant chatter recently about threat intelligence management – specifically how a platform for managing such should be defined. Two industry analysts, Dr. Anton Chuvakin, of Gartner and Rick Holland, of Forrester have weighed in early and often on this topic and are two of...

Read More

Lookingglass Malware Researcher Steven Weinstein Provides Guidance on ‘Incident Intelligence’ Using ScoutVision

I Think We’ve Seen This Before… …Why “Incident Intelligence” is Imperative  Lately, customers have been asking me how threat intelligence can enrich their incident response processes and how the right intelligence can make them more effective. As a former full time lead incident responder for...

Read More

Using Network and Threat Data Chaining to Discover Malicious Infrastructure and Deliver Context

Recently on his blog, computer-forensics researcher and Malcovery Security co-founder Gary Warner wrote about an increase in spam and a list of IPs heavily involved. Malformity Labs wrote a followup on data chaining, which involves linking hashes with the IPs. So are these hosts aberrations?...

Read More

Lookingglass Issues Special Alert Linking Major Cybercrime Organization to IT Infrastructure at Sochi

Investigation reveals connection to Russian Business Network, a known reseller of stolen identities. Special Alert: We at Lookingglass are seeing significant new criminal activity positioned in the Sochi region of Russia. This is a serious threat. For those traveling to the area, be wary of using...

Read More

2013: A Year that Will Dictate the Future of Cyber Security

The past year was all about unprecedented concerns about Internet privacy, nation state espionage and (of course) breaches. 2013 will be remembered as a monumental and potentially catalyzing year for cyber security and possibly for the Internet as we know it. It brought the dirty...

Read More