| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <56C1E334.4070004@bluefrostsecurity.de> Date: Mon, 15 Feb 2016 15:39:48 +0100 From: Blue Frost Security Research Lab <research@...efrostsecurity.de> To: fulldisclosure@...lists.org Subject: [FD] BFS-SA-2016-001: FireEye Detection Evasion and Whitelisting of Arbitrary Malware ________________________________________________________________________________ Vendor: FireEye, https://www.fireeye.com Affected Product: FireEye FX, AX, NX, EX Affected Version: FX < 7.5.1, AX < 7.7.0, NX < 7.6.1, EX < 7.6.2 Severity: High Title: Detection Evasion and Whitelisting of Arbitrary Malware ________________________________________________________________________________ An analysis engine evasion was identified which allows an attacker to completely bypass FireEye's virtualization-based dynamic analysis on Windows and add arbitrary binaries to the internal white list of binaries for which the analysis will be skipped until the white list entry is wiped after a day. This effectively allows an attacker to simply whitelist a binary before using it in a targeted attack without fear of detection. FireEye has released software updates to address the issue. The full advisory with technical details is available at the following link: https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-001/ ________________________________________________________________________________ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists