Blog
State of the market: Threat Intel in 2019
Lifting the veil The threat intelligence market is growing rapidly but there is still some haziness in organizations’ understanding of the segment. Many consider threat intelligence the answer to thwarting the increasingly complex and devastating cyberattacks that plague organizations and individuals, but few understand exactly what it means beyond...
Cyberthreat intelligence retail
The cost of doing business: cyberthreat intelligence for retail & e-commerce
The internet has changed the way that goods and services are bought and sold. The retail and e-commerce sector continues to undergo rapid transformation as consumer expectation increases. We demand high quality experiences, products and services, on desktop and on mobile. On the back end, analytic engines, third-party integrations...
Threat Exchange Network blog: August 2019
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feed for free by exporting...
Threat Exchange Network blog: July 2019
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feed for free by exporting...
research-blog
An analysis of a spam distribution botnet: the inner workings of Onliner Spambot
  Table of contents Introduction Modular Design Worker Module Onliner Custom XOR key generation algorithm Checker SMTP Module Mailer Module Conclusion IOCs   Introduction Successful cybercrime campaigns make use of different elements working together to achieve their common goal. In the case of Onliner, the spambot appears to be...
EuskalHack
Last week, Blueliv was invited to participate in the fourth edition of EuskalHack in San Sebastián. Geared towards sharing information, the event hosted presentations focused on new discoveries, personal projects and tools from different disciplines in cybersecurity. These included both red team and blue team activities, both sharing information...
Evolution of Malware and Threat Actors
The world of malware and cybercrime has evolved a great deal in the last decade. The following blog post tracks this evolution, expanding on intelligence accessible through Threat Compass. The more we understand about the motivations and TTPs of threat actors, the stronger defenses we can build against cybercrime....
research-blog
Old tricks still work
There are many well-known anti-VM / anti-sandbox tricks in targeted malware. However, most up-to-date sandboxes have fixed them, or they can be fixed easily by modifying the VM in which the malware sample will run. In this article we will examine a particular technique that exploits a design flaw...
Blueliv als Finalist bei den GIT Security Awards 2020 ausgezeichnet
***English below*** Blueliv wurde als Finalist bei den GIT Security Awards 2020 ausgezeichnet. Unsere Flaggschifflösung Threat Compass wurde in der Kategorie A „IT Security and Safety for Automation, Cyber Security“ nominiert. Eine Expertenjury aus Vertretern zahlreicher deutscher Fachverbände (BHE, TÜV, VDMA, ZVEI), Systemintegratoren und Endanwendern brachte unsere modulare Threat...
Threat Exchange Network blog: May 2019
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feed for free by exporting...
Data breach under GDPR: one year later
The European Union General Data Protection Regulation (GDPR) came into force on 25th May 2018. Just over a year later, European data protection regulators have reported nearly 90,000 data breach notifications so far, and notably these are only those which have been legally disclosed. Law firm DLA Piper recently suggested...
Shining a light on the darknet
A common visualization for the Internet is an iceberg. The indexed ‘surface’ web is less than 10% of what is visible, but 90% is non-indexed and known as the deep web. A small subset of the deep web includes hidden information and services: the dark web, or darknet. It’s...
Sweet Dream(s): An examination of instability in the darknet markets
These past few weeks in cyber underground news have seen the surprising hat trick of the passage of the self-imposed deadline for the closure of the notorious Dream Market, the law enforcement seizure of Valhalla Market, and the law enforcement takedown and arrests of admins associated with the Wall Street Market.  Many of the trends observed following...
industry-blog
Threat Exchange Network blog: April 2019
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feed for free by exporting...
Threat Actor activity: a quick recap
In our recent Threat Landscape Report we profiled several active threat actors which have made an impact over the past year. All of the threat actors in this article remain under close observation. Sharing this intelligence is part of our ongoing mission to collaborate with industry peers, enrich the...
research-blog
Where is Emotet? Latest geolocation data
Emotet is an old malware threat that continues to affect many users and companies around the world. Once a machine has been infected, a number of things can happen—but typically, new malware is deployed and credentials are stolen. Emotet’s business model is based on distribution groups – the stolen...
Fraud and cybercrime in Latin America: an evolving threat landscape
Internet penetration is rapidly increasing in Latin America. Mobile usage is commonplace, and more people own bank accounts than ever before which means online transactions are also on the rise. This is great news for innovative Latin American companies, and consequently, cybercriminals targeting them. With higher levels of growth...
Selling FormBook
Our home city Barcelona hosted BSides last week, where the information security community across Europe gathered discuss the current security landscape. Members of our Labs team were invited to present research into FormBook, one of the most notorious info-stealers and form-grabbers in recent years. The fight against cybercrime is...
Blueliv announces technical alliance with MrLooquer
We are excited to announce our latest technical alliance, following founders Fran Gomez and Rafa Sanchez’ presentation at this year’s RootedCon in Madrid. MrLooquer, a fellow Spanish cybersecurity company, provides valuable information to help organizations manage their risk accurately. Their technology discovers and analyses IPv4 and IPv6 assets covering...
industry-blog
Threat Exchange Network blog: March 2019
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by exporting these...
LogPoint partners with Blueliv in Central Europe
LogPoint, the next generation SIEM and Big Data Analytics company, and Blueliv have just announced their partnership for Central EMEA. Organizations will benefit from the advanced User and Entity behaviour analytics (UEBA) from the Danish SIEM expert as well as our threat intelligence data feeds. This provides clients with...
Taking stock: RSA Conference 2019
Last week’s RSA Conference in San Francisco was one of the busiest ever, drawing tens of thousands of information security professionals, law enforcement and academics from around the world. RSA is always a great barometer of how the cybersecurity market is evolving at a global level, and this year...
Overview and thoughts about Shamoon3 toolkit
Introduction On August 15, 2012, a computer attack left “out of the box” about 30,000 Windows systems of the Saudi Aramco oil company. The incident had a significant impact on businesses processes and production at the company, which took weeks to return to normal activity. The malware deployed in...
Annual Cyberthreat Landscape report shines spotlight on credential theft and expanding Latin America market
Today we launch our Annual Cyberthreat Landscape Report for 2018-19, providing insights into emerging and evolving cybersecurity trends. By sharing intelligence and collaborating with the industry, we are in a much better position to fight cybercrime this year. The report reveals that botnet stolen credentials increased by a staggering fifty...
Threat intelligence for healthcare: how to get the most out of your investment
Healthcare C-suite leaders are facing challenging times. This is the most breached sector globally, accounting for 24% of all cases investigated by Verizon. Valuable patient data, mission critical but exposed digital endpoints and strict compliance requirements all add to the cybersecurity challenge. This is where threat intelligence (TI) can...
Sales of AZORult grind to an AZOR-halt
Author of Popular Credential Stealer Announces End of Sales Key Points In late December, the author of the AZORult stealer publicly stated that he would be ending sales of the malware. AZORult has been advertised on Russian-language cybercrime forums since at least 2016 and has become fairly popular among...
Real-time threat detection and why timing is the key to threat intelligence
You wouldn’t sit idle under siege. However, when it comes to confronting real-time cyberthreats, it is what some businesses are doing – oftentimes without even realizing it. Organizations are increasingly finding themselves targets of cybercrime, carried out by hacktivists, nation states, or financially motivated criminals. In fact, on average...
Blueliv partners with e92plus, the UK channel’s leading cybersecurity value-added distributor
We are delighted to announce that we have partnered with e92plus as a key distributor to help grow our channel business in the UK. e92plus is the leading cybersecurity VAD for the UK channel, whose extensive cybersecurity knowledge and experience will enable VARs and MSSPs to benefit from using our solutions...
Threat Exchange Network blog: January 2019
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by...
financial sector
Effective threat intelligence for the financial sector
Financial sector CISOs and security teams face a tough challenge. They need to keep the organization  safe from the huge volume of indiscriminate threats that are unfortunately the price of doing business on the internet today. But they must also ensure they’re as resilient as possible to targeted, sophisticated...
Why threat intelligence help CISOs make better security decisions
In just a few short years, the discipline of threat intelligence (TI) has grown from something on the cutting edge of cybersecurity, to a must-have feature for any CISO serious about effectively managing online risk. Allowing organizations to finally move from a reactive to a proactive posture, it can...
Top 10 Criteria for Buying the Best Threat Intelligence Solutions
CISOs are busy people. The chances are you’re balancing a variety of tasks: from communication with the board, to managing incident response, organization-wide training strategies, and a growing regulatory compliance burden driven by the GDPR and EU NIS Directive. This leaves little time to spend on due diligence to...
What does threat mitigation mean in practice?
Cyber threats have reached epidemic proportions. In the UK for example, nearly half (43%) of all businesses polled by the government in 2018 said they’d suffered a security breach or attack in the previous 12 months — and the real figure could be much higher. One vendor said it...
Threat intelligence tools your cybersecurity team needs
Threat intelligence (TI) is a vital capability for any IT security department. If used effectively, it can offer CISOs the ability to take security from a reactive to a proactive posture, enabling them to better manage cyber risk and support the business-wide digital transformation agenda. But the major caveat...
How to choose the right Threat Intelligence for your organization
Today’s CISOs face an unprecedented range of pressures. They are tasked with creating the secure foundation on which the success of boardroom-led digital transformation efforts rest. They must manage a growing volume and variety of risks across networks, applications, clouds, endpoints, servers and supply chains. And they must do...
Threat Exchange Network blog: November 2018
Our community is growing daily – become a member for free and contribute to the network. The fight against cybercrime is a collaborative effort. Here you’ll find some of the top posts from our Threat Exchange Network over the past month. Join for free today – in addition to...
corporate-blueliv
Changing the channel: some significant updates for our strategic partners
New team members, new wins and partner portal upgrades to deliver better services The past year, we have been making numerous improvements to our Strategic Partnership Program, to help Distributors, MSSPs and VARs sell our modular threat intelligence solutions to customers. In January, the relaunch of our multi-market program...
Blueliv receives double honors at Computing Security Excellence Awards
We have been recognized for industry leadership and promoting new collaborative models in Enterprise Security and Enterprise Threat Detection categories We are thrilled to announce today two significant award wins at the Computing.co.uk Security Excellence Awards: the Enterprise Security and Enterprise Threat Detection categories for 2018. The independent panel...
Threat intelligence
What is Threat Intelligence and why is it important?
Index Introduction What threat intelligence isn’t ‘Data’ ‘Information’ What threat intelligence is? Gathering Processing and actionable delivery Integration, visualization and dissemination Categories of threat intelligence Tactical Operational Strategic When to use threat intelligence Before an attack During an attack After an attack The benefits of real-time, dynamic threat intelligence...
research-blog
CryptoAPI in Malware
For a considerable period, cryptography algorithms with varying levels of complexity have been detected in most malware families. Many have different purposes, from decrypting configuartions carried by the malware or downloaded from a server, to encrypting communications with C2s, to encrypting user files in the case of ransomware, and...
Managing cyber-risk: Cyberthreat intelligence and the Insurance sector
Organizations in all sectors face increasingly virulent and sophisticated cyberthreats on a weekly, if not daily basis. The insurance sector is particularly at risk.  From organized criminal groups seeking PII (personally identifiable information), financial account data and anything else that can be monetized, to hacktivists trying disrupt the day-to-day...
North American credential theft industry records substantial quarterly increase, against declines in Europe and Asia
141% increase in compromised credentials detected in North America during Blueliv quarterly analysis Fewer compromised European and Asian credentials detected over same period (22% and 36% decreases respectively) LokiPWS malware family distribution continues to increase faster than Pony this quarter Our latest quarterly credential theft analysis follows the initial...
corporate-blueliv
Blueliv shortlisted for four of Computing’s Security Excellence Awards
Following our recent recognition as Threat Intelligence Company of the Year 2018 by Cybersecurity Breakthrough, we are pleased to announce that we have been named Finalists in the following categories by Computing’s Security Excellence Awards: Security Vendor of the Year – SME Enterprise Security Award Enterprise Threat Detection Award...
research-blog
ARS Loader evolution, a new stealer (ZeroEvil) and AirNaine (TA545)
This blog post details the research performed by the Blueliv Labs team and presented by Jose Miguel Esparza at Virus Bulletin in Montreal. The research is related to ARS Loader and its evolution, the appearance of a new stealer based on ARS, ZeroEvil, and how both malware families have...
industry-blog
Threat Exchange Network blog: September 2018
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by...
Blueliv named ‘Threat Intelligence Company of the Year’ in Cybersecurity Breakthrough Awards 2018
We’re delighted to announced that today we have been named ‘Threat Intelligence Company of the Year 2018’ in the Cybersecurity Breakthrough Awards. Our innovations in cyber-risk management and the promotion of new collaborative models saw us win recognition from an independent panel of experts within the information security industry....
The right tools for the job: how to protect against credential theft
Humans are often described as the weakest link in the cybersecurity chain. This is certainly true to an extent: witness the fact that phishing enabled 93% of data breaches last year. However, it might be more accurate to describe credentials themselves as the biggest threat to organizations. Whether we’re...
Credentials
Why Proactive Cybersecurity Begins with Monitoring for Compromised Credentials
Most IT security teams today are under a huge amount of pressure. With dwindling human resources, they must tackle a growing volume and range of sophisticated threats, as well as support ambitious digital transformation projects which could make or break the fortunes of their organization. Faced with this uphill...
Detecting Compromised Credentials
Why Proactive Cybersecurity Begins with Monitoring for Compromised Credentials Most IT security teams today are under a huge amount of pressure. With dwindling human resources, they must tackle a growing volume and range of sophisticated threats, as well as support ambitious digital transformation projects which could make or break...
insurance credential theft
Insurance Identity theft: The weakest link
Anyone following the cybercrime landscape over the past two decades will be aware of one inalienable truth: online criminals will always go where there are people and money. Unfortunately, a side effect of the digital revolution has meant there are more online users and resultingly greater access to highly...
Banking on Threat Intelligence: The Impact of Credential Theft on Financial Services
A couple of years ago cyber-thieves managed to compromise the accounts of thousands of Tesco Bank customers in the UK, stealing £2.5m in the process. The attack was labelled “unprecedented” at the time. But while major incidents like this are few and far between, attackers are certainly turning the...
Stopping Password Theft: The Value of Proactive Threat Intelligence
Password Theft and passwords represent the “keys to the kingdom” in our modern, digital-centric world. They protect our personal and corporate email, our social networking accounts, and access to our most sensitive financial and healthcare data. At a business level, they’re also still widely used to protect enterprise accounts,...
Identity theft: mitigating risk for the enterprise
Today’s CIOs and CISOs have a problem. On the one hand they’re under increasing pressure to support digital transformation efforts designed to drive business growth and agility. But in moving to new technology platforms they inevitably also expose the organization to increased cyber risk. One of the most damaging...
Threat Exchange Network blog: July 2018
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feeds for free by exporting these...
Credential theft: the business impact of stolen credentials
Cybercriminals are stealing credentials using a wide range of techniques, tactics and procedures. The compromised data has a variety of uses and enables attackers to breach organizations and steal sensitive information. In fact, all it takes is a single good credential to gain access to an organization’s infrastructure and...
European credential theft industry booming as US market sees decline
39% increase in compromised credentials detected in Europe and Russia in 2018 Europe-only credential theft success at 62% growth rate Europe and Russia home to half of credential theft victims worldwide (49%) LokiPWS malware family distribution increases over 300% since start of 2017 Today we announced our new report...
Threat Exchange Network blog: June 2018
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feeds for free by exporting these...
Combatting password re-use
A recent article on The Register discussed an academic paper proposing that high-profile websites cooperate to stop users re-using passwords. If sites like Twitter and Facebook share users’ credentials, it suggests, they can then work together to make sure users don’t use the same password across different sites. The...
industry-blog
Threat Exchange Network blog: April 2018
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by...
Introducing Threat Context: our newest deep defense tool for richer investigations
Today we release a brand new module to help cybersecurity teams improve their productivity. Threat Context provides contextualized, qualified threat indicator information, enhancing incident triage, post-incident forensics and red teaming activities. SOC, Incident Response and Threat Intelligence teams are plagued by information overload, making it difficult to prioritize threats...
Blueliv RSA 2018
Recap: Blueliv at RSA Conference 2018
Last week, RSA Conference 2018 pulled 45,000 attendees from all over the world to San Francisco’s Moscone Centre. The week was packed with keynotes from tech luminaries, networking events and sessions discussing the latest themes, threats and solutions from the world of cybersecurity. RSA is always a great barometer...
research-blog
Drupalgeddon2 (SA-CORE-2018-002 / CVE-2018-7600) – an analysis of payloads observed in the wild 
A few weeks ago a highly critical Drupal vulnerability dubbed as Drupalgeddon2 (SA-CORE-2018-002 / CVE-2018-7600) was discovered and patched by Drupal developers. This security problem permits remote code execution (RCE) without user authentication and affects the Drupal core of versions 7, 8 and the unmaintained 6 too. Aside from...
industry-blog
Threat Exchange Network blog: March 2018
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by...
industry-blog
Blueliv Annual Cyberthreat Report advises increased intelligence sharing and cross-industry collaboration
Malware advances no longer focused on ‘traditional’ enterprise targets as cybercriminals expand their scope Today we release our Annual Cyberthreat Report, compiling actionable intelligence from Threat Compass with expert insight from our analyst team. We conclude that a higher level of collaboration and intelligence-sharing between industries is ever-more crucial...
industry-blog
Threat Exchange Network blog: February 2018
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by...
corporate-blueliv
Blueliv secures €4 million Series A funding, strengthens leadership team to accelerate global expansion
Vento’s investment boost accompanied by senior hire and growth into new Barcelona headquarters 14 February 2018 – Barcelona, Spain – Blueliv, Europe’s leading provider of enterprise-class cyberthreat intelligence solutions, today announced it has raised €4 million in Series A funding, made a senior appointment and relocated its Barcelona headquarters...
industry-blog
Threat Exchange Network blog: January 2018
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by...
corporate-blueliv
Blueliv Partner Program opens up our modular cyberthreat intelligence tools to the channel
Multi-market Strategic Partnership Program is designed to drive higher margins and accelerate partner revenue and growth Today we launch our Strategic Partnership Program, featuring deal registration incentives, dedicated sales and marketing support, and flexible engagement so partners can develop a model to suit their business. The Strategic Partnership Program...
GDPR-Accelerate-your-reaction-time
GDPR: Accelerate your reaction time, reduce your penalty
New whitepaper shows how threat intelligence can help mitigate the impact of GDPR on your business The new European Union General Data Protection Regulation (GDPR) is coming into force soon, and personal data breaches will be among the most seriously penalized issues a company can face. In fact, an organization in breach of GDPR...
artificial-intelligence
Research from Blueliv honored at Artificial Intelligence & Machine Learning conference
Blueliv recently participated in the 20th International Conference of the Catalan Association for Artificial Intelligence (Congrés Català en Intel·ligència Artificial or CCIA), whose objective is to foster discussion among the local Artificial Intelligence & Machine Learning research community. Blueliv’s Daniel Gibert presented a poster of his collaborative work on...
research-blog
Making the headlines: Bad Rabbit and Reaper malware
Though we process thousands of malware samples per day, very few of them attract the attention of the mainstream media in the way that Bad Rabbit and Reaper have recently. Here’s a quick overview, their potential impact on business and some suggested mitigation techniques to help you and your...
research-blog
TrickBot banking trojan using EFLAGS as an anti-hook technique
In one of our analysis of the TrickBot banking trojan, we found an interesting anti-sandbox that catches (almost) all user-mode (ring3) sandboxes, and we would like to share it with you. hash: 2ebeef906142f328168e7e62e8be7fbaee48e3521853d76ea778005ada6e938a The sample does something like this: lea eax, ; 1. prepare buffer for GetSystemTime push...
sonic-drive-in-credit-card-theft-detection-use-case
Sonic Drive-In | Credit Card Theft Detection Use Case
Photo courtesy Sonic Franchises On September 26, 2017, Sonic the U.S. fast-food chain based in Oklahoma City, OK, with about 3,600 locations across 45 states, acknowledged that their payment processor detected some unusual activity. “The first hints of a breach at the Oklahoma City-based fast-food chain came last...
Avoid-being-the-next-Equifax
Data Breach | Avoid being the next Equifax
Image Courtesy CNN Money On 29 July 2017, Equifax, one of the big-three credit reporting companies, announced the discovery of a data breach exposing an estimated 143M Americans. Unauthorized access took place between mid-May through July 2017. One source has called this a category-5 event.   Details of the...
security-posture
4 Strategies to bolster your 2017 security posture
Is your business prepared for a cyber threat? Here are some considerations to help you understand the important dynamics of your security posture strategies: End users are the number one security risk in any organization Your security strategy needs to be adaptable to a changing threat landscape BYOD, 3rd-party...
avoid-toxic-rogue-mobile-apps
Threat intelligence to help you avoid toxic rogue mobile apps
Image Courtesy BBC News How did my dad’s Uber account get hacked? Sometime around July 6, 2017, ABC News Brisbane reporter Josh Bavas, received 2 a.m. notification that someone had just accessed his Uber account in Los Angeles and shortly after, someone in Moscow. (He was in Australia.) He...
brand-abuse
10 things you need to know about brand abuse and how to stay alerted to them
Brand abuse is a big problem, and it’s getting bigger. Between 2010-2014, the EU, US, and Japanese customs authorities seized and estimated €467.5M EU / $953.2M US / ¥100M JA in counterfeited products from China alone. The next 4 countries–Hong Kong, Turkey, Greece, and Panama–accounted for another third. Brand...
Man-in-the-browser
How banks can protect customers from “Man in the browser attacks”
Criminal groups use a wide range of methods to compromise users and siphon its bank accounts, for this reason, when a user’s computer is infected by a malware, depending on its main goal and its capabilities, it could use multiple methods to obtain sensitive information, such as changing the...
Targeted-malware-detection
Targeted Malware Detection
Today’s cyber criminal wants one thing. He wants to get his malware into your IT network because once he’s in, he can go to work–remotely–achieving the myriad of other criminal activities he and his accomplices have in mind. Your best defense against targeted malware is to thwart the criminal...
leaked-data
Avoid the cost and headache of leaked data (here’s how)
“Leaked data falls into 4 types,” says Peter Gordon from SANS Institute: confidential information, intellectual property, customer data and health records. Data leakage, however, is not limited to deliberate efforts of cyber espionage. In fact, a surprising amount of it tends to be the result of human error–well into...
CISO-360-Congress
Successful CISO 360 Congress sponsored by Blueliv
Last week, Pulse Conferences hosted the CISO 360 Congress at the Grand Marina hotel in Barcelona; an incomparable frame by the Mediterranean Sea where more than 80 CISOs gathered to discuss the most trendy and relevant cyber security topics. The event went on for 3 days and it gave...
colors-of-cybersquatting
The many colors of cybersquatting – Do not underestimate them
Blueliv Guest Post | Jean-Jacques Dahan, Managing Director and Expert Consultant for Online Brand Security & Global Domain Strategy at Zeusmark. Cybersquatting is a constant challenge for a company. It is a broad concept involving many aspects of risk, speculation, and fraud. It should not be underestimated as it provides a...
ruthless-cybersquatters
Protect your business against ruthless cybersquatters
Also this week: Blueliv is pleased to announce a featured post on the subject of Cybersquatting from Jean-Jacques Dahan–Managing Director and Expert Consultant for Online Brand Security & Global Domain Strategy, Zeusmark. This article continues the discussion begun with the Phishing module article. Now, the focus will be on...
Petya-ransomware-2
Petya Ransomware cyber attack is spreading across the globe – Part 2
Following our first blog providing an early analysis about Petya, we are sharing further findings of the malware analysis that we have performed. We divided this post into the three areas we have briefly analyzed after the Petya attack: the propagation techniques of the malware, the encryption techniques used,...
Petya-ransomware-1
Petya Ransomware cyber attack is spreading across the globe – Part 1
As you might know, Petya Ransomware is currently devastating Airlines, Banks & Utilities and many other businesses across the globe. Denmark, France, Spain, Ukraine, and the USA are already impacted and many others might be too in the coming hours. So far, it seems that the sample is being...
phishing
Business threat intelligence | Win the fight against phishing attacks
Blueliv has one module that handles two of the main cyber threats targeted at businesses–Phishing and Cybersquatting. This module plugs into our threat monitoring Enterprise Platform Solution. For completeness, we’ll divide these threats into separate articles. First, it’s important to understand the inherent nature of these attacks. Criminals who...
Infosec
Blueliv at Infosecurity Europe 2017
This year, we had the opportunity to exhibit in this year’s edition of Infosecurity Europe (Infosec) in London, Europe’s largest and most comprehensive Information Security event, which welcomed more than 13,500 visitors including industry’s thought leaders and experts.   Threat Intelligence high in the Agenda The 22nd edition took...
threat-exchange
Blueliv Threat Exchange Network | A community of early cyber responders
Cybercrime has become a socialized industry, and as such criminals employ community knowledge and resources found on the dark web and deep web to intensify efforts. In 2016, Europol identified some startling trends that demonstrate how sophisticated cyber criminals have become. Here are some top specialties and readily available...
MRTI-Feed
Cyber Threat Intelligence Feeds | Secure your network before an attack
Which malicious malware attack does your boss need you to block today? Blueliv Cyber Threat Intelligence Feeds provide security information that’s granular, industry specific and on time. Experts from respected think tanks like Gartner and RSA agree. Knowledge-based information and targeted action are having a profoundly positive effect on...
honeypots-wannacry
What our honeypots taught us about Wannacry ransomware
WannaCry has been on the lips, and especially in the concerns of everyone these last days. As we have addressed in recent posts, Friday, 12th May, marked the beginning of a massive global campaign to spread the WannaCry ransomware (a.k.a. WCry, WannaCrypt, WCrypt, WannaCrypt0r…). The ransomware spreads through a...
wannacrypt-analysis2
WannaCrypt Malware Analysis
Last Friday, 12th May, a worm targeting outdated Windows machines was detected. The worm in question used leaked NSA exploits to propagate and dropped a variant of a ransomware called WannaCrypt. This post will try to give you an insight into the infection process, as well as the spreading...
wannacry
Wannacry Ransomware used to spread global cyber attacks
A global ransomware attack began impacting companies and hospitals across the United States, Europe, and Asia early Friday morning. Companies in more than 70 countries have reported incidents as of Friday afternoon. Computers all over the world are being locked down by a ransomware called Wannacry/Wanna/Wcry. The British government...
wannacry2
El ransomware ataca contundentemente el IBEX-35
Este viernes ha saltado la noticia de que el ransomware “WannaCry” se ha colado en los sistemas informáticos de algunas de las empresas del IBEX-35 aprovechando una vulnerabilidad de los sistemas Windows. El Gobierno británico por su parte, ha anunciado que un ataque mediante virus bitcoin ha afectado a...
credit-card-theft1
The real cost of credit card theft and how to protect your assets
Sometime in mid-February 2017, anti-fraud teams from multiple financial institutions contacted KrebsOnSecurity for help tracing the source of a credit card fraud happening in high-end restaurants around the U.S. Investigations revealed a vast majority of patrons with compromised cards dined in locations run by Select Restaurants, Inc., a management...
botnets
Peeling back the layers surrounding zombie computer botnets
What is a Botnet? To understand a botnet, you first must begin with a bot. A bot is an automated malware program or roBOT that takes control of a computerized device. That single, infected computer, or connected device, joins a larger roBOT NETwork–or BOTNET. Once hijacked, these devices transform...
corporate-blueliv
Blueliv en Securmática: La ciberseguridad aterriza en la alta dirección
Una vez más, Blueliv participará y patrocinará el congreso global de ciberseguridad, seguridad de la información y privacidad, Securmática. El congreso se llevará a cabo del 25 al 27 de abril en Madrid, y este año tendrá el objetivo de brindar una visión actualizada de cómo se está transformando...
Deep-dive-into-the-dark-web
What is the Dark Web?
Deep dive into the Dark Web The Dark Web a part of the World Wide Web made up of a variety of anonymous networks, untraceable online activity and non-referenced URLs and domains. It is only through software that enables users to browse these networks anonymously. The most common network...
315-platform-release
Platform Release 3.15: detect cybersquatting threats faster
Our latest platform release (3.15) features an amazing update in the Phishing & Cybersquatting module, giving you the ability to detect a wider variety of cybersquatting threats in a more efficient manner, making your life easier. Cybersquatting cases hit record level Cybersquatting is when a website domain is registered...
Rooted-con
Blueliv sponsors RootedCON 2017
  This year we once again sponsored RootedCON, Madrid’s annual computer security conference. Our Professional Services team shared their highlights in this blog post. Security professionals from all over the world attended to represent some of the most influential organizations in the cyber security sector. And it wasn’t only...
cyber-threat-intel-platform
Try the Blueliv Cyber Threat Intelligence Platform for free
  Do you want to improve your external threat visibility? The Blueliv Cyber Threat Intelligence Platform 14-day free trial is now available. During your trial Blueliv will look for compromised information belonging to your company (based on the domain of the email you used to register). Use the Blueliv...
rsa-usa-2017
RSA Conference USA 2017: one week on
Year after year, RSA continues to hold the title as the biggest annual IT security event. This year marked Blueliv’s third year of attendance at the renowned San Francisco conference to meet and connect with our industry peers. More exhibitors, more attendees The number of exhibitors increases each year...
313-platform-release
Platform release 3.13: enhanced data gathering
Our latest platform release (3.13) features three fantastic updates to increase customers’ cyber threat visibility and enable users to gather even more threat data than before. And of course, Blueliv’s Product Dev team have been busy implementing some user-interface enhancements. Here’s a little bit about what’s new. Brand mentions...
finance-sector-use-case
Cyber threat intel drives change in the finance sector
Our latest use case documents the implementation of targeted cyber threat intelligence to reduce the level of cyber risk challenging a major bank, and discusses common challenges relevant to financial institutions everywhere. Financial sector use case Industry: Financial Services Challenge: Inefficient management of multiple generic threat intelligence sources This...
privacy-aware
Data Privacy Day 2017 – be #privacyaware
Data has become the most valuable asset to brands big and small, but protecting it is increasingly difficult. It’s been estimated that there will be 30.7 billion connected devices by 2020. Personal data is the fuel that makes this cool new technology work. And with new technology, our attack...
rsa-conference-2017
Don’t miss Blueliv at RSA Conference USA 2017
DETECT AND REACT TO CYBER THREATS FASTER: advanced business threat search and monitoring “Most of the important things in the world have been accomplished by people who have kept on trying when there seemed to be no hope at all.” Dale Carnegie With the words of Dale Carnegie in...
isoc24
iSOC24 Morning Session: Cyber Threat Intelligence 24 Jan 2017
We’re pleased to share that we’ll be joining the agenda as a strategic vendor for iSOC24’s next ‘be in control’ morning session dedicated to Cyber Threat Intelligence in Culemborg, Netherlands. This event is aimed at organizations currently investigating this subject. The morning session will include iSOC24’s insights and experiences...
blueliv-proudest-moments-2016
2016 in review: Blueliv’s proudest moments
2016 has been an eventful year in every sense across the globe. Before we take a well-deserved break over the holidays and prepare ourselves for an even busier 2017, let’s take a look back at seven key milestones Blueliv has accomplished this year. We’d like to wish our customers...
corporate-blueliv
Why Vawtrak v2 could be the next major banking Trojan
Neira Jones, Non-Executive Director Cognosec, Partner Global Cyber Alliance and industry influencer shares her thoughts on the evolution of banking Trojans and digital transformation in the finance sector in our new white paper. Think more like a criminal… This came to my attention through the excellent report published by cyber...
computer-security-day-2016
Computer Security Day 2016: Make a date with our malware sandbox
Today marks Computer Security Day 2016. Our responsibility to ensure the security of our networks and connected devices is ‘always on’ in an age when we are heavily dependent on being online just to function normally. But, it’s always good to pause and remind ourselves about how important it...
corporate-blueliv
Blueliv Invites Soltra Edge Users to Join Free Intelligence Sharing Platform
Blueliv Threat Exchange Network reassured by recent acquisition of Soltra Edge in continued effort to encourage collaboration and intelligence sharing in cyber security industry. BARCELONA, Spain – Nov. 28, 2016 – PRLog — Blueliv, a leading provider of cyber threat intelligence, today broadcast the availability of the Blueliv Threat Exchange Network, a free intelligence...
corporate-blueliv
Blueliv in Gartner’s Hype Cycle for Infrastructure Protection 2016
In 2016, the threat level to enterprise IT continues to be at very high levels, with daily accounts in the press of large breaches and attacks. No single safeguard will protect your organization against all possible attacks, hence, difficult investment choices must be made to select the right mix...
industry-blog
Don’t end up in the dark this Black Friday
Don’t end up in the dark this Black Friday! Online sales in the US are predicted to increase by over 13% this Black Friday vs. 2015, surpassing $3billion. Is your IT infrastructure up to the challenge ?   Recently we’ve been blogging about the importance of a resilient network...
corporate-blueliv
Platform release 3.11: making customers’ lives easier
The Product Dev team here at Blueliv is all about delivering continuous improvement to create a top-notch user experience. The latest Blueliv Threat Intelligence Platform release 3.11 includes five key updates designed to make life a little easier for customers. Extra security has been built into two-factor authentication to...
Mirai_code_2
Mirai: the people’s botnet
Mirai-botnet, the infamous IoT botnet, has struck again, and this time it almost took down an entire country; Liberia. Mirai botnet is a botnet that attempts to infect Internet of Things (IoT) devices to perform DDoS attacks, and was recently used to perform the largest DDoS attack ever which...
ransomware
Ransomware – an up-to-date overview
Overview The Blueliv Threat Intel Research Labs team has recently analyzed a large amount of ransomware samples to obtain a global overview on the status quo of this malware family. We’re sharing our conclusions here. Think before you pay We’ve found that in some cases, ransomware encrypts your data...
NCSAM-2016-Building-resilience-in-critical-systems
NCSAM 2016: Building resilience in critical systems
Connectivity is critical nowadays, and we expect a highly reliable connection wherever we are, whatever we’re doing. Our dependency on being online forms a fundamental part of our global infrastructure; without the internet, electricity supply, transport and communication would quickly come to a standstill. Protecting our networks is therefore...
industry-blog
Some tricks look like treats: using Threat Intelligence to improve your cyber threat visibility
Social engineering techniques date back to classical mythology. Social engineering can take many different forms, yet the basic concept hasn’t evolved since the Ancient Greeks deployed the Trojan horse. And as cyber security professionals, Trojan is a term we reference nearly every day. So why, in 2016, do we...
industry-blog
Our continuously connected lives: What’s your ‘apptitude’?
Recent news headlines reported one of the largest DDOS (Distributed Denial of Service) attacks to date. DNS service provider Dyn suffered multiple network outages affecting popular sites including Twitter, Github and Etsy as a result of this attack, of which we know one source of traffic was the Mirai...
industry-blog
NCSAM 2016: Recognizing and combatting cybercrime
As we mark week three of National Cyber Security Awareness Month, we’re pausing to take stock of the many different forms of online crime. At Blueliv, we’re focused on fighting the bad guys who threaten the security and net worth of organizations across all industries. But we’re very familiar...
industry-blog
From the Break Room to the Board Room: creating a culture of cyber security in the workplace – a start-up’s perspective
This October, we’re supporting National Cyber Security Awareness Month as an official champion. NCSAM is celebrated every October and marks a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. No matter how many faces fill...
industry-blog
NCSAM 2016: The basic steps to online safety and security
Blueliv is proud to be supporting National Cyber Security Awareness Month 2016. NCSAM is celebrated every October and marks a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. This week the NCSAM champions have one...
ransomware
From Barcelona to London: Blueliv at RANT! Risk and Network Threat forum
This week Blueliv sponsored its first RANT forum event at The Counting House in London to share the findings from the recent technical investigation into banking Trojan Vawtrak v2. Ramon Vicens, VP of Threat Intelligence Research Labs, talked through the analysis and was met with lively debate from the...
310-platform-release
3.10 Platform Release: Faster and smarter incident management
We’re pleased to announce the latest release of the Blueliv Cyber Threat Intelligence Platform. Release 3.10 brings you a number of functional improvements and new automated features to improve the efficiency of your SOC team and simplify the task of analysing and responding to threats. Here are a few...
Vawtrak
Vawtrak v2: The next big banking Trojan
This month Blueliv Threat Intelligence Research Labs team has published an exclusive report revealing the most complete picture of Vawtrak v2 malware seen to date. Vawtrak is a serious threat to the finance sector and is predicted to be the next major banking Trojan. Chasing cybercrime: Network insights into...
corporate-blueliv
Gartner includes Blueliv in “Innovation Insight for MRTI” 2016 report
We’re pleased that Blueliv has been mentioned in the Gartner 2016 “Innovation Insight for Machine Readable Threat Intelligence (MRTI)” report as one of the: “Example Providers of Commercial Threat Intelligence Feeds You Can Acquire” and “Example Vendors That Help You Aggregate Threat Intelligence” The report, written by cyber security analysts Craig...
corporate-blueliv
Blueliv sponsors and attends CyberSecurity MeetUp, Helsinki
Blueliv was a proud sponsor of the recent CyberSecurity MeetUp held at Microsoft in Helsinki on 31 August 2016. Our very own Ramon Vicens, Research Labs VP, took part in the agenda to showcase the Blueliv Threat Exchange Network and share insight on innovation, social communities and sharing intelligence...
Vawtrak
Vawtrak banking Trojan: a threat to the banking ecosystem
Today marks the start of c0c0n International Cyber Security and Policing Conference 2016 where our Labs Research expert, Raashid Bhat, will be sharing insight into the threats posed by the Vawtrak Trojan, one of the most prevalent banking Trojans around today. It promises to be an unmissable session based...
industry-blog
Hacking group Shadow Brokers infiltrate NSA Equation Group
Militarization of cyberspace is no longer a novelty. Instances of governments using sophisticated zero-day malware against other nations’ organizations and industry have been seen before now. This week a previously unknown group calling themselves “Shadow Brokers” claimed to have infiltrated a server belonging to Equation Group, a hacking group...
threat-exchange-network
New Release of Blueliv Threat Exchange Network
Cyber-criminals are very well organised and typically operate as part of highly sophisticated and specialised criminal organizations. Needless to say, in terms of the skills and methods used they are often years ahead of the businesses and establishments they target. In response, companies are increasingly hiring cyber security specialists,...
Ransomware chronology
Ransomware – How to defend yourself against it
What is Ransomware? Ransomware is a type of malware that has lately been increasingly in use by the cyber criminals. In order to profit from the distribution of Ransomware, the bad guys have been targeting numerous businesses and large organizations around the world. In essence, the Ransomware malware is...
National-Cyber-Security-Awareness-Month-2016-Champion
Blueliv Becomes the “National Cyber Security Awareness Month 2016” Champion
We are happy to announce that Blueliv is supporting the National Cyber Security Awareness Month (NCSAM) 2016. NCSAM was created as a collaborative effort between government and industry to ensure all digital citizens have the resources needed to stay safer and more secure online while also protecting their personal...
309-platform-release
Version 3.9 Platform Release feat. NEWS
While you guys have been fine-tuning your cyber defence strategies and finding ways to further improve your overall security postures, we have been busy making improvements to our Threat Intelligence Management Platform. As always, our clients have been really helpful and awesome by providing us with valuable feedback, and...
Inside-Tinba-Infection-Stage-2
Inside Tinba Infection: Stage 2
This is a continuation of the first Tinba post, which is part of a series of posts on how Tinba gradually infects a system. Before we jump into analysis, let’s do a quick recap of the previous actions performed by Tinba and described in the STAGE 1 post: Prepares...
Cyber-Attacks-Targeting-SWIFT
Cyber Attacks Targeting SWIFT – Recap
SWIFT stands for Society for Worldwide Interbank Financial Telecommunication, and its purpose is to allow banks and financial institutions in general to communicate securely. It is used in the exchange of information between banks, such as transactions. In this post you will get a short summary of the incidents...
GoIgnite
Blueliv winner of Go Ignite, the scale up program led by four world class telcos
Go Ignite, an alliance between four telecoms, announced last week the five winners selected from its inaugural call for start-ups launched at Mobile World Congress 2016, which attracted over 142 applications from the global start-up community. The winners were selected from the following categories: cyber security, big data analytics,...
money-conf
MoneyConf 2016: Machine Learning, Big Data and Data Privacy
Blueliv was thrilled to participate for the first time in the latest edition of MoneyConf 2016, based in Madrid. The event offered us the possibility, to attend select panel sessions and participate to roundtables with Top-level financial decision makers and introduce our Cybersecurity solution. We also had the privilege...
Gartner-summit
The Gartner Security Summit Washington DC 2016
Blueliv had the pleasure of spending a couple of days with the wider Gartner community at Gartner’s annual security conference held in Washington DC. The event lasted three and a half days and covered a wide range of security topics. The purpose of this blog post is to cover...
money-conf
We will be at MoneyConf, where the world’s biggest banks and tech firms meet
Next week we will be exhibiting at MoneyConf, which is hitting Madrid on June 21 and June 22. MoneyConf focuses on the future of finance where the world-leading financial institutions will mix with the most promising tech startups, such as Blueliv. Leading financial institutions find themselves facing a rising...
Inside-Tinba-DGA-Infection-Stage-1
Inside Tinba-DGA Infection: Stage 1
Tinba DGA is a bank trojan that was first discovered in 2012. It is mainly distributed through malware spam emails or malvertising. Although not a new threat, Tinba is still one of the used trojans by criminals to steal online banking sensitive information. There are a number of papers on how...
infosecurity2016
Blueliv at Infosecurity Europe London
We are happy to announce that next week Blueliv will be attending the Infosecurity conference in London, which will welcome the industry’s leading thought-leaders, practitioners, policy-makers and analysts. The 21st edition of Infosecurity Europe, Europe’s largest and most comprehensive Information Security event, will see more companies exhibit than ever...
corporate-blueliv
Blueliv at Gartner Security and Risk Management Summit
Next month on 13th of June Blueliv will attend the Gartner Security & Risk Management Summit in Washington, D.C. Gartner Security and Risk Management Summit 2016 provides attendees with proven practices and strategies needed to maintain cost-effective security and risk programs to support digital business and drive enterprise success. The...
corporate-blueliv
Blueliv continues with a strong momentum
We are happy to share the news of an unprecedented momentum we are currently experiencing at Blueliv with you. Last year we were named Gartner Cool Vendor in Communications Service Provider Security, where we were selected as one of the most promising, valuable, and innovative companies that enable telecoms...
corporate-blueliv
Blueliv is selected as part of Momentum Partners Cyber Security Review Q1 2016
We are happy to announce that Blueliv has been included in the Momentum Partners Q1 2016 Cyber Security Market Review as one of the most interesting companies in the Threat Intelligence field. Momentum Partners has completed their selection from the 1,500+ cyber security companies the firm tracks globally. Input...
Adaptive Security Model
Possible approaches to adaptive security
Traditional approaches to integrating cyber threat intelligence into an adaptive security model have relied very heavily on utilizing open source threat intelligence feeds and integrating these into a SIEM. The thinking behind this may have well been that the crowd-sourced threat intelligence is just as good if not better...
Securmatica-2016-Recap
Securmatica 2016 Recap
Last week the 27th annual Spanish security congress Securmatica took place. The purpose of the summit was to analyze the key factors in the cyber security industry, to showcase cyber defence strategies of leading companies, and to highlight the benefits of the collaborative models to fight cyber-crime. Blueliv together...
corporate-blueliv
Fast and affordable threat intelligence for MSSP
Rapidly changing threat vectors are too overwhelming for most medium-sized and large businesses to take on alone. They lack qualified, dedicated cyber threat intelligence professionals, because these resources are scarce and costly. They typically rely on specialized MSSPs to establish an effective, strategic response to current cyber threats. With Blueliv...
threat-exchange-network
Here is the Blueliv Threat Exchange Network!
This week marks an important milestone for us here at Blueliv with the announcement of our Threat Exchange Network (beta version). A new release of our strong collaborative community is out to continue fight cyber crime together. Blueliv Threat Exchange Network is designed to share IoCs such as IPs, URLs...
Malware-grabbers-and-their-behavior
Malware grabbers and their behavior
Malware is made to serve very different kinds of purposes, which depend on the objective of the authors. Nowadays, there is a very large number of samples that exist and it is common to classify them into different categories based on their behavior. This post provides an overview of...
corporate-blueliv
Blueliv will be at Securmatica
As the previous years, Blueliv will be sponsoring the standout infosec event Securmatica. The security congress will take place from April 26th to 28th in Madrid with the title “¿Qué le está pasando a la ciberseguridad?” (What is happening in the cyber security landscape?).  This edition aims to analyze which are...
Cyber-Security-Trends-2016
Cyber Security Trends 2016: Prevention, defence and reaction are priorities
The complexity of cyber threats will keep on growing so that traditional security measures will be unable to reduce them. CISOs will be forced to rethink on how to operate in the cyberspace and to adapt resilience to this new situation. There will be new threats and highly sophisticated attacks...
corporate-blueliv
Blueliv at “The new security paradigm” Telefonica’s event in Paris
Next April 5th we will participate in the Telefonica’s event “The new security paradigm: innovation and proactivity”, which will take place in Paris. The security landscape is constantly changing with new threats, and the products and solutions associated with preventing them, emerging all the time. Jordi Garasa, our VP Sales...
corporate-blueliv
Summary of the Security Conference RootedCON’16
As some of you might know, we’ve been sponsoring this year’s edition of the  cyber security RootedCON16 conference which took place in Madrid last week. This Spanish security conference is focused on showing innovative techniques and researches that can be of interest for security professionals and enthusiasts, and it lasts...
RSA-2016-Recap
RSA 2016 Recap!
Last week was an exciting week for all of us at Blueliv who were fortunate enough to attend the RSA 2016 Cyber Security Conference in San Francisco where we had a booth in the South Hall. The energy at the conference was amazing and people really seemed to love...
Antihooking-techniques-used-by-Andromeda-aim-to-defeat-Cuckoo-like-sandboxes
Antihooking techniques used by Andromeda aim to defeat Cuckoo-like sandboxes
Some sandboxes, for example, Cuckoo Sandbox, implement a technique known as hooking. The hooking of functions allows the programmer, user or analyst to intercept calls, messages or events passed between a program and its libraries. This is very useful when analyzing malware because it allows the reverse engineer to view...
corporate-blueliv
Blueliv supports Rooted CON 2016
Next week a new edition of the Rooted CON 2016 computer security conference will take place in Madrid, March 4 – 7 and we are proud to announce that we will sponsor the conference. The computer security conference Rooted CON born with the purpose of promoting the exchange of knowledge between members of...
corporate-blueliv
Video: Get started using our malware analysis sandbox today
A couple of weeks ago we launched a new community feature, our online malware analysis sandbox and now, it’s time to show you how it works and the varied functionalities it offers to our community users. At Blueliv we are focused on trying to make cyber intelligence available for...
corporate-blueliv
Meet Blueliv team at RSA, booth S738
The countdown begins for the most established IT security event in the world, RSA Conference. As a proud participant in RSA, we invite you to join us at booth #S738 South Hall in San Francisco, February 29 – March 4 where you’ll have the opportunity to see how our Targeted and Automated Threat Intelligence Solution...
research-blog
Tracking the footprints of PushDo Trojan
PushDo Trojan is a downloader trojan responsible for downloading its spam counterpart and other malicious Trojans. Since its beginning, it has evolved into many different versions and in this blog post, we will make a deeper analysis of it. The Packer PushDo Trojan often comes along with a packer, which...
corporate-blueliv
Visit Blueliv at RSA Conference, booth #S738
It’s that time of the year again – time for one of our favorite conferences, RSA! Last year was our first year at RSA and we are thrilled to be returning as a sponsor of the 2016 RSA Conference in San Francisco, California. From February 29th to the March 4th,...
Adaptive-Security-Architecture-to-protect-companies
Adaptive Security Architecture to protect companies from Advanced Attacks
Adaptive security will become one of the key phrases you will hear over and over again this year. As with many new concepts, the term itself can be hindered by the varied definitions people attach to it and the context within which it is used. In this instance I...
corporate-blueliv
The best of Blueliv’s blog: Most read posts of 2015
Catching up on some reading this week? We took a look back at Blueliv’s blog posts in 2015 to see which stories were most read by our audience and came up with 10 best Blueliv’s blog posts for the last year. It was a year full of huge stories...
corporate-blueliv
Merry Christmas and Happy New Year!
At the holiday season, our thoughts turn to those who have made Blueliv’s progress possible. It is in this spirit we would like to say: Thank you and best wishes for the Holiday Season and coming New Year! Blueliv team
industry-blog
No cON Name’15, Summary of the Spanish Premier Technical Security Conference
For those of you who haven’t heard about it, No cON Name is a Spanish security conference that takes place in Barcelona every year, where experts from all around Spain, and sometimes, around the world, gather to share their security-related findings. This year, we attended a number of cool keynotes...
corporate-blueliv
Revisiting Blueliv’s most popular news of the year
This year is just about over and it’s almost time to welcome 2016. We love the reflection that comes along with the close of a time period, and the hope that comes with looking ahead. We have been working on the fight against cyber crime during 2015 and next...
corporate-blueliv
Botconf’15, the botnet fighting conference
As you probably already know if you have been following us on twitter, Blueliv has attended the Botconf this year, the only international conference totally dedicated to the fight against botnets which took place at the Google office in Paris last week. After the success of the two first editions of...
corporate-blueliv
Blueliv and IPS announce partnership to deliver world-class threat intelligence solutions to the Canadian market
Today we announce that we have signed a strategic partnership with IPS, a leading Canadian provider of information security, compliance and managed security services. As a first-class provider of managed security solutions for the North American marketplace, Blueliv is excited to announce IPS as a partner, adding Proactive Threat...
corporate-blueliv
An open and agile malware analysis sandbox, the new community feature
Blueliv has always been focused on trying to make Cyber Intelligence available for everyone and believes that sharing intelligence is the key to get the upper hand in an ever-changing war on cyber crime. We began with the free Cyber Threat Intelligence API, so you could feed your systems...
corporate-blueliv
ThreatStream and Blueliv announce a partnership to offer unique cyber threat intelligence
Following our intelligence sharing philosophy, we are happy to announce our alliance with ThreatStream. From today, the Blueliv Threat Intelligence Feed will be part of the ThreatStream Alliance of Preferred Partners (APP) store, allowing its users to have access to unique intelligence about verified online crime servers conducting malicious...
Blueliv-Releases-Q3-2015-Global-Cyber-Threat-Report
Blueliv Releases Q3 2015 Global Cyber Threat Report
  Between July and September 2015 Blueliv detected and analyzed 5.5 million stolen credentials and credit cards, 300,000 targeted malware samples, and 500,000 crime servers through its cyber threat intelligence platform. Now, we want to share the analysis of this data with you in our Blueliv Global Cyber Threat Report. THEFT...
Revisiting-the-latest-version-of-Andromeda-Gamarue-Malware1
Revisiting the latest version of Andromeda/Gamarue Malware
Andromeda Malware aka Gamarue Malware has been prevalent since it came into limelight a couple of years ago. Also, the author keeps it well updated ever since. With respect to its earlier avatars, it has gone through several changes from anti-analysis to a change in protocol format. Some excellent write-ups...
corporate-blueliv
Secure Group and Blueliv announce strategic partnership to deliver Security Intelligence in Italy
We continue expanding globally and today, we are happy to inform you that we have signed a strategic partnership with Secure Group, the Security Division of Yotta Tecnologie and the leading Italian Managed Security Services Provider. With more than 15 years in the market, Secure Group offers their customers...
Dridex-reloaded
Dridex reloaded?
Dridex has been the scourge of banks regarding bank data and credential theft as well as fraud in the last 12 months. Cyber criminals have been improving the network following the special cases and problems they have faced depending on the financial institutions they have attacked. They have also...
corporate-blueliv
Blueliv supports the 2015 National Cyber Security Awareness Month
October 1 marked the start of the 12th annual 2015 National Cyber Security Awareness Month (NCSAM), led by the National Cyber Security Alliance (NCSA), and we are happy to announce that Blueliv is supporting it. As an official champion, we recognize our commitment to cybersecurity and online safety. Celebrated every October, National...
corporate-blueliv
Blueliv supports the 2015 National Cyber Security Awareness Month
Blueliv has developed an input plugin for Logstash that, with the help of the ELK stack, provides real-time, actionable cyber threat intelligence to help organisations understand the scale of cyber threats currently aligned against them.  Why the ELK stack? Most companies that are defending themselves against these attacks use some...
industry-blog
Collaborative Information Exchange Models to Fight Cyber Threats
The fight against cybercrime should take on a new direction. It should utilize the collaborative models of social media also referred to as Web 2.0 technologies that allow for the socialization of the fight against cyber threats through a community or group. This is how we can overcome the...
October-events
October events
Experts from Blueliv are going to participate in a range of events in October. We want to share them with you, as they might be of your interest, that’s why we invite you to find out about them bellow. Cyber Security 2015 “Act Differently”, 3-4 October, Stresa, Italy. Blueliv...
Introduction-to-honeypots
Introduction to honeypots
As most of you already know, honeypots are hosts that act as a bait, exposing services on the internet in order to lure attackers. Below is a honeypots introduction. Using honeypots, security researchers can: Monitor the attackers’ activity on the internet. Discover possible vulnerable services being exploited by an...
corporate-blueliv
Blueliv, speaker at the next Barcelona Elastic Meetup
We are really happy to announce that Blueliv will participate in the next Barcelona Elastic Meetup, which will take place on October 7th at Itnig. There, João Alves, Software Engineer at Blueliv, will give a presentation. Here  is an abstract: Every day thousands of companies worldwide are affected by...
corporate-blueliv
La socialización de la lucha contra las ciberamenazas
La revista de ciberseguridad SIC ha publicado en su número de septiembre el artículo escrito por Daniel Solís, CEO de Blueliv, La socialización de la lucha contra las ciberamenazas. La lucha contra el cibercrimen debe tomar una nueva dirección en la que modelos colaborativos 2.0 permitan socializar la lucha contra las ciberamenazas mediante una comunidad...
corporate-blueliv
Splunk App for Blueliv tutorial
As you may already know, the Splunk® App for Blueliv is available for users to be able to access the Blueliv’s Cyber Threat Information Intelligence Feed through Splunk console. Below you will find a Splunk App Blueliv tutorial to help you set it up and use it effectively. The...
Botnets-and-C&C-Trial
Botnets and C&C Trial: Detect Infections in your Computer and Retrieve Compromised Credentials
Botnets and other malicious software attacks that compromise corporate PCs are increasing at an alarming rate and growing in sophistication. In the first half of the year, Blueliv detected and analyzed more than 10 million stolen credentials and credit cards and is now tracking more than 220,000 live crime...
corporate-blueliv
September events
August is getting to its end and it’s time to think of the coming school year, which is around the corner full of new projects. At Blueliv we are more than ready for the coming months and today we would like to inform you about the cyber security events taking...
industry-blog
Want to fight cyber threats? Start collaborating
It is universally known that no one, be it an individual or a company, can hope to find and neutralize every threat that can be found out in the wild. In cyber crime there is a tendency towards industrialization. You can find forums and marketplaces where services (such as...
Blueliv-Releases-Q2-2015-Global-Cyber-Threat-Report
Blueliv Releases Q2 2015 Global Cyber Threat Report
Through its cyber threat intelligence platform Blueliv detected and analyzed 5 million stolen credentials and credit cards, 200,000 targeted malware samples, and 500,000 crime servers between April and June 2015. THEFT OF CREDIT AND DEBIT CARD INFORMATION In the second quarter of 2015, the US has continued to be the...
research-blog
Blueliv discovers the Alina variant – Joker
Joker malware is a Point of Sale malware that was developed using, as a baseline, the Alina POS source code. After tracking it for some weeks, we’ve realized that behind the malware there is a dedicated effort towards developing and improving the sample. We have got our hands on...
corporate-blueliv
Are your IPs infected? Check it now!
We are excited to introduce to you a new IP infection detection tool on our community: you can now look up an IP and see if it belongs to crime servers reported on our Cyber Threat Intelligence platform. Further information such as the domain, the country where this IP...
corporate-blueliv
Cyber Threat Data Feed, ultra fresh intelligence at your fingertips
We are pleased to announce that we have launched the Cyber Threat Intelligence Data Feed which will allow any organization to track the threats that are aligned against it in real-time and to quantify and qualify what attack vectors are being used by malicious attackers. Cyber Threats have become the most common...
corporate-blueliv
Empowering your ELK stack with Blueliv plugin
We have just released a new application for ELK stack. The ELK stack contains Elasticsearch, Logstash, and Kibana. Although they have all been built to work exceptionally well together, each one is a separate open source project that is driven by Elastic. The role of each of these technologies is divided as...
Introduction-to-Android-Malware
Introduction to Android Malware
Hello everyone! As some of you already know, mobile threats are on the rise. Every day there are more and more mobile devices, which translates in more targets for the malware industry. But, as we always say, the best weapon against malware is knowledge. For this reason, we bring...
corporate-blueliv
We will paticipate at the Innovation in cyber security applied to the protection of digital identity summer course
Next week we will participate in the Innovation in cyber security applied to the protection of digital identity summer course. The course, which is organized by the Rey Juan Carlos University, will take place from July 6th to 8th in Aranjuez. There will be a space dedicated to startups and...
corporate-blueliv
We keep growing and internationalizing!
Some months ago we told you we moved into a bigger new office in Barcelona. Today we are glad to let you know we have opened two new international offices to be more accessible to our worldwide clients and increase the internationalization of the company: London and San Francisco....
research-blog
Webinar. Chasing the Cyber Crime: network insights of Dyre and Dridex Trojan Bankers.
We would like to invite you to the Chasing the Cyber Crime: network insights of Dyre and Dridex Trojan Bankers webinar on the 8th of July.  As you may already know, in the current landscape of Trojan Bankers, Dyre and Dridex are the most nefarious ones due to the amount of infections...
corporate-blueliv
We will be at BSides Lisbon 2015
Next week, July 3rd, we will be sponsoring BSides Lisbon 2015. The security conference will consist of two tracks with really interesting security talks.   We want to give you the opportunity to attend the conferences and that’s why we are offering 3 free tickets to the first three people that...
Why-is-Blueliv-Gartner-cool
Why is Blueliv Gartner “cool”?
Recently Blueliv has been designated a Cool Vendor in Communications Service Provider Security, 2015 and in this post I want to try and encapsulate what was it that made us “cool”. The Blueliv solution has a number of key features that will make it immediately apparent why Gartner has labelled...
research-blog
Introduction to Blueliv’s API, part1
Greetings everyone! Today we want to introduce you a little bit more to our API and show you all the amazing things you can do with the data. This post is the first of a series that we plan to write in order to make things easier for you...
corporate-blueliv
Python SDK to access our Cyber Threat Intelligence API, updated
We have just updated the Python SDK to access our API. Using our Python SDK allows you to take advantage of our cyber-threat intelligence data faster, requiring less coding than using it manually. Taking into account the feedback provided by our users, we decided to improve our Python SDK...
corporate-blueliv
Blueliv named a “Cool Vendor” by Gartner
We are proud to announce that Blueliv has been included in the list of “Cool Vendors” in the 2015 report titled, “Cool Vendors in Communications Service Provider Security, 2015” by Deborah Kish, Akshay K. Sharma, Craig Lawson at Gartner, Inc. This is the first year that Gartner has selected...
industry-blog
Threat Intelligence & RSA
Cyber Defense Magazine has just published the following article of Nahim Fazal, Head of International Business Development at Blueliv. RSA 2015 was very much the year of Threat Intelligence. That is the overwhelming sensation one is left with as the dust settles on the RSA conference for this year. Perhaps more...
research-blog
Performing automated Yara Q&A with Cuckoo
As it is well known, Cuckoo Sandbox is a malware analysis system which allows us to customize both processing and reporting stages. In this context, we can feed Cuckoo with Yara Rules based not only on the content of malware, but also on its behavior. One of the most prominent issues...
corporate-blueliv
Want different results? Quit doing the same. Interview with Daniel Solis, CEO & Founder
In one phrase, define Blueliv. We are the innovators, the paradigm-shifters. We’re a company dedicated to fighting cyber threats in ways no one has ever done before. With this approach, we’re able to view cyber threats and attacker characteristics from an unconventional perspective and successfully anticipate targets and potential outcomes....
Fighting-cyber-crime-by-using-Splunk
Fighting cyber crime by using Splunk
As we told you in the post about our free API, threat intelligence is the key factor in the fight against cyber crime and cyber threats, mostly because this intelligence helps you and your organization to prevent and mitigate attacks. But the issue usually is gathering this information. That’s...
Blueliv-Releases-Q1-2015-Global-Cyber-Threat-Report
Blueliv Releases Q1 2015 Global Cyber Threat Report
  Blueliv reveals startling scale of cybercrime, pinpoints geolocations most affected Dyre and Dridex, the most nefarious banking Trojans Blueliv releases its Cyber Threat Report, revealing detailed figures on criminal online activity in the first quarter of 2015. Through its cyber threat intelligence platform between January and March 2015, Blueliv...
corporate-blueliv
New Splunk App for Blueliv
Blueliv has just released a new application for Splunk®. Splunk is an event analyzer that collects data generated by any source and provides the user with tools and dashboards to analyze and correlate this data.  With this App, Splunk users will be able to access the Blueliv’s Cyber Threat...
corporate-blueliv
We are pleased to share our cyber space video with you!
We are pleased to announce that Blueliv’s video is ready for the cyber world to view. The video, based on a cyber space video game, explains how our targeted cyber threat solution can turn global threats into predictive and actionable intelligence. Thinking from new perspectives is what we do. We dig...
research-blog
Ciberamenazas emergentes. A qué nos enfrentamos y cómo lo combatimos
La revista de ciberseguridad SIC ha publicado en su número de abril el artículo escrito por Ramón Vicens, VP Threat Intelligence de Blueliv, y Víctor Acín, analista de Threat Intelligence de Blueliv, Ciberamenazas emergentes. A qué nos enfrentamos y cómo lo combatimos. En los últimos años las bandas del...
corporate-blueliv
Join Blueliv in the fight against cybercrime with our free API
From Blueliv we believe that sharing expertise and intelligence is the key to get the upper hand in an ever-changing war on cyber crime. But the issue, usually, is where to acquire this information. We think that fighting e-crime should be a possibility for everyone, and for that reason,...
Blueliv-Releases-Q1-2015-Global-Cyber-Threat-Report
Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers. (Report)
Trojan Bankers are a family of botnets that specialize in stealing information related to the financial sector and user data in order to sell it in underground marketplaces, some of them, also perform wire transfers using these credentials or by taking control of the infected computer. Due to the...
corporate-blueliv
Blueliv Cyber Threat Map
We are pleased to announce that we have just launched an interactive Cyber Threat Map which shows in real time the geolocation of cybercrime servers that are actively engaged in criminal activity such as credit card theft, credential theft or malware distribution. And anyone can access it via our...
Blueliv-will-be-at-Securmatica-next-week
Blueliv will be at Securmatica next week
As the previous years, Blueliv will be participating at Securmatica next week. The security congress will take place from April 21st to 23rd in Madrid and will focus on innovation and change, with the title Innovación y cambio: Manos a la obra (Innovation and change: Get down to work). In...
corporate-blueliv
Visit Blueliv at RSA booth #321
Stop by the Blueliv booth #321 at the annual RSA security conference to see how our Targeted Cyber Threat Intelligence Platform can turn global threats into predictive, actionable intelligence and help stop cyber threats against your organization. Join us at booth #321 South Hall, learn more about the latest discovered...
Main-PoS-infection-techniques
Main PoS infection techniques and how to avoid them
Stealing payment card data has become an everyday crime that yields quick monetary gains. The goal is to steal the data stored on the magnetic stripe of payment cards, clone the cards, and run charges on the accounts associated with them or even burn credit card track information into...
industry-blog
How could UBER accounts have been compromised?
Uber is an American company that develops and operates a mobile application that allows users to provide and employ transporting services for people. Motherboard reported last week that thousands of active Uber accounts are for sale in black markets located in the dark web. After investigating the issue, Uber...
industry-blog
How to avoid a Dridex infection?
In the recent days we have been seeing a lot of commotion around the botnet Dridex. This improved version of Dridex is proliferating thanks to an effective phishing campaign. Taking advantage of the proximity of the annual tax declaration, the organization behind this botnet is sending emails to unsuspecting...
corporate-blueliv
We will be at Sthack 2015
This Friday, March 27th, the security conference created in 2011 by the Ingesup Computer Security club Sthack will take place in Bordeaux. Blueliv will be there and Ramon Vicens, Threat Intelligence VP, and Victor Acin, Threat Intelligence Analyst, will offer the talk “Cyber Threats – The reality”, with the aim...
research-blog
The Equation Group: a new degree of sophistication in APT attacks
The Equation Group, what do we know so far? The topic of APT’s and state sponsored espionage has been back the news over the last few weeks. Based in the excellent and in-depth report of Kaspersky Labs “Equation Group: Questions and answers“, it seems that the level of sophistication...
corporate-blueliv
Blueliv will be at Rooted CON 2015
This week a new edition of the security conference Rooted CON will take place in Madrid, March 5 – 7. There, our CEO Daniel Solis will be participating at the RootedPANEL ¿Tiene que dar alguien el carnet de hacker? (Does somebody have to give the hacker license?), March 5th at 17:30....
We-will-be-at-4YFN-Mobile-World-Congress
We will be at 4YFN – Mobile World Congress
Over the course of four days, 2-5 March 2015, Mobile World Capital Barcelona will host the world’s greatest mobile event: Mobile World Congress.  We are proud to participate in the first Telefónica Open Future Showcase, which is part of 4YFN and will take place on Tuesday at 16.30 in...
corporate-blueliv
Tomorrow Blueliv will be at Detect & Defend
Tomorrow we will be participating in Detect and Defend 2015, a security congress organized by IT Cube that will take place in Fürstenfeldbruck, Germany. 200 attendants are expected and international security experts will offer their point of view on Cyber Security. Blueliv will also be there and Nahim Fazal,...
corporate-blueliv
Blueliv will be at RSA 2015
We are pleased to announce that Blueliv will be participating in the RSA Conference 2015. The conference will be hold in San Francisco April 20-24. The RSA conference is one of the most recognized IT security events worldwide. Roughly 25.000 people attend the conference every year to experience hundreds...
corporate-blueliv
We have moved to our new office in Barcelona!
After some days surrounded by boxes and other unimaginable items that we didn’t even know we had, at last we can inform that we have moved to our new office in Barcelona. Our team has grown in the last months and we were running out of space, so now...
corporate-blueliv
We are pleased to share our new website with you!
We are pleased to announce that our new website is live and ready for the world to view. With simplicity, ease of use, and accessibility in mind, we have lined our menus to give a quick access to the items you are looking for. Apart form the company information...
industry-blog
Actionable Approach to Fighting Cybercrime using Cyber Threat Intelligence
Cyber Defense Magazine has recently published the following article of Dennis Lee, Territory Manager North America at Blueliv. Organizations are finding themselves in a world where having defensive controls like a firewall, secure datacenter and stringent security policies is simply not enough. In 2014, we’ve seen companies like JP Morgan Chase, Sony...
industry-blog
Botconf 2014 – Day 3
This third and last day of this great experience started with an awesome speech from Hendrik Adrian and Dhia Mahjoub about Fast Flux Proxy Networks, which is a DNS technique used by botnets in which multiple ever-changing IPs are associated with a unique DNS name. These IPs are swapped...
industry-blog
Botconf 2014 – Day 2
Today it’s been a long day with many interesting speeches, starting with a technical workshop on how to debug rootkits with windbg, and ending with a great research work, done by Tom Ueltschi, on ponmocup malware and Zuponcic infection Kit. Meanwhile, during the day we’ve seen a variety of...
industry-blog
Botconf 2014 – Day 1
Lot of things to talk about in just one day at Botconf conference in Nancy, France. Great talks and amazing people, let’s do a short summary of some of them. The conference started with a very interesting presentation from National Crime Agency (NCA) about Botnet takedowns, in which the...
research-blog
Blueliv Cyber Threat Intelligence Report. Q3 2014
Here you are the main conclusions of the just analyzed cyber threats that have been apparent on a global level during the third quarter of 2014, comparing them with the second quarter of the year. Once again, the main point is that cyber threats continue to be increasingly more frequent...
corporate-blueliv
VirusTotal’s Alliance with Blueliv Helps the Community to Improve Cyber Threat Protection
VirusTotal has now entered into an alliance with Blueliv that will allow both companies share cyber intelligence knowledge to protect their users and clients against new cyber threats. VirusTotal is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected...
corporate-blueliv
Interview: EU Cyber firm eyes UK, US, Latam Expansion
The online daily news and data service Global Security Finance, has recently published the following interview to Nahim Fazal, Head of Cyber Security Development at Blueliv. Blueliv is fuelling its international expansion using the financing it secured earlier this year from strategic investors including Kibo Ventures, through its Amerigo Investment fund...
research-blog
Measuring the impact of Shellshock in the threat intelligence landscape
Once high profile vulnerability is released to the public, there are a lot of people who will use the opportunity to take advantage on vulnerable machines, even if it is manually or widely exploited using pieces of malware. A clear example is the evolution of Mayhem to take advantage of...
corporate-blueliv
Blueliv participates in the everisDigital Pitch2Market
Blueliv has been selected by Everis (an NTT Data Company) as one of the 10 companies to pitch to a selected group of companies both in Barcelona and Madrid. The focus of the event is opening a dialogue where companies and organisations can develop projects with disrupting technologies. Today...
corporate-blueliv
Blueliv to attend SC Congress NY 2014
We are excited to share that Blueliv’s US Sales Manager, Dennis Lee will be attending SC Magazine’s Congress 2014 tomorrow in New York City. Aside from being our Sales manager, Dennis is also the co-founder (along with David Raviv) of the New York Information Security (NYIS) Meetup group. NYIS is...
industry-blog
People becoming unfazed to cyber attacks?
When Target was hacked last year the incident made headline news for months. Target reported that their Q4 sales dropped 46% and their stock took an 11% dip. Most recently Home Depot was hacked exposing over 65 Million Credit cards, including yours truly. However, Home Depot stock didn’t take...
industry-blog
Cyber-attack against JPMorgan Chase
A cyber-attack targeting JPMorgan Chase this summer compromised over 75 million household according to a statement recently released by Chase Bank. The data stolen included names, addresses and email addresses, but did not include any credentials or bank account numbers. This attack compromised resources such as Chase.com, JPMorganOnline and...
corporate-blueliv
Welcome to our new brand design
Today Blueliv launches a new corporate identity complemented by a new logo and graphical profile. By doing this we are aligning our business goals with our ambition to be a global market brand in the cyber security field. Our new logo is a bold step in this direction, and...
corporate-blueliv
Blueliv is attending the IT-SA Congress
These days part of Blueliv’s team will be attending the IT-SA security congress in Nuremberg. The congress lasts three days in which we expect to attend interesting keynotes and exchange knowledge with other security experts. The congress has three open forums and around 240 expert presentations. Moreover, there is a...
research-blog
Defining the key elements of a cybersecurity strategy
There is not a day that goes by without some startling revelation about a new threat from emerging from the world of Cyber-Crime. Over the last few months there has been a spate of attacks on online platforms, organisations and even point of sale devices. Attacks seem to be...
corporate-blueliv
Blueliv attended the Gartner Security and Risk Summit in London
The Gartner Security and Risk Summit was held over two days, with over 150 leading blue chip companies in attendance. The hot topics for the event was topped by Cyber Security with a large number of those attending speaking with Blueliv around how to best address this issue without...
research-blog
The week of Russian leaks
This week some important leaks have arisen in on the Internet, all of them related to Russian users: 1.000.000 Yandex addressess and passwords. 4.500.000 Mail.ru addressess and passwords. 5.000.000 GMail addressess, some of them with passwords. All this data was posted in a Russian Bitcoin Forum by a user...
corporate-blueliv
Gartner Security & Risk Management Summit London
Some weeks ago we attended the Gartner Security and Innovation Summit in Washington and now we are attending the event in London. This summit will last two days, two really complete days in which we are going to meet other security experts and share knowledge and impressions with them. The...
research-blog
Cyber Threats keep growing. Blueliv’s Cyber Threat Intelligence Report.
Here you are the main conclusions of the just analyzed Cyber Threats which have been apparent on a global level during the second quarter of 2014, comparing them with the first quarter of the year. The main point is that Cyber Threats continue to be increasingly more frequent and...
corporate-blueliv
Why SMBs should also care about Data breaches?
A written by Jen Miller of CIO magazine describes the importance for Cyber Security for small to midsize businesses. The article highlights how many smaller businesses can suffer from the same attacks that plague large enterprises to even attacks which specifically target them. These organizations could be using the...
corporate-blueliv
Blueliv at the Innovation Summit 2014
Tomorrow Blueliv will attend the Innovation Summit 2014, in New York City. The event is organized by SINET and connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint  research initiatives regarding Cybersecurity. If you are also planning to attend and are interested in...
corporate-blueliv
Affected by P.F. Chang’s Credit Card Data Breach?
Learn how Blueliv minimizes the consequences of Credit Card thefts. PF Chang’s is a very popular restaurant option for professionals looking to impress their customers with enjoyable Chinese food. Therefore, John at XYZ corporate takes his client there to discuss renewing a services contract that’s about to expire.John uses...
corporate-blueliv
El mundo ya no se controla con armas, sino con ordenadores
En Publico.es han entrevistado a Daniel Solís, CEO de Blueliv. Aquí tenéis un extracto y os invitamos a leer la entrevista completa en el medio.   Cada día, cada hora, cada minuto que pasa se inventan en cualquier parte del mundo nuevas amenazas en Internet dirigidas a particulares o...
corporate-blueliv
Blueliv at the Gartner Security & Risk Management Summit
In two weeks from now, some of us will be attending the Gartner Security & Risk Management Summit in National Harbor, MD (Washington, D. C. Area).   This summit will be a really interesting event, as you can see in the agenda, which is full of useful and valuable...
research-blog
My Little Pony
One year ago our colleague Xylit0l wrote about the Pony stealer malware. It’s been a year and the Pony family has grown! Two malwares, at least, have been found in the wild with some parts of Pony included in them. This is the case of Jolly Roger which is...
corporate-blueliv
The exponential cyber threat to mobile commerce
As m-commerce grows, recent research reveals that security is a major concern for consumers making payments by smartphone. The security threats against the mobile channel are growing; using the example of a recent malware attack on the mobile services of a bank in the Middle East, we analyze the...
corporate-blueliv
How does Blueliv work?
Do you want to find out how our technology Blueliv works?   We’re going to explain you, step by step, how we hunt the Cyber Crime with Blueliv Cyber Threat Intelligence. The process starts with the analysis of different malware samples gathered from the Internet so, what happens then?...
research-blog
Origin of the infections and attacks during the first quarter of 2014
Blueliv has analyzed the main Cyber Threats which have been apparent on a global level during the first quarter of 2014, and in this post we are going to show their origin. MALICIOUS URL GEOLOCALIZATION Some 46% of the malicious URLs analyzed were geolocalized in the United States, while...
research-blog
Behind Point of Sale (PoS) attacks
In this previous article we showed how cybercriminals were trying to infect PoS devices with Dexter malware through pcAnywhere service, port 5631. Now, what we want is to analyze the geolocation of more than a million IPs affected by this attack that appear in the following picture. If we...
corporate-blueliv
Mundo Hacker, now face to face
Mundo Hacker, the successful TV show of Discovery Max, Spain, is organizing the Mundo Hacker Day Congress, addressed to Cyber Security professionals.     The congress, which aims to gather 750 attendees, counts on the support of major Spanish companies in the sector among its sponsors and speakers.  ...
corporate-blueliv
Blueliv will celebrate with Securmatica its 25th anniversary
Once again, Blueliv will be at Securmática, the Spanish Congress of Information Security organized by SIC magazine.     This year is especially important, as Securmática will turn 25. SIC magazine betted on Information Security when this was an almost unknown world and has had a big influence in...
research-blog
AppCloud and the uprising SaaS Android trojan malware
Some weeks ago Intelcrawler informed of a large fraud campaign against major Islamic banking institutions and one from Spain.   The malicious code infected the mobile devices of banking customers, intercepted the OTP («One-Time-Password») token code and immediately sent it to the bad actors. The unique side of the...
research-blog
First million credit cards details released
1 million credit cards details over a set of 800 million was released on Pastebin early this week. Almost 1 million cards were allegedly leaked by Anonymous Ukraine on Pastebin early this week from a set of more than 800 million credit cards that has not been released yet....
research-blog
Uncovering the new modus operandi behind POS infections
In the Cyber Fraud world there are numerous ways of doing business. One of the most well-known fraud activities that has been alive for years is the credit card theft. Like any other business it has evolved and improved its different techniques in order to survive and to maximize...
corporate-blueliv
Telefónica and Kibo Ventures invest in Blueliv
Kibo Ventures, through the Amerigo Investment fund, Telefónica Ventures, the venture capital arm of Telefónica, and the entrepreneur Roger Casals, have invested 2.5 million euros in the cyber security company Blueliv, to develop new products and fund the firm’s international expansion. This makes Blueliv the first example of joint...
research-blog
mount.cifs arbitary file identification 0day
Durante el wargame de la rootedcon 2012, además de participar, me dediqué a revisar un poco los sistemas. Puesto que no tenía disponible el /proc/kallsyms, hacer ataques al kernel, supondría ir a ciegas, bruteforcear símbolos … , incluso posiblemente crashear el kernel. De manera que me enfoqué sobretodo a...
research-blog
Proxy multi-protocolo sha0proxy v2
Normalmente el desarollo de exploits requiere más tiempo del que uno tiene, de manera que hay que ingeniarse técnicas y herramientas que faciliten el trabajo. Personalmente, antes que parchear una aplicación cliente, o utilizar las apis de ciertos protocolos, prefiero capturar el tráfico y enviar las cabeceras a bajo...
research-blog
Respuesta a Incidentes: Analizando un mailer desde la memoria
Es especialmente crítico que al detectar un incidente, como puede ser la infección por malware de cualquier equipo de una red interna, inmortalizar la “escena del crimen” con la máxima información posible acerca del estado de los equipos infectados. En este caso, particularizaremos sobre lo importante que puede ser...
research-blog
Resconstruyendo datos mediante el ingenio – Análisis forense en dispositivos móviles (II)
Existen situaciones en las que un investigador forense necesita sobrepasar las limitaciones técnicas intrínsecas a las herramientas existentes en la actualidad. Un claro ejemplo de esto sucede cuando el investigador necesita interpretar datos que contiene un teléfono móvil, los cuales pueden sufrir una fuerte fragmentación y, además, las entradas...
research-blog
Análisis Forense de una Infección – PARTE III
Tal y como comentamos en el post anterior, en el escrito de hoy vamos a realizar un análisis dinámico del malware. Concretamente, hemos tomado el ejecutable A0029519.exe situado en: System Volume Information_restore{2D9E3322-AD12-427C-8050-DC9B1714968D}RP126 con tamaño 42579 bytes y  hash sha1 2566f4de9d1f789314c0e67fcdc4f2d4778308d. Una vez ya tenemos el especimen a analizar, hemos...
research-blog
Detección de vulnerabilidades en servicios de red mediante fuzzing – Parte I
Una de las técnicas más utilizadas para la búsqueda de vulnerabilidades es el fuzzing. Consiste en probar, de forma más o menos inteligente, el comportamiento de una aplicación frente a unos datos generados específicamente para hacer que un programa falle, ya sea generando datos en una codificación diferente, enviando...
research-blog
Análisis Forense de una Infección por Malware – PARTE II
Retomando el tema de análisis de malware que introducimos en el post anterior “Análisis Forense de una Infección por Malware – PARTE I“, ahora nos centraremos más en analizar los artefactos de Windows para así obtener más información de las modificaciones efectuadas por especimen en la infección del equipo...
research-blog
Adquisición remota con Ad|Quiere
Con la salida de la nueva versión de Ad|Quiere,  se  ha incluido una aplicación que facilita la adquisición remota de la evidencia. Esta aplicación, “Reversessh”, establece un túnel inverso usando ssh contra una máquina remota. Así, el investigador forense podrá tener acceso a la máquina incluso estando detrás de...
research-blog
Análisis Forense de una Infección por Malware – PARTE I
Incluso en el periodo estival cuando las personas normales tienen vacaciones, surgen incidentes de seguridad. Este es el caso de un conocido, quien muy amablemente ha prestado su ordenador para someterlo a una adquisición y posterior análisis, para investigar un posible comportamiento algo extraño por el cual se manifestaban...
corporate-blueliv
Nueva versión de ad-Quiere (v0.9)
Desde hoy mismo, es posible descargarse la distribución forense que, junto con Aedel, venimos desarrollando desde https://www.blueliv.com/ad-Quiere/ad-Quiere_i386_v0.9.iso y su correspondiente checksum en https://www.blueliv.com/ad-Quiere/checksum_v0.9.txt La lista de cambios introducidos son: Se ha añadido Volatility, pasa a formar parte de la colección de herramientas. Se ha añadido el menú “Forensics” para...
research-blog
Cómo evadir las restricciones de seguridad establecidas en un kiosko
Se define como kiosco aquella máquina, puesta a disposición pública, para que usuarios utilicen los servicios ofrecidos por la empresa que facilita su acceso.   Seguro que muchos habéis visto algún kiosko similar, ofreciendo diversos servicios a través de Internet, ya sea en aeropuertos, estaciones de tren o incluso...
research-blog
Análisis forense en dispositivos móviles (I)
De todos es sabido que los teléfonos móviles cada vez son más parecidos a un ordenador común. La punta de lanza de esta tendencia está encabezada por las dos plataformas más evolucionadas en el marco de la telefonía móvil. Hablamos de Android e Iphone. La plataforma Android tiene un...
corporate-blueliv
¡Nos hemos mudado!. We’ve moved!.
Antes de iniciar el descanso estival hemos decidido cambiar el sitio y el diseño de nuestro web, dándole un toque más marino y fresco. A partir de ahora encontraréis nuestro blog en: bluelog.blueliv.com, por lo que por favor actualizar vuestros lectores de feeds.  Esperemos que este sea de vuestro agrado...
research-blog
Nmap Querier (NQu)
Durante la ejecución de un pentest, recurrimos a muchas herramientas para obtener información que nos llevará a conducir el test de intrusión por un camino u otro. Entre esas herramientas se encuentra la vetusta nmap que ya ha alcanzado su versión 5 y que hemos podido ver en un...
research-blog
Meterpreter Cheat Sheet
Con el objetivo de contribuir en la divulgación de conocimiento en materia de seguridad informática y comunicaciones, desde blueliv, hemos desarrollado un “chuletario” de los comandos más relevantes de Meterpreter. Muchos de vosotros, os preguntareis ¿qué es Meterpreter? y ¿para qué sirve?. La respuesta es muy simple, Meterpreter es...
research-blog
Seguridad en entornos Lotus Domino
En un contexto globalizado, como el actual, es frecuente encontrarse con servidores Lotus Domino accesibles desde Internet, a través de su acceso Web. La mayoría de estos disponen de mecanismos control de acceso mediante usuario y contraseña, no obstante, no es extraño encontrar accesos anónimos a recursos de dichas...
research-blog
Recuperando correos electrónicos de archivos PST
En las investigaciones forense en las que se investiga las posibles acciones fraudulentas efectuadas por un empleado de una Organización, es muy común, entre otros análisis, realizar un recuperación de ficheros en base a un búsqueda de strings y un posterior filtrado de los mismos aplicando un listado de...
research-blog
Solución al reto forense #5 de Sans
El día 1 de Abril, Sans organizó un nuevo concurso forense desde la página http://forensicscontest.com/2010/04/01/ms-moneymanys-mysterious-malware. El concurso consiste en responder una serie de cuestiones que se nos plantean desde la organización, ofreciendo una captura de red como evidencia. Al final, después del plazo estipulado, el ganador se lleva un...
research-blog
Reconstrucción de sucesos mediante múltiples fuentes de evidencias digitales
Como en cualquier investigación, las digitales también requieren de en una reconstrucción de los hechos, donde un investigador dispone de una piezas de puzzle que deberá encajar para poder determinar qué ha pasado. Es por ello que, en numerosos casos, nos podemos encontrar investigaciones digitales en las que tan...
research-blog
La Clasificación de Vulnerabilidades bien entendida
La clasificación de las debilidades de seguridad en TI es realmente antigua. Ya en 1976, el proyecto RISOS, en su informe “Security Analysis and Enhancements of Computer Operating Systems”, reflejaba este interés por catalogar la naturaleza de vulnerabilidades própias de Sistemas Operativos.
research-blog
Sobre adquisiciones forenses y copia de discos duros
Como publicamos a principios de semana, con la colaboración de AEDEL (Asociación Española de Evidencias Electrónicas) hemos lanzado un proyecto que tiene por objetivo construir una distribución LiveCD específica para realizar adquisiciones forenses. En el LiveCD podemos encontrar herramientas de adquisición de evidencias, pero sin duda alguna, estas herramientas...
corporate-blueliv
AD|QUIERE una distribución forense colaborativa para la comunidad hispana
Las actuales distribuciones forenses se están moviendo desde formatos abiertos y gratuitos a formatos de pago. Dichas herramientas forenses empiezan con buenas ideas e intenciones y finalmente, se apoderan de ellas empresas con ánimo de lucro, perdiendo así su filosofía GNU. Por estos motivos, blueliv y AEDEL lanzan AD|QUIERE...
research-blog
Reduciendo falsos positivos en las búsquedas de strings
Desde blueliv hemos encontrado diversidad de proyectos relacionados con el ámbito forense. Entre los más abundantes, los casos de fraude corporativo, dónde uno o varios trabajadores de la Organización se ven involucrados en una investigación de fraude interno. Es común, en éste tipo de casos, el uso de búsquedas...
research-blog
Volcando bases de datos mediante el uso de SQL Injection
Sobre los fundamentos de SQL Injection, pocas cosas nuevas pueden decirse. Basta con realizar breves búsquedas en Internet para encontrar información sobre sus principios, su explotación, técnicas de evasión e incluso la automatización en la recuperación de la base de datos. El presente post aborda algunos detalles, útiles para...
research-blog
Desenmascarando una botnet mediante el uso de criptoanálisis
En los últimos tiempos estamos asistiendo a un auge significativo de botnets, puestas a la disposición de actividades fraudulentas, como pueda ser el robo masivo tanto de credenciales de banca online como de tarjetas de crédito. Dada la rentabilidad, derivada de las actividades maliciosas, facilitada por una botnet, las...
research-blog
Cuando la ToIP se queda sin voz
La telefonía IP se usa ampliamente en las organizaciones. Por ello, es necesario que este servicio esté libre de amenazas, tales como la intercepción de comunicaciones o las denegaciones de servicio. Es necesario securizar dichas plataformas de comunicación esencial y realizar revisiones periódicas de seguridad para comprobar a que...
corporate-blueliv
El hacking y las nuevas tendencias
Mucho han cambiado las cosas desde finales de la década de los 80, en que los hackers no se movían por objetivos económicos sino más bien por filosofía, por ganarse el reconocimiento de otros o como protesta, culminando en movimientos hacktivistas. Algunos afirman que el termino se acuñó para...
research-blog
Nuevos vectores de ataque vinculados al negocio
La lógica del negocio está condicionada por su diseño inicial, por lo que la seguridad en la lógica de negocio debe tenerse en cuenta desde el mismo instante en el que se diseña dicha plataforma. Un buen punto de partida podría ser un diseño por capas, confiando a cada...
corporate-blueliv
La Seguridad y la Información pública u oculta en la red
Internet se ha convertido en una enorme base de datos de información distribuida y accesible a través de toda una serie de servicios y utilidades que han ido apareciendo: RSS, buscadores Web, redes sociales, foros de noticias, redes P2P, etc. Por otro lado, y como posible evolución, La Web...
corporate-blueliv
bluenews, un sistema inteligente de recolección de fallos de seguridad
Dentro del marco de la solución sýnap-link, la propuesta de blueliv para la gestión de la Seguridad de la Información en formato 24×7, es un factor clave mantenerse actualizado acerca de nuevas vulnerabilidades que afectan a diferentes fabricantes y productos. Del mismo modo, es esencial mantener una base de...
corporate-blueliv
Nuestro primer post
En este proyecto, el cual arrancamos con toda la ilusión y motivación posible, nos gustaría explicarte de dónde viene nuestro nombre. Desde que empezamos a pensar en las forma en que queríamos cambiar el mundo de la Seguridad de la Información, nos vino a la cabeza aquello que nos...
Demo Free Trial Community Newsletter