All news with #yara tag

Acronis on FileFix, SideWinder and Shadow Vector Campaigns

🔍 Acronis TRU describes practical VirusTotal hunting techniques used to track the FileFix ClickFix variant, the long-running SideWinder actor, and the Shadow Vector SVG campaign targeting Colombian users. Using Livehunt, content-based YARA rules, VT Diff, and metadata pivoting, analysts located clipboard-based web payloads, document exploits (CVE‑2017‑0199/11882), and judicial-themed SVG decoys. The post emphasizes iterative rule tuning, retrohunt for timelines, and infrastructure pivots that convert fragmented indicators into actionable intelligence.

Nine Essential Open-Source Security Tools for Teams

🔒 This article highlights nine widely used open-source security tools that help defenders identify vulnerabilities, analyze network traffic, perform forensic investigations, and manage threat intelligence. It stresses community-driven development and transparency as core advantages of open-source solutions and notes that independent review often speeds discovery and remediation. Representative tools covered include ZAP, Wireshark, BloodHound, Autopsy, MISP, Let's Encrypt, GnuPG, Yara and osquery, with attention to extensibility, multi-platform support, and practical deployment considerations for security teams.

YARA-X 1.0.0 Stable Release: Faster, Safer YARA Now

🚀YARA-X 1.0.0 is now stable, delivering a Rust-based, memory-safe engine while preserving broad compatibility with existing YARA rules. YARA-X runs heavy regular expressions and deep loops roughly 5–10× faster than the legacy YARA 4.x engine and returns clearer, line-accurate error messages. The CLI adds colored output, JSON/YAML dumps, shell completions and a built-in formatter to improve tooling and developer workflows. VirusTotal reports stable, production use in Livehunt and Retrohunt at scale and encourages users to test and provide feedback.

JA4 Client Fingerprinting Enhances VirusTotal Hunting

🔍 VirusTotal has added JA4 client fingerprinting to improve malware tracking and analysis. By extracting stable characteristics from the TLS Client Hello — including TLS version, cipher suites, extensions, and ALPN — JA4 is designed to be resilient to the extension randomization that reduced JA3's reliability. Analysts can pivot on these fingerprints using the platform's behavior_network modifier, run wildcard queries for partial matches, and automate detections with YARA rules that leverage the vt module.