54 matches found
Get Ready for the Microsoft Windows 7 EOL on January 14th
January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hot fixes for attacks in the wild will not be available, effectively making any...
Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020?
January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any...
Threat Analysis Unit (TAU) Threat Intelligence Notification: DeathRansom Ransomware
During mid-November, a new ransomware named ‘DeathRansom” was found being distributed. Similar to the other variants of ransomware, it will perform the deletion of volume shadow copies to ensure all the data cannot be restored easily. After the DeathRansom performs file encryption, it will drop...
New version of IcedID Trojan uses steganographic payloads
This blog post was authored by @hasherezade, with contributions from @siriurz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strik...
CAPE - Malware Configuration And Payload Extraction
CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to detect malware based on payload signatures, as well as automating many of the goals of malware...
Google Analytics Emerges as a Phishing Tool
Cybercriminals are leveraging key technical markers used in web analytics—particularly Google Analytics—to create more sophisticated and targeted phishing attacks, new research has found. However, this also makes them more susceptible to detection by organizations defending their sites against...
Fearing WannaCry-Level Danger, Enterprises Wrestle with BlueKeep
The nightmare vision of a “mega-worm” global BlueKeep infection could be closer to becoming reality as working exploits are now becoming available to the public, and there’s evidence that adversaries are actively scanning for the vulnerability. Researchers weighed in with Threatpost about how...
Partner Perspectives: From Alert to Action: How VMRay Provides Carbon Black with Detail-Rich Threat Intelligence
Good things happen when two leaders in their respective fields bring together their complementary capabilities. That’s the case with Carbon Black’s deep expertise in endpoint detection and response EDR and VMRay’s singular focus on dynamic malware analysis. The sum ends up being even greater than...
Partner Perspectives: Blending Analytics with Endpoint Detection and Response Better Defends the Modern Worker
Ryan Stolte is the co-founder and CTO for Bay Dynamics. There are clearly many reasons why Endpoint Detection and Response EDR has materialized into such a hotbed of interest, investment and emerging best practices - endpoint security must continually evolve within the context of threats and...
Digital Doppelgangers
Carding exists for over 20 years. And it is not dead yet. It is alive, and even more – it is being actively developed by cybercriminals. The "good" old method of entering stolen credit card information into online store forms to buy goods and services or using online payment system accounts for t...
Threat Roundup for Mar. 1 to Mar. 8
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 1 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicato...
CB Customer Spotlight: Q&A with MSD of Mt. Vernon’s William Stein
For the past 28 years, William Stein, Certified Education Technology Leader, has served as the Director of Information Systems for the Metropolitan School District MSD of Mt. Vernon in Indiana. Stein uses Carbon Black solutions to protect the K-12 school district’s data by responding to emerging...
Google Updates reCAPTCHA: No More Boxes to Check
Google this week has rolled out its latest version of the reCAPTCHA mechanism, which is meant to weed out spam and abuse by robots on websites. It marks a dramatic departure from previous reCAPTCHA efforts by eliminating the need for visitors to take any extra steps in order to log onto a website...
Don’t Overlook Qualys Malware Detection
Cyber criminals are constantly looking for opportunities to infect legitimate websites with malware. They can use infected websites to cryptomine, steal data, hijack systems, deface pages, and do other damage to harm a company’s reputation and impact their users. This can result in lost revenue,...
BIOS Boots What? Finding Evil in Boot Code at Scale!
The second issue is that reverse engineering all boot records is impractical. Given the job of determining if a single system is infected with a bootkit, a malware analyst could acquire a disk image and then reverse engineer the boot bytes to determine if anything malicious is present in the boot...
Unlock Your SOC with Exabeam and Carbon Black
Endpoints are not safe. There I’ve said it. The network boundaries are gone and endpoints are left exposed directly to threats. Just like watching my kids move out of the house and worrying about how they will fare in the world on their own, we have to realize endpoints are no longer protected by...
VirusTotal launches 'Droidy' sandbox to detect malicious Android apps
One of the biggest and most popular multi-antivirus scanning engine service has today launched a new Android sandbox service, dubbed VirusTotal Droidy, to help security researchers detect malicious apps based on behavioral analysis. VirusTotal, owned by Google, is a free online service that allow...
Avzhan DDoS bot dropped by Chinese drive-by attack
The Avzhan DDoS bot has been known since 2010, but recently we saw it in wild again, being dropped by a Chinese drive-by attack. In this post, we'll take a deep dive into its functionality and compare the sample we captured with the one described in the past. Analyzed sample...
Napoleon: a new version of Blind ransomware
The ransomware previously known as Blind has been spotted recently with a .napoleon extension and some additional changes. In this post, we'll analyze the sample for its structure, behavior, and distribution method. Analyzed samples 31126f48c7e8700a5d60c5222c8fd0c7 - Blind ransomware the first...
Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’
Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...