Lessons Learned from the Incident Response Trenches: Investigating and Eradicating Kwampirs

Kroll has deployed CB Response during hundreds of cyber investigations because it can provide insights throughout each stage of the incident response IR process see graphic. One of Kroll’s recent investigations, which involved the Kwampirs malware, illustrates how CB Response helps uncover critic...

CB TAU Threat Intelligence Notification: GandCrab 5.2 Ransomware Attempts to Delete Volume Shadow Copies

GandCrab 5.2 ransomware will append seven randomly generated strings as the file extension to each encrypted file and drop a ransom note named as ‘generated file extension-MANUAL.txt’, for example, “office.doc.uahmthl” and “UAHMTHL-MANUAL.txt”. It will also change the desktop background of the...

Partner Perspectives: ThreatConnect and Carbon Black: Incorporating Threat Intel for Quicker Incident Response

Megan Horner is the Director of Product Marketing for ThreatConnect. When it comes to incident response, there’s typically a focus on three main stages: investigation, containment, and remediation. Moving from one stage to the next as efficiently as possible is critical to expediting response...

Partner Perspectives: Collaborate and Consolidate with King & Union and Carbon Black

Peter Prizio Jr. is the Senior Product Manager for King & Union. One of the biggest challenges facing security organizations today is dealing with the overwhelming number of alerts received each and every day. A staggering 27 percent of IT professionals report receiving more than one million aler...

Partner Perspectives: Orchestrating Endpoint Security with CyberSponse and Carbon Black

Amit Jain is the Principal Technical Product Manager at CyberSponse. Today's network security infrastructures are complex beasts. Increasing mobile and cloud deployments have made managing endpoint security more challenging than ever before. The dynamic and ever-evolving nature of today’s...

Cb Integrations: Cb Response Timeliner

Editor's Note: This post originally appeared on StillzTech.com and is being republished with permission from the author. Github: Incident Response is a challenging career. As responders, we must do our best to keep up to date with the latest attack trends, malware and forensic techniques...

Partner Perspectives: IR Challenges Solved by IncMan SOAR + Cb Response

John Moran is the Senior Product Manager for DFLabs. Cb Response is one of the most effective endpoint solutions when it comes to detecting, investigating and responding to advanced threats. I do not say this as a marketing person I am not, but as a former incident response consultant who utilize...

Case Study: A Cryptomining Attack — With an Assist From Advanced Malware Techniques

In Carbon Black's Quarterly Incident Response Threat Report QIRTR, some of the world’s leading incident response IR professionals reported seeing an uptick in lateral movement, counter incident response, and island-hopping attacks from motivated nation-states. In the case study below, Kroll notes...

CVE-2018-10407

An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicio...

Code injection

An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicio...

CVE-2018-10407

CVE-2018-10407 affects Carbon Black Cb Response. A maliciously crafted Universal/Fat binary can bypass third‑party code signing checks, causing the unsigned payload to execute while the signed Apple image is treated as legitimate. Exploitation relies on embedding unsigned Mach‑O binaries inside a...

CVE-2018-10407

An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicio...

Excerpts from Risk & Response: Defending Financial Institutions with Cb Response

Carbon Black recently published a guide on combating the most advanced threats that financial institutions are facing today using the marketing-leading endpoint detection and response solution, Cb Response. For more information on securing large-scale financial enterprises, including how to...

Update on Apple Security Updates for MacOS Impacting Cb Response and Cb Protection Customers

Carbon Black has now made generally available releases to Cb Protection and Cb Response to support the latest OS versions and security update Security Update 2018-001 from Apple for the following Mac sensor/agent releases: Cb Protection: Cb Protection Announcing the Release of Cb Protection 7.2.3...

Excerpts from Building a High Speed SOC: Achieving Speed (Part 2)

Carbon Black recently published an in-depth guide on what it takes to develop a "high speed" security operations center, or SOC; this is the last excerpt from that guide, which you can find here. For more information on building high speed SOCs, including how to eliminate the "response gap," chec...

Partner Perspectives: How to Quickly Automate a Response Playbook With Carbon Black

Editor's Note: This blog originally appeared on Red Canary's website. Outwardly, Red Canary appears to focus heavily on the “Detection” in Endpoint Detection and Response. Much of what we share addresses the need to understand the platforms that we defend, and techniques that can be applied to...

DirectDefense Incorrectly Asserts Architectural Flaw in Cb Response

Today, a blog was released that incorrectly asserts an architectural flaw in Cb Response that leaks customer data. In fact, this is an optional feature turned off by default to allow customers to share information with external sources for additional ability to detect threats. Cloud-based,...

Partner Perspectives: Using Cb Response to Mitigate ETERNALBLUE

Editor's Note: This post originally appeared on redcanary.com In case you’ve been under a rock, there’s a wee problem with ransomware, fueled by the public release of a handful of high quality access exploit and persistence backdoor utilities. Most recently, these have manifested in the form of t...