Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity

Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response EDR solutions and hide malicious activity. Trend Micro said it detected "threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a mean...

The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short

In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit...

#StopRansomware: Phobos Ransomware

Actions to take today to mitigate Phobos ransomware activity: 1. Secure RDP ports to prevent threat actors from abusing and leveraging RDP tools. 2. Prioritize remediating known exploited vulnerabilities. 3. Implement EDR solutions to disrupt threat actor memory allocation techniques...

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response EDR systems. SafeBreach researcher Alon Leviev said the methods are "capable of working across all...

UNC3886 targets technologies with custom malware and exploits zero-day vulnerabilities

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC3886 is a cyber espionage Chinese group that targets technologies without EDR solutions and exploits zero-day vulnerabilities to steal user credentials and maintain access. To receive real-time threat...

Not with a Bang but a Whisper: The Shift to Stealthy C2

As defensive tools have evolved to detect more and more traditional attack techniques, it should come as no surprise that attackers have shifted tactics. This ever-evolving arms race between offensive security toolsets, bespoke advanced persistent threat APT malware and the billion-dollar infosec...

A week in security (May 25 – 31)

Last week on Malwarebytes Labs, we published our most recent episode of our podcast Lock and Code, providing an in-depth discussion on web browser privacy, looked at the membership bump for the Coalition against Stalkerware, and dug into EDR solutions. We also looked at twists added to the threat...

Using Real-Time Events in Investigations

To understand what a threat actor did on a Windows system, analysts often turn to the tried and true sources of historical endpoint artifacts such as the Master File Table MFT, registry hives, and Application Compatibility Cache AppCompat. However, these evidence sources were not designed with...

Partner Perspectives: Endpoint Protection & Asset Management: Making Sure Everything That Should Be Protected, Is Protected

It’s a common refrain in cybersecurity: you can only protect what you can see. And while advances in endpoint protection technology have drastically increased the security of devices, organizations still struggle to understand which assets they have, and whether they’re properly covered by securi...

Partner Perspectives: Accelerated Alert Handling from Syncurity and Carbon Black

JP Bourget is the Founder and CSO of Syncurity. One of the key Security Orchestration, Automation and Response SOAR use cases I see every day is alert handling. As more and more organizations adopt EDR solutions, like those offered by Carbon Black, Syncurity IR-Flow is able to speed up the alert...

China Chip Hack Shines Spotlight on Hardware and Supply-Chain Risk

Recent revelations in the press regarding hardware implants and supply-chain compromise are troubling and should be seen as an opportunity to assess our current threat model and security approach. This recently revealed situation is the hardware analogue to the software supply chain compromises w...

3 Cybersecurity Takeaways from Ocean’s 8 (Note: Spoiler Alert!)

I love watching movies. A few days ago, I watched the movie "Ocean's 8" with my wife, and I found this movie was a perfect education material for the cyber security experts. Here are my 3 takeaways from the movie: 1 You think you are protected? Think again… Remember in the movie, the hacker "9-ba...

June 23, 2017 – Morning Cyber Coffee Headlines – “Grizzly Bear” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! June 23, 2017 - Headlines Carbon Black in the News: Top 10 Endpoint Detection a...