The Attribution Story of WhisperGate: An Academic Perspective

This paper explores the challenges of cyberattack attribution, specifically APTs, applying the case study approach for the WhisperGate cyber operation of January 2022 executed by the Russian military intelligence service GRU and targeting Ukrainian government entities. The study provides a detail...

A Bag of RATs: VenomRAT vs. AsyncRAT

Introduction Remote access tools RATs have long been a favorite tool for cyber attackers, since they enable remote control over compromised systems and facilitate data theft, espionage, and continuous monitoring of victims. Among the well-known RATs are VenomRAT and AsyncRAT. These are open-sourc...

The Continued Evolution of the DarkGate Malware-as-a-Service

The Continued Evolution of the DarkGate Malware-as-a-Service By Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll and Vinoo Thomas · November 21, 2023 On September 2023, the Trellix Security Operations Center SOC successfully detected and stopped an attack against Musarubra, the holding...

Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack

A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100...

Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild

Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. The vulnerability came to light after an independent cybersecurity research team known as naosec uncovered a Word document...

CISO Forum 2022: the first major Russian security conference in the New Reality

Hello everyone! After a two-year break, I took part in Moscow CISO Forum 2022 with a small talk "Malicious open source: the cost of using someone elses code". Alternative video link for Russia: CISO Forum is the first major Russian conference since the beginning of The New Reality of Information...

New Collaboration with Adobe and MAPP

Collaboration with industry partners is helping secure the digital world by distributing Trend Micro vulnerability information to security vendors more quickly so they can enhance protection for their customers...

Cybersecurity Webinar: Understanding the 2020 MITRE ATT&CK Results

The release of MITRE Engenuity's Carbanak+Fin7 ATT&CK evaluations every year is a benchmark for the cybersecurity industry. The organization's tests measure how well security vendors can detect and respond to threats and offers an independent metric for customers and security leaders to understan...

Researchers uncover a new Iranian malware used in recent cyberattacks

An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous...

VMware Carbon Black Named to the 2021 CRN Security 100 List

We are proud to announce that CRN®, a brand of The Channel Company, has named VMware Carbon Black to its annual Security 100 list. The Security 100 list features leading IT channel security vendors and is compiled by a panel of CRN editors, recognizing channel-focused security vendors across five...

Malwarebytes Hit by SolarWinds Attackers

Malwarebytes is the latest discovered victim of the SolarWinds hackers, the security company said – except that it wasn’t targeted through the SolarWinds platform. “While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor,” it...

Cybersecurity Needs to Go Back to the Basics

This is part of our ongoing conversation about the worldwide challenges of working remotely. To stay up-to-date on the latest insights, refer to our live page for COVID-19: Cybersecurity Community Resources. This piece was co-authored with support from Optiv. Security teams have spent decades...

Podcast: Managing an Out-Of-Control Security Tech Stack

This podcast is sponsored by Arctic Wolf. In this sponsored podcast, Threatpost podcast host Cody Hackett and Sam McLane, chief technology officer with Arctic Wolf, discuss important considerations when building a multi-layered cybersecurity strategy and best practices when evaluating security...

New Comic Videos Take CISO/Security Vendor Relationship to the Extreme

Today's CISOs operate in an overly intensive environment. As the ones who are tasked with the unenviable accountability for failed protection and successful breaches, they must relentlessly strive to improve their defense lines with workforce education, training their security teams and last but...

CB TAU Threat Intelligence Notification: Winnti Malware 4.0

Winnti is a family of malware used by multiple Chinese threat actors like APT41. Carbon Black’s Threat Analysis Unit TAU is providing this technical analysis, YARA rules, IOCs and product rules for the research community. Behavioral Summary Winnti malware is installed manually with stolen...

We can control you see the content: mainstream IPTV remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

About a year ago, Check Point Research Team found that the Ukrainian TV streaming platform, there is a serious vulnerability, once exploited, could enable service providers face a serious risk. Specifically, an attacker can get the entire customer database of personal information and financial...

Guinea Pig and Vulnerability Management products

IMHO, security vendors use the term "Vulnerability Management" extremely inaccurate. Like a guinea pig, which is not a pig and is not related to Guinea, the current Vulnerability Management products are not about the actual practically exploitable vulnerabilities and not really about the...

CyberThursday: Asset Inventory, IT-transformation in Cisco, Pentest vs. RedTeam

Two weeks ago I was speaking at a very interesting information security event - CyberThursday. This is a meeting of a closed Information Security practitioners group. The group is about 70 people, mainly from the financial organizations, telecoms and security vendors. These meetings have a rather...

DOJ Nabs Three FIN7 Cybercrime Suspects in Europe

Three suspected members of the FIN7 cybercrime group have been arrested in Europe and accused of hacking more than 120 U.S.-based companies with the intent of stealing bank cards. In total, U.S. Department of Justice authorities said the FIN7 group — associated with the Carbanak crime gang — is...

With the Predictive Security Cloud (PSC) Leading the Way, Carbon Black is Named One the “Coolest 20 Vendors in Endpoint Security” by CRN

Editor’s Note: Victor Baez, Carbon Black’s VP of WW Channel and this blog’s author, was recently named a 2018 CRN Channel Chief. As part of CRN's annual Security 100 list, 20 endpoint companies have been named “Coolest Endpoint Security Vendors of 2018.” Carbon Black is among them. We are honored...