Querying Windows Event Logs for Faster Investigation and Response

With this week’s release on the VMware Carbon Black Cloud, users can now remotely inspect Windows devices’ event logs to pull back information that could be helpful during an investigation or response scenario. This new capability comes as part of an update to the Live Query functionality provide...

TAU Technical Report: New Attack Combines TinyPOS With Living-off-the-Land Techniques for Scraping Credit Card Data

In April of 2020 VMware Carbon Black Threat Analysis Unit TAU researchers worked with an Incident Response IR partner on a piece of malware that was discovered during an ongoing PCI investigation. The combined analysis showed that attackers who previously leveraged a malware family called TinyPOS...

VMware Carbon Black TAU Threat Research: Visualizing Ransomware with MITRE ATT&CK

If no one had ever heard of ransomware prior to May 2017, then one thing that is fairly certain is that the WannaCry ransomware outbreak unquestionably put ransomware on the security radar, and sent shivers up CISO’s and analysts’ spines for the weeks and months that followed. Only a few weeks...

Threat Analysis Unit (TAU) Threat Intelligence Notification: Tick Downloaders (Operation ENDTRADE)

Trend Micro released a white paper about Tick, a Chinese cyberespionage threat actor targeting east asian countries. The report details several new downloader malware families. VMware Carbon Black Threat Analysis Unit TAU reviewed the malware and is providing product rules to detect and identify...

Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire)

Malware C2 addresses can be an important IOC to detect known threats. In order to obtain C2 information, we first need malware samples which are then analyzed dynamically or statically. However the analysis task is often times not straightforward. Increasingly anti-analysis methods are implemente...

New CB LiveOps Release Brings Recommended Queries to Users

Security & IT teams often have no reliable way to check on the current status of their endpoints across their enterprise. This forces these teams to piece together information from multiple management consoles in order to get answers about the health of their entire fleet. Even when they do have...

Small Business Benefits of Moving to the Cloud: Effective Security

When you’re selecting an endpoint security platform for your small business, you want it to work — and work well. However, less than one third of organizations believe that traditional AV has the power to stop the attacks that they are seeing.1 With fileless malware attacks and ransomware on the...

Infographic: Cyberattacks by the Numbers

As the calendar shifted from December 2016 to January 2017, the prospect of a large-scale cyberattack loomed. Questions over the possible hacking of the 2016 U.S. presidential election swirled and businesses faced a growing attack vector in ransomware. In 2016, ransomware was estimated to be an...