849 matches found
Announcing the July ‘17 Release of Cb Defense
Editor's Note: If you are looking for the May 2017 Cb Defense release content, please scroll to the bottom of this page. This week, we’re happy to announce the rollout of the July ‘17 update of Cb Defense. Following the May ‘17 release, we heard a tremendous amount of positive feedback on the new...
Partner Perspectives: Endpoint Security Analytics with Sumo Logic and Carbon Black
As the threat landscape continues to expand, having end-to-end visibility across your modern application stack and cloud infrastructures is crucial. Customers cannot afford to have blind spots in their environment; and that includes data being ingested from third-party tools. With the industry...
Re-designing Linux Security: Do No Harm – Introduction
Carbon Black recently published a report on the challenges of securing Linux-based operating systems and how Carbon Black is redesigning the approach. For more information about how the Cb Predictive Security Cloud, Carbon Black's consolidated endpoint security platform, helps enterprises cut cos...
Binee: Outsmarting Malware with Next-Generation Process Emulation
The Problem with Malware Analysis Threat researchers get thousands of samples of malware every day and, as every researcher knows, it is very difficult to analyze them in a way that allows for intelligent decisions regarding whether a sample’s reputation is good or bad. There are already some qui...
CB TAU Threat Intelligence Notification – MegaCortex Ransomware
MegaCortex is a unique form of ransomware that was initially discovered earlier this year. It proved to be a very complex form of malware that required additional steps of operation that were only recoverable during incident responses. Since then, MegaCortex has been updated to become more generi...
Our Approach to Data Engineering
Our Approach to Data Engineering At Carbon Black, our R&D team is working on the cutting edge of data engineering. We’ve developed our own language and make our data compile down to bytecode to process super-fast. We’re pushing the boundaries of Kubernetes and Kinesis. And we’re having a blast...
CB TAU Threat Intelligence Notification: Email VBS Downloader Connects to C2 Server, Downloads Trickbot Payload
Carbon Black recently learned a customer had received a malicious email attached with a zip file which contained a malicious VBS script file. This malicious VBS downloader will connect to a Command & Control server and then download a malicious payload which contains Trickbot onto the victim’s...
TAU Threat Intelligence Notification: Israbye Wiper
Summary Israbye is a disk wiper first discovered by a researcher in August 2017, as reported by Bleeping Computer. A newer sample has since been discovered, which appears to timely coincide with a recent news story that references the Al-Aqsa mosque. This mosque is also referenced within the...
Building Better Evaluation Criteria for Linux Security
Carbon Black recently published a report on the challenges of securing Linux-based operating systems and how Carbon Black is redesigning the approach. For more information about how the Cb Predictive Security Cloud, Carbon Black's consolidated endpoint security platform, helps enterprises cut cos...
Chinese Threat Actors Indicted For Stealing Aviation Trade Secrets
Hot on the heels of the Carbon Black Quarterly IR Threat Report, specifically calling out increased cybercrime activity from China, the US Department of Justice has indicted ten Chinese Nationals for perpetrating attacks against U.S. and French aviation companies in a stunning display of state...
Threat Analysis: Recent Attack Technique Leveraging cmd.exe and PowerShell Demonstrates How Attackers Are Using Trusted Microsoft Applications for Malicious Behavior
An attack leveraging cmd.exe and PowerShell was recently investigated by Cb ThreatSight analysts. Our initial investigation discovered that a batch file was executed on the targeted system. This batch file then invoked PowerShell with a base64 encoded command. Decoding the command revealed a seri...
Five Carbon Black Team Members Honored on CRN’s 2019 Women of the Channel List, One Named to the Power 100 List
We are excited to announce that five of Carbon Black’s talented employees have been named to CRN’s 2019 Women of the Channel list: Christine Bufalini, Senior Marketing Director Melanie Holterhoff, Channel Marketing Manager Toni Pommet, Senior Channel Marketing Manager Ashley Tranfaglia, Senior...
Carbon Black + VMware at RSA2019: Working Together to Secure the Digital Workspace
VMware and Carbon Black have a strong history of working together to fundamentally change the model for securing the virtualized data center, a concept that is resounding with attendees here at RSA2019 in San Francisco. A little more than a year ago, we announced a jointly developed, integrated...
New CB LiveOps Release Brings Recommended Queries to Users
Security & IT teams often have no reliable way to check on the current status of their endpoints across their enterprise. This forces these teams to piece together information from multiple management consoles in order to get answers about the health of their entire fleet. Even when they do have...
Why DevOps is Becoming More Like DevSecOps
Editor's Note: Sam Bocetta, a guest author on the Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. In the year 2000, a Time magazine essay authored by Steward...
TAU Threat Intelligence Notification: New macOS Malware Variant of Shlayer (OSX) Discovered
Carbon Black’s Threat Analysis Unit TAU recently discovered a new variant of a family of macOS malware which was first discovered in February of 2018 by researchers from Intego. TAU has obtained new samples of this malware and observed downloads of the malware from multiple sites, primarily...
6 Signs of Successful Threat Hunting
When a threat hunting program is established by an organization, their goal is to proactively hunt threats, with a focus on newer, more sophisticated attacks for which reliable signatures or indicators are not yet available. Bonus: Check out the "Top 5 Threat Hunting Myths" However, without an...
Threat Intelligence – What It Is and Why You Need It
Threat intelligence is a broad term. Some might think it refers to having information about what threats are out there. But in the evolved world of cybersecurity, threat intelligence is actually a verb. Cybersecurity threat intelligence is the ability to take closed-source or open-source data fro...
CB Customer Spotlight: Q&A with Kaas Tailored’s Joe Mrazik
For the past eight years, Joe Mrazik has taken on the role of Network Administrator for Kaas Tailored, protecting the company’s endpoints with CB Defense. Kaas Tailored is an aerospace and furniture manufacturing company that supplies parts to aerospace companies like Boeing. Read on to learn how...
Why I’m Ecstatic About the MITRE ATT&CK Results
Yesterday, MITRE published the results of its first public evaluation of endpoint detection & response EDR vendors based on its increasingly-popular ATT&CK framework. The ATT&CK evaluations are a new approach to EDR testing - open, sophisticated, rigorous, and reflective of the real world. We...
TAU Threat Analysis: Medusa Locker Ransomware
In recent weeks Carbon Black’s Threat Analysis Unit TAU has seen an increase in the number of infections attributed to the Medusa Locker ransomware family. There were notable traits exhibited by Medusa Locker in these attacks that warranted further investigation to determine behavioral tactics th...
The Dukes of Moscow
Overview APT29, also known as The Dukes or Cozy Bear, is a cyberespionage group active since at least 2008. It’s believed that the group operates either under the Russian Foreign Intelligence Service SVR or the Russian Federal Security Service FSB. They primarily target western governments and...
Introducing the Cognitive Attack Loop and the 3 Phases of Cybercriminal Behavior
We have a fundamental saying at Carbon Black: “Cybersecurity is all about the data.” I love this saying. In understanding the data, we can better understand behaviors. And, in better understanding behaviors, we can better understand attackers. Much like a detective in the physical world pieces...
CB TAU Threat Intelligence Notification: SEON Ransomware Distributed via Drive-By Attack Campaign
SEON Ransomware ver 0.2 was found being distributed by the GreenFlash Sundown exploit kit via a drive-by-attack campaign. After performing the encryption, SEON will drop and display the following ransom note and append ‘.fixt’ as the extension to the encrypted file. Figure 1: Screenshot of the...
Why You Should Join Carbon Black at QueryCon 2019
Carbon Black Joining Trail of Bits to Support QueryCon 2019 We are excited to announce that Carbon Black will be joining with Trail of Bits and Kolide to sponsor QueryCon 2019. QueryCon is a conference dedicated to Osquery, an open source tool that allows users to query their devices like a...
Cybersecurity Awareness Month: Cb Customer Spotlight with Stonewall Kitchen’s William Bocash
Editor's Note: Stonewall Kitchen upgraded to next-gen AV with Cb Defense and Cb Protection. William Bocash an I.T. Manager for Stonewall Kitchen and author of this blog has more than 17 years experience in the information technology industry, and recently attended Cb Connect 2018. To wrap up the...
Partner Perspectives: Integrate your SIEM, UEBA + EDR Solution with Securonix and Carbon Black
Nitin Agale is the Senior VP of Products for Securonix. Your endpoints are a valuable part of your enterprise structure. They are the computers your employees use and the servers your company depends on. Defending your endpoints is important, but it’s critical that your endpoint defense is just o...
Top 5 Threat Hunting Myths: “Threat Hunting Is Too Expensive”
The cybersecurity landscape is in a constant state of change and, as many organizations have learned, it’s no longer a matter of if you’ll face a cyberattack, but when. In today’s world, attackers intentionally look normal to evade automated defenses. With the rise of ransomware, fileless and...
October 13, 2017 – Morning Cyber Coffee Headlines – “Friday the 13th” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! October 13, 2017 - Headlines Carbon Black in the News: Equifax’s website may ha...
Lessons from the Equifax Breach
When we see a car wreck it’s very easy to slow down and gawk. The first thing we think is “Wow, that’s awful,” quickly followed by “Whew… glad that wasn’t me,” and then we drive on. Most of us don’t spend time thinking about how the wreck happened -- we were just glad it wasn’t us. A similar...
July 14, 2017 – Morning Cyber Coffee Headlines – “Bastille Day” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 14, 2017 - Headlines Carbon Black in the News: US Voters Consider Russia t...
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0)
Summary The VMware Carbon Black Threat Analysis Unit TAU previously released a blog post documenting the Winnti version 4.0 malware. The new command and control C2 protocol that was implemented in one of the 4.0 samples was completely different from the existing understanding of the 3.0 protocol...
CB Threat Analysis Unit: Technical Analysis of “Crosswalk”
The technical analysis is related to the TAU-TIN for the same malware which can be located in this post. FireEye recently reported on APT41, a Chinese state sponsored espionage group. The group has been documented as targeting healthcare, high-tech, and telecommunications companies for traditiona...
Healthcare Cyber Heists in 2019
Healthcare organizations are increasingly being targeted by cyberattacks due to the gold mine of personal data they possess. The potential, real-world effect these attacks can have is substantial. See the WannaCry and NotPetya ransomware attacks of 2017. Click here to download the full report fro...
Real World Examples Demonstrating the Need for Mature Threat Hunting
A recent article discussed the keys to becoming a level 4 maturity threat hunting program. This article will bring these concepts into the real world by discussing examples of attacks that required that high level of threat hunting maturity to find them and defend against them. The case studies...
How CB LiveOps Helps with Vulnerability Assessment
Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...
July 19, 2017 – Morning Cyber Coffee Headlines – “Rosetta Stone” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 19, 2017 - Headlines Cyberattack on Ukrainian Clinics, Pharmacies Worries...
CB TAU Threat Intelligence Notification: Buran Ransomware
Recently there was malvertising campaign which would redirect users to RIG exploit kit and then infecting victim’s computer with a new ransomware named as Buran Ransomware. It will drop a ransom note named ‘!!! YOUR FILES ARE ENCRYPTED !!!.txt’ and append victim’s personal ID as extensions to the...
Cybersecurity Skills Gap: “There’s No Silver Bullet to Solving the Problem” & Other Takeaways From the Toronto Global Forum
Last week, I ventured up to the beautiful city of Toronto — and while I’d love to go back for pleasure, this trip was strictly business. The Toronto Global Forum is an international conference that brings together heads of states, central bank governors, ministers and global economic decision...
Carbon Black TAU Threat Analysis: Emotet Banking Trojan Leverages MS Office Word Docs, PowerShell to Deliver Malware
Emotet is a family of banking malware, which has been around since at least 2014. Attackers continue to leverage variants of Emotet and are becoming increasingly shrewd in the techniques they employ to deliver the malware onto an infected system. In the spring of 2018 Carbon Black's Threat Analys...
November 16, 2017 – Morning Cyber Coffee Headlines – “Space Jam” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! November 16, 2017 - Headlines White House Releases New Charter for Using,...
Carbon Black TAU Threat Analysis: A Deeper Look at BadRabbit Shows Overlapping Similarities to NotPetya
BadRabbit was a ransomware variant initially detected in the wild on October 24, 2017. On that day, Carbon Black and several other research organizations conducted triage analysis of the sample and provided write ups. Carbon Black also provided an internal post in the User Exchange documenting IO...
Partner Perspectives: How Axonius and Carbon Black Make Seeing and Securing All Assets Radically Simple
Back in the 1990s, visibility and security were much easier. In the workplace, users connected their laptops and desktops to a network through a cable. Asset inventory was as simple as walking from cubicle to cubicle or entering specs into a spreadsheet. And then, of course, things became much mo...
CB TAU Threat Intelligence Notification – Karagany Malware
Secureworks recently reported in regards to an update of Karagany malware last month. The malware is used by the IRON LIBERTY threat group also known as DragonFly2.0 and Energetic Bear, targeting energy companies and organizations. Carbon Black Threat Analysis Unit TAU provides the product rules ...
How CB LiveOps Enhances Your Security
If you’re using Carbon Black products, you are already familiar with the actionable insights they provide. Whether you’re doing root cause analysis or setting up policies around what applications are allowed to run on your machines, Carbon Black gives you the tools you need to understand and take...
VMware Carbon Black TAU Malware Analysis: Tofsee Botnet Resurfaces
Tofsee is a botnet which has not been reported on since the following analysis in September of 2016 by the Cert Polka team and Cisco Talos. This updated campaign employs new techniques in order to aggressively send large volumes of spam emails primarily targeting the adult dating scene. This new...
Four Steps to Becoming a Threat Hunter
Roles in cybersecurity have evolved to now include the title of “Threat Hunter”. It sounds cool, but I’m sure many of you are wondering what it really means and how it is different from the job you’ve been doing. Up until now, most of us have performed a job more akin to “Threat Wrangler”. Once...
Top 5 Threat Hunting Myths: “Threat Hunting Is Just a Fad”
The cybersecurity landscape is in a constant state of change and, as many organizations have learned, it’s no longer a matter of if you’ll face a cyberattack, but when. In today’s world, attackers intentionally look normal to evade automated defenses. With the rise of ransomware, fileless and...
October 5, 2017 – Morning Cyber Coffee Headlines – “Ball-Point Pen” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! October 5, 2017 - Headlines Carbon Black in the News: Advanced Threat Analytics...
September 29, 2017 – Morning Cyber Coffee Headlines – “Autumn” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! September 29, 2017 - Headlines NY Regulator Says Equifax Making Progress on...