849 matches found
July 18, 2017 – Morning Cyber Coffee Headlines – “Thomas Edison” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 18, 2017 - Headlines U.S. House Panel to Consider Self-Driving Car...
6 Security Tips to Consider While You Travel
Following the “8 Ways to Avoid the Cybersecurity Grinch” blog post, it seems like a follow-up is in order given the recent Marriott Breach disclosure. It is important to note that when we travel, similar to when we shop, we are putting our trust in the organizations we are dealing with during our...
Threat Analysis: Recent Attack Technique Attempts to Bypass Whitelisting by Leveraging MS Office Document Macros, MSBuild, Certutil
Carbon Black continues to monitor and track evolving techniques that attackers leverage. Over the last several years, there has been an increase in attackers leveraging open source frameworks and proof of concept POC techniques that are released publically by researchers. A document was recently...
August 9, 2017 – Morning Cyber Coffee Headlines – “Jesse Owens” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! August 9, 2017 - Headlines Take Down: Hackers Looking to Shut Down Factories fo...
Threat Analysis Unit (TAU) Threat Intelligence Notification: Estemani Ransomware
Estemani Ransomware’s behavior is similar to other variants of ransomware. It will perform task kill on processes to ensure the encryption of files such as database program SQL server, perform the deletion of volume shadow copies, and disable Windows automatic startup repair to ensure all the dat...
CB TAU Threat Intelligence Notification: Emotet Utilizing WMI to Launch PowerShell Encoded Code
Carbon Black recently learned that a customer had received a malicious email, which was written in German and was attached with a password-protected zip file that contained a malicious document file. This phishing email belongs to the recent Emotet campaign. However, what makes this malware uniqu...
VMware Launches Next-Gen SOC Alliance with Splunk, IBM Security, Google Cloud’s Chronicle, Exabeam, and Sumo Logic
Today at Connect 2020, our company's annul cybersecurity conference, we made some exciting announcements, including the creation of a Next-Gen SOC Alliance. The alliance empowers SOC teams with visibility, prevention, detection and response capabilities that can uniquely leverage the VMware fabri...
Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire)
Malware C2 addresses can be an important IOC to detect known threats. In order to obtain C2 information, we first need malware samples which are then analyzed dynamically or statically. However the analysis task is often times not straightforward. Increasingly anti-analysis methods are implemente...
CB Customer Spotlight: Q&A with MSD of Mt. Vernon’s William Stein
For the past 28 years, William Stein, Certified Education Technology Leader, has served as the Director of Information Systems for the Metropolitan School District MSD of Mt. Vernon in Indiana. Stein uses Carbon Black solutions to protect the K-12 school district’s data by responding to emerging...
3 Infosec Reflections to Kick off 2019 & Finally Shift the Balance of Power Back to Defenders
Wow. It's already 2019. Talk about a year in 2018 that flew by! I won’t spend this entire blog talking about 2018 but, needless to say, a lot happened in 2018 and it doesn’t look to slow down anytime soon. This time of year, I like to stop and reflect on the previous year and think about moving...
Small Business Benefits of Moving to the Cloud: Effective Security
When you’re selecting an endpoint security platform for your small business, you want it to work — and work well. However, less than one third of organizations believe that traditional AV has the power to stop the attacks that they are seeing.1 With fileless malware attacks and ransomware on the...
Partner Perspectives – Detecting Ransomware: Behind the Scenes of an Attack
Editor's Note: This blog originally appeared on RedCanary.com Ransomware has been the threat of the year. If you’ve had even a lazy eye on current events in information security, you’ve heard about the WannaCry infection that recently took out endpoints for hundreds of companies. By now you’ve...
Partner Perspectives: 3 Three Ways to Mitigate Your Phishing Risk
Editor's Note: This blog originally appeared on redcanary.com Phishing remains one of the most common and effective means for an attacker to gain initial access to their victims’ environments. Verizon’s 2017 Data Breach Investigation Report DBIR indicated that for two years running, phishing was...
Mature Your Threat Hunting by Testing Your Visibility
Threat hunting starts with a hypothesis. Without a hypothesis, you’re just combing through log files - and that isn’t threat hunting. Once you have a hypothesis, you can begin your search, but you won’t always find a hacker. Testing, like the open source tests available from Red Canary’s Atomic R...
Top 5 Threat Hunting Myths: “Threat Hunting Is Too Complicated”
The cybersecurity landscape is in a constant state of change and, as many organizations have learned, it’s no longer a matter of if you’ll face a cyberattack, but when. In today’s world, attackers intentionally look normal to evade automated defenses. With the rise of ransomware, fileless and...
October 9, 2017 – Morning Cyber Coffee Headlines – “Columbus Day” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! October 9, 2017 - Headlines Carbon Black in the News: How North Korea's nuclear...
Threat Analysis: Don’t Forget About Kangaroo Ransomware
The age of ransomware is upon us. Advanced ransomware variants are using NSA-leaked exploits to ravage hundreds of thousands of computers and collect thousands of dollars in bitcoins, while new variants are being produced on a weekly basis. With advanced samples taking up most of the media...
The CIO Will Report to the CISO
Note: This article originally appeared on LinkedIn Pulse. If you disagree with me, please visit the LinkedIn post to join the 70+ comments we've gotten so far. As a community we need the open discussion to advance our collective thinking. If you agree, please like, comment and/or share the post...
Fileless Attacks: The Next Frontier for Cybercrime
The world of cybersecurity is rapidly evolving, and so are the methods of cybercriminals. More and more attackers are moving away from traditional malware—in fact, 60% of today’s attacks involve fileless techniques. A fileless attack also known as a “memory-based” or “live-off-the-land” attack is...
The Future of Cloud Endpoint Protection Platform Starts Now
Each year, Gartner evaluates each competitive market according to customer feedback, detailed vendor surveys, and video demonstrations of the capabilities in action. Their flagship report for this analysis is the Magic Quadrant, and this year’s Endpoint Protection Platform EPP report has a lot to...
How CB LiveOps Helps with Compliance
Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...
Partner Perspectives: IR Challenges Solved by IncMan SOAR + Cb Response
John Moran is the Senior Product Manager for DFLabs. Cb Response is one of the most effective endpoint solutions when it comes to detecting, investigating and responding to advanced threats. I do not say this as a marketing person I am not, but as a former incident response consultant who utilize...
Aviation & Logistics: Island Hopping – A Growing Threat
When we think about the industries that have the most to lose from a serious cyber attack, our minds probably immediately go to the Finance, Healthcare, and Energy sectors. And for good reason - as Carbon Black research shows, 78% of IR professionals say they observe attacks on the financial...
Adapting “The Pilot’s Checklist” to the Cybersecurity Space
More and more often, we hear about another high-profile cybersecurity breach or ransomware attack at a large, well-known organization. Cybersecurity breaches seem to be inevitable at this juncture. While reading about these events, one thing is painfully clear: cybersecurity practitioners are...
Partner Perspectives: Operationalizing Data With the Carbon Black and Splunk Integration (Part 1)
Editor's Note: this blog originally appeared on RedCanary.com Over the last 5 years I have grown very close to Splunk. The product has evolved so much over the years, but the core architecture has always been easy to deploy and understand. Splunk is known for the speed at which it can search for...
Forbes Ranks Carbon Black As a Top Cloud Company for 2017
Today, Forbes announced its 2017 Forbes Cloud 100 list, a full ranking of the world’s top privately-held cloud companies. We are proud be named on the list alongside such innovators as Slack, Dropbox, DocuSign, Stripe, Cloudera and others. This is the second consecutive year Carbon Black has been...
Top 5 Threat Hunting Myths: “EDR Is Threat Hunting”
The cybersecurity landscape is in a constant state of change and, as many organizations have learned, it’s no longer a matter of if you’ll face a cyberattack, but when. In today’s world, attackers intentionally look normal to evade automated defenses. With the rise of ransomware, fileless and...
Carbon Black Report: A Case Study on Threat Hunting
There are certain seminal experiences you’ll remember all your life — your first kiss, your college graduation, the smell of your favorite home-cooked meal — and then hundreds of mini-experiences that helped you reach each milestone that in short order disappeared from view. The memories you carr...
August 1, 2017 – Morning Cyber Coffee Headlines – “August” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! August 1, 2017 - Headlines Carbon Black in the News: Carbon Black Appoints Form...
TAU Threat Analysis: Hakbit Ransomware
The bad actors behind Hakbit ransomware recently released an updated variant of their ransomware, which encrypts the victim’s data and demands 3 Bitcoins in ransom payment. This updated variant is delivered via phishing email as a malicious Excel document, and contains added functionality from th...
Threat Analysis Unit (TAU) Threat Intelligence Notification: Tofsee Botnet
Tofsee is a botnet which has not been reported on since the following analysis in September of 2016 by the Cert Polka team and Cisco Talos. This updated campaign employs new techniques in order to aggressively send large volumes of spam emails primarily targeting the adult dating scene. This new...
Threat Analysis Unit (TAU) Threat Intelligence Notification: BlackRemote RAT
BlackRemote is a relatively new commodity RAT discovered in September 2019. Similar to other Remote Access Trojans, it offers typical functionality such as keylogging, remote desktop, file transfer, credential harvesting, and more. Despite the discovery of this RAT being caught early, and while t...
Threat Analysis Unit (TAU) Threat Intelligence Notification: Ramnit Banking Trojan
Ramnit Banking Trojan was first discovered in 2010 and is still evolving and staying actively as the second rank on the top banking trojan list in October 2019 as from the source post. It may be distributing via malvertising, exploit kit, spear-phishing campaign or others method to infect on the...
Lessons Learned from the Incident Response Trenches: Investigating and Eradicating Kwampirs
Kroll has deployed CB Response during hundreds of cyber investigations because it can provide insights throughout each stage of the incident response IR process see graphic. One of Kroll’s recent investigations, which involved the Kwampirs malware, illustrates how CB Response helps uncover critic...
Partner Perspectives: How SOAR Acts as a Force Multiplier in Incident Response
John Moran is a Senior Product Manager for DFLabs. As a recovering incident response consultant, I am familiar with many of the common challenges incident response teams are faced with on a daily basis. When an incident occurs, teams are immediately bombarded with a myriad of critical questions...
How CB LiveOps Helps with IT Hygiene
Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...
Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform
Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Securit...
VMware Carbon Black Cloud Adds Linux Support for Enterprise EDR
VMware Carbon Black is proud to unveil another major operating system expansion for our cloud-native endpoint protection platform EPP. CB ThreatHunter, our enterprise endpoint detection and response EDR solution on the VMware Carbon Black Cloud platform has expanded its support to include Red Hat...
Partner Perspectives: Stay Proactive with Automated Threat Blocking from Carbon Black and IntSights
Alon Yotvat is a Senior Solutions Architect for IntSights. Carbon Black and IntSights have joined forces to combine next-gen endpoint security solutions with powerful external threat intelligence. This potent integration of cybersecurity technologies gives enterprises the protection they need to...
Cybersecurity Teardown: Benefit of Hash Values
Welcome to the second part in our Hash Values series of the Cybersecurity Teardown. Today, we'll be covering: How hashing could provide a valuable benefit A real-world example and explanation at work The results of our hashing This is the second part of a three-part series. Be sure to check back...
Discovering Design Principles
Carbon Black recently published a report on the challenges of securing Linux-based operating systems and how Carbon Black is redesigning the approach. For more information about how the CB Predictive Security Cloud, Carbon Black's consolidated endpoint security platform, helps enterprises cut cos...
The 10 Most Common Attacks
This post is an excerpt from The Ultimate Cybersecurity Guide for the IT Professional. Common Attacks Today’s organizations face four main categories of adversaries. In order to fully defend against these four types, you must also understand what motivates them. This context will best position yo...
Addressing the Cyber Security Skills Gap, Part 1
Operating in an adversarial driven world, cyber defenders are faced with many obstacles. In effort to keep pace with our adversarial counterpart, the cyber security skills gap has become the silent oppressor. In Part 1 of this multi-part blog series we will define the implications presented by th...
A Way Forward
Carbon Black recently published a report on the challenges of securing Linux-based operating systems and how Carbon Black is redesigning the approach. For more information about how the CB Predictive Security Cloud, Carbon Black's consolidated endpoint security platform, helps enterprises cut cos...
What You Should Look For in a Next-Generation Security Solution
Today’s businesses face a unique set of challenges. They want security that works and is easy to implement and manage but, frequently, are working with a limited budget and resources. Many organizations know their current antivirus solution has gaps, but don’t know where to begin in the search fo...
Carbon Black Announces Cb LiveOps, a New Offering on the Cb Predictive Security Cloud (PSC), Delivering Real-Time Query and Response
Today is another exciting day for Carbon Black! Earlier, we announced the release of Cb LiveOps™- the newest offering built on our Cb Predictive Security Cloud™ PSC. a platform delivering complete endpoint prevention, detection, and response, all from a single agent. Cb LiveOps extends core...
Delivering Intrinsic, Intelligent and Informed Security: VMware Completes Acquisition of Carbon Black
Editor's Note: This blog also appears on VMware's Newsroom. We are delighted to announce that VMware has completed its acquisition of endpoint security leader Carbon Black. With this move, VMware is launching a new Security Business Unit under the leadership of Patrick Morley, who has led Carbon...
Partner Perspectives: Better Together: Blue Hexagon Deep Learning-Powered Network Security and Carbon Black Endpoint Security
Tom Guerrette is the Director of Solutions Architecture for Blue Hexagon. It’s no surprise to any of us in the security industry that the threat landscape has transformed in the last 5 years in both speed and volume of attacks. According to The AV-Test Security Report, in 2017, 121.6 million new...
5 Crypto Crime Concerns: Your Top Cryptocurrency Mining Questions Answered
By the end of 2017, cryptojacking, or the secret use of computing resources for mining cryptocurrency, had already gained noticeable momentum. It’s a smart strategy if you’re a cyber criminal. Why try and ransom someone’s system and wait for them to pay you when you can essentially print money?...
September 20, 2017 – Morning Cyber Coffee Headlines – “Pizza” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! September 20, 2017 - Headlines Carbon Black in the News: Moving forward – and...