Introducing VMware Carbon Black Cloud Workload™

If you know Carbon Black, you know that we helped invent Endpoint Detection and Response EDR and pioneered the field of next-generation anti-virus NGAV and malware protection. If you know VMware, you know we helped invent virtualization and have championed moving core business servers and service...

Detecting Threats in Real-time With Active C2 Information

Often security practitioners rely on the reputation of IP Addresses to determine if traffic to and from that IOC is malicious. In practice, the reputation of IOCs, IPs specifically is only updated when public repositories or tracking projects have observed the command and control server C2 being...

The ABCs of Digital Distancing

No person is an island — despite the recent public health mandates on social distancing that might make us feel as though we are. Yet, sometimes these seemingly arbitrary constraints can catalyze innovations and approaches to common challenges – and everyone wins. In a recent tweet from entertain...

Top Three Demos at VMworld 2020: Security, Threat Hunting, and Beyond

VMworld 2020 Sept. 29- Oct. 1 is fast approaching. This year, and for the first time ever, VMworld will showcase a new intrinsic security track featuring 50+ sessions on the future of workspace and workload security. Attendees will have the opportunity to participate in hands-on workshops, hunt f...

The U.S. Secret Service Selects Tom Kellermann to Serve on Inaugural Cyber Investigations Advisory Board

Cybersecurity has become a recurring global news headline. From ransomware to data breaches, cyberattacks continue to be one of the biggest threats to both the private and public sectors. Earlier this year, the FBI reported a 400 percent increase in cybercrime1. And for the public sector, this is...

VMware Carbon Black First to Block Hidden Malicious Commands in Obfuscated Scripts

For a long time now, our Threat Analysts have flagged the growing threat of script-based attacks, especially from Microsoft PowerShell and Windows Management Interface script commands, and their ability to escape notice in many antivirus solutions. Increasingly, these types of attacks have become...

XDR Defined

The EDR market is going through the biggest period of change and innovation now. Historically, endpoint detection and response EDR was created to provide borderline protection for a system. It provides coverage for endpoints in an attack, and the result is an endpoint security that covers many...

Top Three Things I’m Looking Forward to at VMworld 2020

VMworld 2020 September 29 to October 1 is right around the corner. This year’s event is entirely virtual and offers a unique way for all attendees to engage with the compelling agenda. I’m excited to attend VMworld 2020 also as one of the VMware Carbon Black speakers. For 48 hours beginning in...

Top Six VMworld 2020 Sessions and Activities for a Threat Hunter

I’m excited to be a part of VMworld 2020 as a speaker and as a member of VMware Carbon Black. This year at VMworld 2020, hundreds of security experts will take the virtual stage and unveil how to implement a truly unified security approach. Sign up for free now and learn how intrinsic security...

The Future of Security: Lessons from Black Hat USA

For the last 23 years, Black Hat has been the world’s leading information security event where attendees are able to experience the latest security research, development, and trends. While 2020 marks the first year that Black Hat will be virtual, it does not limit the level of engaging content th...

Freedom, Flexibility, and Security: The Future of Remote Work

Over the past few months, many digital heavy enterprises have optimized or transformed their operations to bolster business continuity and resilience. One of these changes is implementing remote work policies, as employees have shifted to work from home, indefinitely. And while life stills feel...

Black Hat USA 2020: VMware Carbon Black Releases Global Incident Response Threat Report Detailing Surge in Cyberattacks Amid COVID-19

At Black Hat USA this week, VMware Carbon Black unveils findings from the fifth installment of the semiannual Global Incident Response Threat Report, entitled: “COVID-19 Continues to Create a Larger Surface Area for Cyberattacks,” based on an online survey in April 2020 of forty-nine incident...

Carbon Black EDR’s All-New Live Query Capability and Enhanced Fileless Visibility

VMware Carbon Black is excited to announce that VMware Carbon Black EDR formerly CB Response, recently named by Gartner as a 2020 Customers’ Choice for Endpoint Detection and Response solutions, now features enhanced insight into fileless activity via Microsoft’s AMSI and a brand new Live Query...

TAU Threat Discovery: Cryptocurrency Clipper Malware Evolves

Clipper malware is designed to steal cryptocurrency from victims by replacing wallet addresses in the victim’s clipboard with wallet addresses that belong to the attacker. This stealthy technique is designed to silently trick the victim when making what appears to be a legitimate cryptocurrency...

Fact vs. Fiction: 10 Endpoint Security Myths Debunked

Simply defined, endpoint security protects desktops, laptops, servers, and fixed-function devices from malicious internal and external threats. Endpoint security combines various threat detection, response and prevention technologies to help organizations disrupt cyberattacks. Despite the clear-c...

Tax Day Fraud: “Identity Theft Subscriptions” in High Demand on the Dark Web

With billions of stolen usernames, passwords, banking information and more circulating on the dark web, identity theft is an evolving and lucrative business, one notorious for exploiting vulnerable times and vulnerable populations. COVID-19 was no exception, opening up a world of new opportunitie...

Ask the Howlers: Latest Threats and Security Challenges Part 1

This is part of our ongoing bi-weekly webinar series called Ask the Howlers, where cybersecurity experts discuss the latest news, security challenges, and answer your questions. There is no doubt that remote work has become the new norm. Many organizations around the world are adapting to this ne...

TAU Threat Discovery: Conti Ransomware

Conti is a new family of ransomware observed in the wild by the Carbon Black Threat Analysis Unit TAU. Unlike most ransomware, Conti contains unique features that separate it in terms of performance and focus on network-based targets. Conti uses a large number of independent threads to perform...

6 Best Practices to Fight a New Breed of Insider Threats

The current global pandemic has disrupted how organizations work. Some businesses quickly adapt while other organizations are still figuring out the new landscape. Unfortunately, criminals are exploiting vulnerabilities during this challenging time. There has been an 238% increase in cyberattacks...

6 Best Practices to Fight a New Breed of Insider Threats

The current global pandemic has disrupted how organizations work. Some businesses quickly adapt while other organizations are still figuring out the new landscape. Unfortunately, criminals are exploiting vulnerabilities during this challenging time. There has been an 238% increase in cyberattacks...

TAU Threat Analysis: Bundlore (macOS) mm-install-macos

The mm-install-macos variant of the Bundlore family of macOS adware has been around for many years in many variations and delivery methods. Recently, a variant with a novel installation method was discovered. Although most of the installation details were the same or similar to the samples analyz...

TAU Threat Analysis: Bundlore (macOS) mm-install-macos

The mm-install-macos variant of the Bundlore family of macOS adware has been around for many years in many variations and delivery methods. Recently, a variant with a novel installation method was discovered. Although most of the installation details were the same or similar to the samples analyz...

Popular Techniques Used by Cybercriminals Amid COVID-19

Editor's Note: Gary Stevens, a technology writer, is posting as a guest author to carbonblack.com. Cybercriminals constantly leverage fear and confusion by launching cyberattacks during major world events. Such attacks are mostly carried out with social engineering campaigns using malicious email...

Popular Techniques Used by Cybercriminals Amid COVID-19

Editor's Note: Gary Stevens, a technology writer, is posting as a guest author to carbonblack.com. Cybercriminals constantly leverage fear and confusion by launching cyberattacks during major world events. Such attacks are mostly carried out with social engineering campaigns using malicious email...

Broad, Ongoing Cyberattacks Targeting Australia Underscore Need for Behavioral-Based Cybersecurity

On Friday the Australian Federal Government detailed sustained ‘copy-paste’ threats on government and business throughout the country. According to the Government: “‘Copy-paste compromises’ is derived from … heavy use of proof-of-concept exploit code, web shells and other tools copied almost...

Broad, Ongoing Cyberattacks Targeting Australia Underscore Need for Behavioral-Based Cybersecurity

On Friday the Australian Federal Government detailed sustained ‘copy-paste’ threats on government and business throughout the country. According to the Government: “‘Copy-paste compromises’ is derived from … heavy use of proof-of-concept exploit code, web shells and other tools copied almost...

VMware Carbon Black and Dell Extend Endpoint Security Below the OS

As endpoint security continues to evolve and thwart legacy attack techniques, cyber criminals are always trying to stay one step ahead to avoid detection and gain a persistent foothold in their targets’ infrastructure. Some sophisticated attackers are gaining traction through the malicious...

VMware Carbon Black and Dell Extend Endpoint Security Below the OS

As endpoint security continues to evolve and thwart legacy attack techniques, cyber criminals are always trying to stay one step ahead to avoid detection and gain a persistent foothold in their targets’ infrastructure. Some sophisticated attackers are gaining traction through the malicious...

Court Ruling on Forensic Data Breach Reporting Flying Under the Radar

One thing that may have flown under the radar in recent weeks is that a court has ruled that Capital One must allow plaintiffs to review a cybersecurity firm’s forensic report related to the bank’s 2019 data breach despite the bank’s protests that it is a protected legal document. You can read mo...

Court Ruling on Forensic Data Breach Reporting Flying Under the Radar

One thing that may have flown under the radar in recent weeks is that a court has ruled that Capital One must allow plaintiffs to review a cybersecurity firm’s forensic report related to the bank’s 2019 data breach despite the bank’s protests that it is a protected legal document. You can read mo...

TAU Threat Analysis: Relations to Hakbit Ransomware

See part one of TAU's Hakbit Ransomware analysis here. Many blue team defenders out there will attest to the fact that ransomware is on the rise, and that ransomware doesn’t appear to be going away any time soon. Ransomware is only one of the numerous types of commodity-based emerging threats whi...

TAU Threat Analysis: Hakbit Ransomware

The bad actors behind Hakbit ransomware recently released an updated variant of their ransomware, which encrypts the victim’s data and demands 3 Bitcoins in ransom payment. This updated variant is delivered via phishing email as a malicious Excel document, and contains added functionality from th...

TAU Threat Analysis: Hakbit Ransomware

The bad actors behind Hakbit ransomware recently released an updated variant of their ransomware, which encrypts the victim’s data and demands 3 Bitcoins in ransom payment. This updated variant is delivered via phishing email as a malicious Excel document, and contains added functionality from th...

Why SecOps is (Still) the Future

Editor’s Note: Sam Bocetta, a guest author on the VMware Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. SecOps is not a new idea. Unfortunately, however, it is...

Why SecOps is (Still) the Future

Editor’s Note: Sam Bocetta, a guest author on the VMware Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. SecOps is not a new idea. Unfortunately, however, it is...

TAU Threat Analysis: Medusa Locker Ransomware

In recent weeks Carbon Black’s Threat Analysis Unit TAU has seen an increase in the number of infections attributed to the Medusa Locker ransomware family. There were notable traits exhibited by Medusa Locker in these attacks that warranted further investigation to determine behavioral tactics th...

TAU Threat Analysis: Medusa Locker Ransomware

In recent weeks Carbon Black’s Threat Analysis Unit TAU has seen an increase in the number of infections attributed to the Medusa Locker ransomware family. There were notable traits exhibited by Medusa Locker in these attacks that warranted further investigation to determine behavioral tactics th...

Forrester Study: VMware Carbon Black Cloud Provides 379% ROI

A newly published Forrester Consulting Total Economic Impact TEI study shows that organizations who replace their legacy endpoint security products with the VMware Carbon Black Cloud experience a 379% return on investment within three years. The commissioned study conducted on behalf of VMware al...

Bringing Intrinsic Security to Containers: VMware Acquires Octarine

UPDATE: On May 27, 2020 VMware officially closed its acquisition of Octarine. The blog post below has been amended to reflect that announcement. Today is a very exciting day for VMware and for our customers as we announce our acquisition of Octarine, whose innovative security platform for...

Forrester Study: VMware Carbon Black Cloud Provides 379% ROI

A newly published Forrester Consulting Total Economic Impact™ TEI study shows that organizations who replace their legacy endpoint security products with the VMware Carbon Black Cloud experience a 379% return on investment within three years. The commissioned study conducted on behalf of VMware...

Bringing Intrinsic Security to Containers: VMware Acquires Octarine

UPDATE: On May 27, 2020 VMware officially closed its acquisition of Octarine. The blog post below has been amended to reflect that announcement. Today is a very exciting day for VMware and for our customers as we announce our acquisition of Octarine, whose innovative security platform for...

TAU Technical Report: New Attack Combines TinyPOS With Living-off-the-Land Techniques for Scraping Credit Card Data

In April of 2020 VMware Carbon Black Threat Analysis Unit TAU researchers worked with an Incident Response IR partner on a piece of malware that was discovered during an ongoing PCI investigation. The combined analysis showed that attackers who previously leveraged a malware family called TinyPOS...

Third-Party Tests Rate VMware Carbon Black Cloud as a Leader in Protection, Detection; Platform Delivers 379% ROI for Customers

The biggest endpoint protection question for organizations right now is whether or not to upgrade from legacy approaches to cloud-native platforms with built-in EDR. If you boil this decision down to three key factors stronger protection, clearer visibility, and faster resolution, the choice...

Busting the Myths of Remote Workforce Security

This is part of our ongoing conversation about the worldwide challenges of working remotely. To stay up-to-date on the latest insights, refer to our live page for COVID-19: Cybersecurity Community Resources. I’ve attended a bunch of executive CISO roundtables over the past few weeks all focused o...

Predicting the Future of the SOC Analyst

I’ve been a SOC Analyst for four years now and was a desktop support engineer before that. When I first started as a SOC Analyst it was an exciting change. I was going to help protect the company and resolve suspicious incidents before they turned into breaches. The reality of my day-to-day was n...

‘Modern Bank Heists’ Threat Report Finds Dramatic Increase in Cyberattacks Against Financial Institutions Amid COVID-19

This marks the third edition of the Modern Bank Heists report, which takes an annual pulse of some of the financial industry’s top CISOs and security leaders. Thank you, again, for reading along and thank you to the 25 security leaders who participated in this year’s survey. This survey offers mo...

VMware Launches Next-Gen SOC Alliance with Splunk, IBM Security, Google Cloud’s Chronicle, Exabeam, and Sumo Logic

Today at Connect 2020, our company's annul cybersecurity conference, we made some exciting announcements, including the creation of a Next-Gen SOC Alliance. The alliance empowers SOC teams with visibility, prevention, detection and response capabilities that can uniquely leverage the VMware fabri...

Kicking off Developer Day 2020

Developer Day 2020 kicks off today with seven on-demand sessions for more than 2,600 registrants. This is the first time Developer Day has been held in a virtual setting and the VMware Carbon Black team is excited to welcome the largest group of developers we have ever had in attendance. With eig...

Cybersecurity Needs to Go Back to the Basics

This is part of our ongoing conversation about the worldwide challenges of working remotely. To stay up-to-date on the latest insights, refer to our live page for COVID-19: Cybersecurity Community Resources. This piece was co-authored with support from Optiv. Security teams have spent decades...

Tips for Securing Remote Work from Homes to Corporate Networks

On a recent webinar, Ryan Murphy, a founding team member of VMware Carbon Black, interviewed Cybersecurity Strategists, Tom Kellerman and Rick McElroy on how to work remotely, yet securely. What resulted were some fantastic tips on how to secure remote work access from their homes to the corporat...