849 matches found
Join Us for the Virtual Connect 2020 Conference
Every year, VMware Carbon Black Connect brings together some of the best and brightest in security to collaborate on solving today’s most pressing problems and to learn about the future of endpoint security. While 2020 marks the first year that Connect will be held in a virtual setting, it does n...
MITRE ATT&CK Evaluation Demonstrates the Power of the VMware Carbon Black Cloud
MITRE has released the results for its latest endpoint detection and response EDR product evaluation using its now industry-standard open methodology, the ATT&CK® framework. This year’s results further demonstrate why VMware Carbon Black, now a two-time participant, is a top choice of security an...
We Need to Change the Structure of Security to Transform Security
We Need to Change the Structure of Security to Transform Security Tom Corn, Senior Vice President of Security Products at VMware, was recently recorded giving his overview of the fundamental problem companies have with security today. His answer — we’ve got too much happening in silos and too muc...
VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus
On February 14, 2020 the U.S. Department of Homeland Security DHS released a Malware Analysis Report MAR-10271944-1.v1 which provided information about a trojan they referred to as HotCroissant. DHS attributed the trojan to a threat group based in North Korea, often referred to as Hidden Cobra...
Time for Reflection and Thanks
Most of the programs I ran used calendar years for project planning, budgets, etc. I always found November to be a good time to reflect on the progress made, plan for the next year, and give thanks for all the positive steps in the right direction. In general, I followed the SWOTT method for...
Amid COVID-19, Global Orgs See a 148% Spike in Ransomware Attacks; Finance Industry Heavily Targeted
Cyber criminals often exploit fear and uncertainty during major world events by launching cyberattacks. These attacks are often performed with social engineering campaigns leveraging malicious emails that lure victims to install malware that steals financial data and other valuable personal...
6 Tips to Keep Your Video Conferencing Meetings Secure
The sudden and dramatic shift to a mobile workforce has thrust video conferencing into the global spotlight and evolved video conferencing vendors from enterprise communication tools to critical infrastructure. During any major and rapid technology adoption, cyberattackers habitually follow the...
The Results Are In: Defender Confidence Is On The Rise
Recently, I spent two weeks traveling across Europe talking with defenders, reporters, and leaders of security programs. While each country faces its own unique challenges and has its own needs, there were a few themes that were consistently present. Threat Outlook Report 2020. Naturally, we...
TAU Threat Analysis: NetWire Variant Leveraging AutoIt Scripts and Windows Shortcut Links
NetWire, an information stealing RAT that dates back multiple years, has been witnessed in the wild recently using a tactic of combining Windows shortcut link files and AutoIt scripts. These scripts pose as BitTorrent files, a protocol used for direct peer-to-peer file transfers, to entrench and...
Coronavirus and the Growing Mobile Workforce: Prioritizing Endpoint Security
Editor's Note: Gary Stevens, a technology writer, is posting as a guest author to carbonblack.com Despite the global COVID-19 response and current recommendations for social distancing, institutions, enterprises and businesses still need to function and maintain all necessary operations where...
COVID-19: Cybersecurity Community Resources
Novel Coronavirus COVID-19 has thrust personal safety and security into the public’s consciousness in an unprecedented way. Families, employees and global businesses have been forced to upend their lives to make their respective communities healthier and more resilient. Our collective response to...
vExpert Security 2020 Award Announcement
Thank you to everyone who applied for the vExpert Security sub-group and thank you to the vExpert PRO’s for doing their part in this process. We are pleased to announce the list of 2020 vExperts Security. Each of these vExperts have demonstrated significant contributions to the community and a...
AMA Recap: Top 10 Tips to Secure Your Remote Workforce
This is part of our ongoing conversation about the worldwide challenges of working remotely. To stay up-to-date on the latest insights, refer to our live page for COVID-19: Cybersecurity Community Resources. As organizations around the world transition to remote work en masse, cybersecurity...
How Federal Employees Can Protect their Agencies During the Pandemic
It’s no secret that the way the world works has shifted since COVID-19 came on the scene. Operations are going remote and, for many government and federal agencies, this is new territory. This novelty is compounded by the fact that nation-state attacks are—and have been—on the rise for quite some...
Managing Team Burn Out
According to the World Health Organization: “Burn-out is a syndrome conceptualized as resulting from chronic workplace stress that has not been successfully managed. It is characterized by three dimensions: feelings of energy depletion or exhaustion increased mental distance from one’s job, or...
Announcing the Release of Malware Prevention for Linux
The VMware Carbon Black team has a mission to keep your entire organization safe from cyber attacks. To deliver on this for today’s landscape, the Carbon Black Cloud platform has added malware prevention for Linux to bring the entire protection lifecycle to Windows, macOS, and Linux. With Linux n...
Threat Analysis Unit (TAU) Threat Intelligence Notification: CoronaVirus Ransomware
"CoronaVirus" Ransomware has been found distributed via a phishing website. The malicious website will distribute a trojan downloader which then leads to downloading additional malicious payloads: the Kpot InfoStealer and Coronavirus Ransomware. "CoronaVirus" Ransomware will perform the deletion ...
The Dukes of Moscow
Overview APT29, also known as The Dukes or Cozy Bear, is a cyberespionage group active since at least 2008. It’s believed that the group operates either under the Russian Foreign Intelligence Service SVR or the Russian Federal Security Service FSB. They primarily target western governments and...
How to Do More with Less — a CISO’s Perspective
I’ve learned a ton of lessons over my years in the InfoSec world. I’ve made a lot of the right calls, but also a bunch of wrong ones. One of the lessons I have learned is how to operate in an environment of scarcity. This lesson started long before my career did. Growing up, I was the child of a...
How VMware Carbon Black Helps Agencies Meet CDM Requirements
When a crime is committed, one of the first things the police do is collect evidence from any security cameras nearby, and these days, cameras are everywhere. That’s a model that federal agencies want to apply to cybersecurity. This constant monitoring of systems to catch bad actors provides the...
Defender Behavior in 2019
Security is a team sport, or at least it should be. Given the constant behavior evolution we see from attackers and the vast IT footprint attackers can target, IT and security teams clearly face an uphill battle. Whereas attackers only have to be right once to succeed, defenders must be right 100...
Q&A: Insights from the Red Canary 2020 Threat Detection Report
In light of the latest update to the MITRE ATT&CK framework, Red Canary has developed a Threat Detection Report uncovering the top techniques attackers use to target your organization. To understand the significance of the report, we turned to two of VMware Carbon Black’s top threat experts, Greg...
VMware Carbon Black Removes Endpoint Limits for Customers to Secure Their Changing Environments During the COVID-19 Crisis
Novel Coronavirus COVID-19 has thrust personal safety and security into the public’s consciousness in an unprecedented way. Families, employees, and global businesses have been forced to upend their lives to make their respective communities healthier and more resilient. A key component to this...
What’s Coming in 2020: An RSA Recap
VMWare Carbon Black recently published our Outlook 2020 Threat Report largely fueled by the work of our amazing Threat Analysis Unit. Greg Foss @Heinzarelli and Andrew Costis @0x4143 did some in-depth research on Malware samples seen in 2019. As part of RSA, Greg and I had the chance to present o...
Technical Analysis: Hackers Leveraging COVID-19 Pandemic to Launch Phishing Attacks, Fake Apps/Maps, Trojans, Backdoors, Cryptominers, Botnets & Ransomware
The global COVID-19 pandemic is generating a substantial uptick in the production and delivery of Coronavirus themed malware. Due to a rapidly growing number of Indicators of Compromise IOC’s, this report covers the key behaviors by aligning to the MITRE ATT&CK Framework. MITRE ATT&CK launched in...
What is the Cybersecurity Equivalent of Washing Your Hands for 20 Seconds?
With COVID-19's spread, there have been numerous recommendations from health authorities and experts that one of the best, first-level measures to help spread infection is to wash hands with soap and water thoroughly for 20 seconds. In recent days, we’ve frequently gotten the question: “What can ...
Detecting Fileless Attacks with Enterprise EDR’s AMSI Visibility
If this year’s 2020 Cybersecurity Outlook Report taught us anything, it’s that defenders are seeing an increasing amount of defense evasion techniques in their environments. It’s crucial for security teams to have the granular visibility they need to spot malicious attacker behavior, however...
Tips for Securing Remote Workers
As more and more employees are mandated to work from home, security and non-security professionals alike are left wondering what they can do to keep their data and systems safe. To help with this, we’ve compiled a list of some of the key things you can do to ensure your defenses are up—on or off...
Evaluating EPP in the Time of XDR
The endpoint detection and response EDR market is not only more critical than ever, it is also going through the biggest period of innovation in its history – bigger than when EDR was first introduced by Carbon Black 7 years ago. This next wave of innovation is about extending EDR beyond the...
Threat Analysis: CVE-2020-0796 – EternalDarkness (ghostSMB)
On March 10, 2020 analysis of a SMB vulnerability was inadvertently shared, under the assumption that Microsoft was releasing a patch for that vulnerability CVE-2020-0796. As of March 12, Microsoft has since released a patch for CVE-2020-0796, which is a vulnerability specifically affecting SMB3...
2019: Looking Back at Ransomware
In security, 2016 was “The Year of Ransomware.” Since then, ransomware has only gotten more pervasive, costing billions in damages. In that vein, 2019 could have been referred to as “The Year of Ransoming Governments.” More than 70 state and local governments across the U.S. suffered ransomware...
New Osterman Research Report | Cyber Security in Healthcare
In 2019, roughly 45 million healthcare records were breached in the United States. With ransomware as their go-to technique, cyber attackers are targeting healthcare providers, medical devices, and critical supply chains more than ever before. The latest Osterman Research report, “Cyber Security ...
2019: Looking Back at Malware
In 2019, attacker behavior evolved, becoming more evasive. The most common behaviors seen across all attack data—mapped to the MITRE ATT&CK™ Framework—were: Software Packing for Defense Evasion, Hidden Windows for Defense Evasion, Standard Application Layer Protocol for Command and Control C2,...
Announcing the VMware vExpert Security Program!
We’re excited to share that the VMware Security Products Team and Carbon Black is announcing a new Security vExperts program. If you’re not familiar with vExperts, the program is designed to recognize individuals who are passionate about sharing their knowledge of VMware technologies with the...
RSA 2020 – That’s a Wrap!
Last week VMware Carbon Black attended the RSA Conference 2020 in San Francisco! This year was bigger than ever before, as we shared our vision for intrinsic security — for a safer, more effective world. Get all the highlights and check out some of our favorite moments in the wrap up below. The...
IT Operations and Security: It’s Time to Build Something Better Together
Having been in the industry for longer than I care admit, I have seen the growth pre and post public internet. With that growth, there have been many changes with how organizations address the balance of IT Operations and Security, where tension still exists. IT Ops must keep the business running...
VMware Carbon Black Threat Analysis: FTCODE Ransomware
FTCODE is a fully PowerShell-based ransomware. It is distributed via malicious document files that contain macros or using VBScript to download and launch the malicious PowerShell script. FTCODE ransomware will scan a specific list of file extensions and encrypt them with Rijndael algorithm. Othe...
2020 Cybersecurity Outlook Report
In case you missed it, we are excited to release our latest report from the VMware Carbon Black Threat Analysis Unit TAU, the “2020 Cybersecurity Outlook Report”. In the search for clarity in the modern attacker vs. defender battle, it’s all about behaviors. More broadly, we explore the age-old...
Simplicity is the Key to Enterprise Cybersecurity
Editor’s Note: Sam Bocetta, a guest author on the VMware Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. In today’s digital environment, companies are...
Performance Testing: Justifying Cost and Performance Improvements (Part 2)
As mentioned in the first blog in this series, Melanie, a performance engineer at VMware Carbon Black, built both baseline and investigative tests for the engineers that develop and maintain the company’s reputation services. Here’s a deeper look at these tests and how they helped the company...
The Game Changing Role of Performance Testing (Part 1)
In two previous blogs, VMware Carbon Black software engineers discussed how important it was to maintain a balance of latency, scale, and cost as they built out and enhanced the company’s reputation services. They also provided some insights into the challenges they encountered with various...
Bringing Intrinsic Security to RSA Conference 2020
This year at the RSA Conference, VMware will be highlighting our vision for Intrinsic Security, a safer, more effective security built into the fabric of the various infrastructure control points that are vulnerable to attack endpoint, identity, network, cloud, workload. The VMware Carbon Black...
Breaking Down Election Security: Points of Vulnerability and Solutions
The importance of cybersecurity in the context of the democratic process has become undeniable—with nation-state hackers setting their sights on elections as effective vehicles for attack, disruption, and social unrest. Christopher Wray, the Director of the FBI, testified to Congress that U.S...
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0)
Summary The VMware Carbon Black Threat Analysis Unit TAU previously released a blog post documenting the Winnti version 4.0 malware. The new command and control C2 protocol that was implemented in one of the 4.0 samples was completely different from the existing understanding of the 3.0 protocol...
State & Local Governments: The Cyberinsurgency Spreads
Today’s world is dramatically different than even five years ago. Ransomware attacks, which used to make global headlines, are now commonplace. Cybercriminals—who have historically targeted large enterprises—are now also setting their sights on state and local governments. New, sophisticated...
Why Our Customers Love VMware Carbon Black
As the cybersecurity world advances, organizations are starting to change their approach to security. More and more teams are moving to the cloud to maximize their endpoint protection and simplify their security stack. Using VMWare Carbon Black's Cloud platform, our customers are able to...
See the Advantages of Intrinsic Security | Join the Webinar Next Week
At VMware Carbon Black, we’re excited to continue exploring our approach to Intrinsic Security. What what does “intrinsic security” mean, and how does it help enhance and support an organization’s existing security stack? Truly, there has never been a more challenging nor exciting time in...
VMware Carbon Black TAU Threat Analysis: Shlayer (macOS)
Following our initial reporting of this threat, Carbon Black’s Threat Analysis Unit TAU has continued following the Shlayer family of malware and monitoring changes adopted by this campaign. Although detection by antivirus vendors has improved over the past year, the malware authors continue to...
VMware Carbon Black TAU: Ryuk Ransomware Technical Analysis
Ryuk Ransomware has been crippling both the public and private sector recently with the ability to disrupt its target environment. The ransomware will typically be dropped by an already compromised system that has been infected by Trickbot or Emotet through a phishing email. Once the Ryuk payload...
Partner Perspectives: Protecting Industrial Control Systems with Verve Industrial’s Endpoint Management and Carbon Black App Control
Imagine waking up in the morning, flipping on your light switch and nothing happens. The natural human response is to flip the switch a few more times before realizing something is wrong. You jump out of bed and notice the smart coffeemaker has not brewed a fresh cup of coffee that you’ve come to...