Lucene search
K
CarbonblackRecent

849 matches found

Carbon Black Blog
Carbon Black Blog
added 2020/02/07 5:44 p.m.126 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: MailTo (NetWalker) Ransomware

MailTo is a ransomware variant that has recently been reported to have been part of a targeted attack against Toll Group, an Australian freight and logistics company. This ransomware makes no attempt to remain stealthy, and quickly encrypts the user’s data as soon as the ransomware is launched...

6.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/01/30 4:0 p.m.70 views

How we Developed a Unified Binary Store (UBS): Part 2

As you may have seen in Part One of this blog, one of our engineering teams at VMware Carbon Black was tasked with building a Unified Binary Store UBS that would increase operational efficiencies and serve as a centralized source of data across products. We were able to build the platform in thre...

7.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/01/29 5:53 p.m.49 views

Invoke-APT29: Adversarial Threat Emulation

MITRE recently conducted its second ATT&CK exercise in their ongoing annual series of Endpoint Security Efficacy testing and evaluation. This test focuses on assessing the behavioral capabilities of multiple endpoint security vendors against a simulated adversary, based closely around...

1.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/01/27 5:26 p.m.157 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: SNAKE Ransomware

A new enterprise targeting ransomware named ‘SNAKE’ was recently discovered. Similar to the other variants of ransomware, it will stop numerous processes or services such as antivirus software and perform the deletion of volume shadow copies to ensure all the data cannot be restored easily. After...

6.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/01/24 2:46 p.m.39 views

CB Customer Spotlight: Q&A with BraunAbility’s Arlie Hartman

BraunAbility is a mobility vehicle company committed to improving access and transportation for the world’s wheelchair community. Driven by a strong corporate culture of doing right by their customers and communities, providing advanced security has become an essential pillar of their mission...

0.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/01/21 6:41 p.m.155 views

Threat Analysis Unit (TAU) Technical Report: The Prospect of Iranian Cyber Retaliation

Several different events in the Middle East ME region have escalated in the last several weeks between Iran and the United States. After a series of military operations between the two countries, several alerts were released from the U.S. government of a potential for cyberattacks. Traditionally...

7.2CVSS7.7AI score0.06932EPSS
Exploits8
Carbon Black Blog
Carbon Black Blog
added 2020/01/21 4:49 p.m.36 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: Snatch Ransomware

During the end of the year 2019, a ransomware named ‘Snatch” was discovered. Snatch ransomware will force Windows to reboot in Safe Mode where most of the software and system drivers will not be running in order to perform the file encryption process. Similar to the other variants of ransomware, ...

7.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/01/21 4:33 p.m.48 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: SatanCryptor Ransomware

In early January 2020, a new ransomware named ‘SatanCryptor’ was discovered. After it performs file encryption, it will drop a ransom note named “ SATAN CRYPTOR .hta” and append ‘.satan’ as a file extension to the encrypted files. In addition, SatanCryptor will delete itself after the execution t...

7.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/01/17 4:0 p.m.424 views

Using Live Query to Audit Your Environment for the Windows CryptoAPI Spoofing Vulnerability

This week, as part of its monthly patch Tuesday release, Microsoft disclosed an important security vulnerability CVE-2020-0601 affecting millions of Windows 10 and Windows Server 2016 & 2019 systems. More specifically, this vulnerability is a result of the way Windows CryptoAPI validates Elliptic...

5.8CVSS0.5AI score0.89436EPSS
Exploits14
Carbon Black Blog
Carbon Black Blog
added 2020/01/16 4:0 p.m.64 views

How we Developed a Unified Binary Store (UBS): Part 1

Like most technology companies, VMware Carbon Black has a combination of acquired and built technologies that all utilize their own data stores. As our products have evolved to include the benefits of a centralized cloud offering, our data stores needed to similarly evolve. A new goal was formed:...

0.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/01/10 5:3 p.m.2556 views

How to Use VMware Carbon Black’s Real-Time Endpoint Query to Identify BlueKeep Vulnerability Risk

Recently, security researchers revealed a Proof of Concept attack that leverages the BlueKeep vulnerability. Whenever this type of news breaks on the twittersphere, organizations are left with the question: "Are we susceptible to this type of attack?" Using CB LiveOps, a real-time endpoint query...

10CVSS0.2AI score0.99999EPSS
Exploits123
Carbon Black Blog
Carbon Black Blog
added 2020/01/02 6:0 p.m.34 views

Making Container Deployment and Analysis Self-Service for Development

Team Riptide was tasked with creating an environment for our developers that removes operational burdens. We wanted to provide them with infrastructure, best practices, automation, and self-service tooling so that they could focus on innovation. The result is an internal system we call “Mosaic,”...

Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/19 4:15 p.m.59 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: CrescentCore (macOS)

In June of 2019, researchers at Intego discovered a new Trojan for macOS systems which they named CrescentCore. Much like Shlayer and other common malware targeting macOS systems, CrescentCore is often delivered via a fake Adobe Flash Player installer or updater. This malware employs multiple...

1.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/18 5:44 p.m.67 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: DeathRansom Ransomware

During mid-November, a new ransomware named ‘DeathRansom” was found being distributed. Similar to the other variants of ransomware, it will perform the deletion of volume shadow copies to ensure all the data cannot be restored easily. After the DeathRansom performs file encryption, it will drop...

6.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/18 4:0 p.m.34 views

How We Streamlined Infrastructure and Tooling as a Service for Development

At VMware Carbon Black, we’ve historically acquired a broad technology stack in our journey to build the premier security solution that understands cybercriminal behavior. Inheriting such a variety of tooling and storage solutions presented a challenge for us operationally. So, in order to reduce...

0.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/13 5:31 p.m.85 views

VMware Carbon Black TAU Malware Analysis: Tofsee Botnet Resurfaces

Tofsee is a botnet which has not been reported on since the following analysis in September of 2016 by the Cert Polka team and Cisco Talos. This updated campaign employs new techniques in order to aggressively send large volumes of spam emails primarily targeting the adult dating scene. This new...

7.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/13 4:43 p.m.102 views

VMware Carbon Black TAU Threat Research: Visualizing Ransomware with MITRE ATT&CK

If no one had ever heard of ransomware prior to May 2017, then one thing that is fairly certain is that the WannaCry ransomware outbreak unquestionably put ransomware on the security radar, and sent shivers up CISO’s and analysts’ spines for the weeks and months that followed. Only a few weeks...

7.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/13 4:24 p.m.77 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: Tofsee Botnet

Tofsee is a botnet which has not been reported on since the following analysis in September of 2016 by the Cert Polka team and Cisco Talos. This updated campaign employs new techniques in order to aggressively send large volumes of spam emails primarily targeting the adult dating scene. This new...

7.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/13 4:20 p.m.77 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: BlackRemote RAT

BlackRemote is a relatively new commodity RAT discovered in September 2019. Similar to other Remote Access Trojans, it offers typical functionality such as keylogging, remote desktop, file transfer, credential harvesting, and more. Despite the discovery of this RAT being caught early, and while t...

0.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/12 2:57 p.m.44 views

‘Tis the Season for Holiday Cyber Heists

‘Tis the season for cyberattacks, particularly when it comes to the retail industry. According to the VMware Carbon Black Threat Analysis Unit TAU, retail organizations may see a noticeable spike in attempted cyberattacks during the holiday season. Click here to download the full report TAU’s...

0.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/10 3:34 p.m.413 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: Tick Downloaders (Operation ENDTRADE)

Trend Micro released a white paper about Tick, a Chinese cyberespionage threat actor targeting east asian countries. The report details several new downloader malware families. VMware Carbon Black Threat Analysis Unit TAU reviewed the malware and is providing product rules to detect and identify...

9.3CVSS2.8AI score0.95121EPSS
Exploits7
Carbon Black Blog
Carbon Black Blog
added 2019/12/10 3:26 p.m.44 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: Skidmap

Hijacking machine resources and using them to mine for cryptocurrency continues to be an attractive and lucrative target for threat actors. As we’ve continued to see this type of attack used, we’ve also seen more platforms being targeted. Seeing cryptocurrency mining malware targeting Linux and...

0.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/10 3:20 p.m.20 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: Cyborg Ransomware

Cyborg Ransomware was found being distributed via spear-phishing email campaign which contains a fake “Windows Update” email which appears as a ‘.jpg’ file in the email attachment, but is instead a ‘.exe’ binary file. It tries to tempt users to click on the malicious attachment file in order to...

6.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/10 3:16 p.m.23 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: njRAT

njRAT is a Remote Access Trojan RAT that will silently collect and steal sensitive information such as login credentials. It can also perform keylogger monitoring, remote desktop control, installing additional malicious software, and many other malicious activities on the victim’s computer. In...

1.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/04 5:0 p.m.35 views

Latest Enterprise EDR Now Available on All Major Operating Systems

VMware Carbon Black is today announcing new capabilities for macOS systems protected by our cloud-native enterprise endpoint detection and response EDR solution, CB ThreatHunter. This latest release on the VMware Carbon Black Cloud further expands customizable detection, threat intelligence,...

0.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/04 4:0 p.m.47 views

Our Communication Strategy to Help Development Make the Switch to Kubernetes

VMware Carbon Black has acquired a lot of technology as it has grown. That means we have a lot of different tooling in play that is both costly and complex to manage. Our VP of Engineering recognized this and created a new team specifically tasked with creating a unified system infrastructure and...

7.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/03 7:37 p.m.31 views

Four More Years… of Remediation

Last week, I read a blog from Brian Krebs about how a recent study showed that ransomware data breaches at hospitals are tied to an uptick in fatal heart attacks. Whenever I see an article with “fatal” and “cyber” in the title, I usually use it as a proof point for why we need less FUD in the...

7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/03 7:25 p.m.36 views

Mitigating Modern Insider Threats in FIs

More and more financial institutions FI are migrating to the cloud—increasing efficiencies and access to services. With this move, however, comes a new degree of risk. Without the right levels of protection and visibility, you leave yourself open not only to attacks by external actors but interna...

0.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/02 6:0 p.m.52 views

Navigating the Looming Threat of Nation-State Attacks

Nation-state attacks are sophisticated cyberthreats from adversaries working directly or indirectly for their own government. Their objectives might be to steal sensitive information, disrupt enemy capabilities, grow financial power through cryptocurrency, or even sway the international balance o...

1.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/27 4:0 p.m.80 views

Fileless Attacks: The Next Frontier for Cybercrime

The world of cybersecurity is rapidly evolving, and so are the methods of cybercriminals. More and more attackers are moving away from traditional malware—in fact, 60% of today’s attacks involve fileless techniques. A fileless attack also known as a “memory-based” or “live-off-the-land” attack is...

2.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/22 3:59 p.m.33 views

How To Teach Cybersecurity to Today’s Youth

Editor’s Note: Sam Bocetta, a guest author on the Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. Cybersecurity is important for everyone, but teaching the...

6.9AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/21 3:56 p.m.29 views

VMware Carbon Black Threat Report: One Year Out From the 2020 U.S. Elections, Geopolitical Tension Continues to Spawn Cyberattacks

This morning, VMware Carbon Black released its latest Global Incident Response Threat Report GIRTR. Now in its fourth edition, the GIRTR is written in partnership with VMware Carbon Black's incident response IR partner ecosystem and aggregates input from top IR experts to give you, the reader, a...

0.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/20 6:0 p.m.52 views

Taking Reputation to Scale: An Iterative Journey with an Agile Approach (Part 2)

In Part 1 of this blog, we shared with you the challenges we had in balancing latency, scalability, and cost for our reputation services. In this blog, we’ll give you some insights into each major iteration along that journey, from the beginning to where we are now. 100 requests per second. Befor...

7.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/20 6:0 p.m.38 views

Ransomware: 30 Years and Still Going Strong

In the tech world, systems – and methods to break said systems – seem to evolve by the minute. Technological advancement grows exponentially each year, and the realm of cybersecurity is no exception. However, some entities have survived and even thrived over the decades, rather than falling...

6.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/20 3:51 p.m.81 views

Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire)

Malware C2 addresses can be an important IOC to detect known threats. In order to obtain C2 information, we first need malware samples which are then analyzed dynamically or statically. However the analysis task is often times not straightforward. Increasingly anti-analysis methods are implemente...

7.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/19 6:5 p.m.232 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: AsyncRAT

AsyncRAT is a Remote Access Tool RAT designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop...

0.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/19 5:57 p.m.83 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: Estemani Ransomware

Estemani Ransomware’s behavior is similar to other variants of ransomware. It will perform task kill on processes to ensure the encryption of files such as database program SQL server, perform the deletion of volume shadow copies, and disable Windows automatic startup repair to ensure all the dat...

7.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/18 5:14 p.m.78 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: Ramnit Banking Trojan

Ramnit Banking Trojan was first discovered in 2010 and is still evolving and staying actively as the second rank on the top banking trojan list in October 2019 as from the source post. It may be distributing via malvertising, exploit kit, spear-phishing campaign or others method to infect on the...

0.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/18 5:6 p.m.68 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: OSX.Yort

In March of 2019 Kaspersky published an article about the Lazarus APT group continued targeting of financial entities. Their report noted that this new campaign being tracked was targeting both Windows and macOS users. The campaign used both malicious PowerShell scripts on windows as well as macO...

0.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/13 6:0 p.m.61 views

What Makes Island Hopping a Formidable Threat?

Island hopping is a technique used by cybercriminals to exploit less sophisticated organizations in order to breach their larger affiliates. Attackers use vulnerabilities in the first company’s defenses as a point of entry to the second. This is no small threat. In fact, half of cyber attacks tod...

1.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/11 4:8 p.m.752 views

Wild Blue Yonder: VMware Carbon Black ThreatSight Dissects BlueKeep Windows Exploit

VMware Carbon Black’s ThreatSight TS team monitors customer environments to detect and alert on new and emerging threats. Recently, ThreatSight detected malicious behavior that leveraged several attack vectors, including one of the first known uses of the newly released BlueKeep Windows exploit i...

10CVSS0.8AI score0.99999EPSS
Exploits123
Carbon Black Blog
Carbon Black Blog
added 2019/11/07 6:0 p.m.59 views

What’s So Dangerous About Spear Phishing?

Spear phishing is one of the most common and most effective cyberattack vectors seen today. Delivered through email, spear phishing campaigns aim either to infect devices with malware, or to steal important information—like credentials and bank numbers. Spear phishing is targeted at specific grou...

0.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/06 6:0 p.m.52 views

Taking Reputation to Scale: The Delicate Balance of Latency, Scale, and Cost (Part 1)

When it comes to serving reputation, even a millisecond of latency could create havoc, resulting in the unwanted spread of malware and causing costly consequences that no security company or customer wants. And that’s why we, as engineers here at Carbon Black, are constantly working towards...

0.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/05 8:1 a.m.39 views

Dell Technologies + VMware Carbon Black: Better Together

It’s been an exciting few months for the VMware Carbon Black team and we’re excited to share some big news with you. Today, from VMworld Europe 2019 in Barcelona, VMware announced an enhanced partnership with Dell Technologies that will make Carbon Black Cloud, along with Dell Trusted Devices and...

0.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/10/31 5:12 p.m.76 views

VMware Carbon Black Cloud Adds Linux Support for Enterprise EDR

VMware Carbon Black is proud to unveil another major operating system expansion for our cloud-native endpoint protection platform EPP. CB ThreatHunter, our enterprise endpoint detection and response EDR solution on the VMware Carbon Black Cloud platform has expanded its support to include Red Hat...

0.9AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/10/30 8:27 p.m.36 views

Why Cloud is the Future of Enterprise Cybersecurity

The speed at which cyberthreats have been targeting enterprise networks and endpoints is forcing IT leaders to change the way they think about cybersecurity. One alternative to how enterprises look at security is to treat cloud as an operating system, says Patrick Morley, general manager of VMwar...

Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/10/23 5:0 p.m.49 views

If You Don’t Have 2, You Don’t Have 1

If You Don’t Have 2, You Don’t Have 1 “If you don’t have 2, you don’t have 1” is something you hear often in our engineering group. This is our team’s way of stressing the importance of persistence in data engineering. If a stream goes down, you lose it. You have to get confirmation that data is...

0.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/10/17 1:35 p.m.48 views

Partner Perspectives: Stop Advanced Cyber Threats with End-to-End Protection from ThreatWarrior and Carbon Black

Today’s rapidly advancing technology and our “constantly connected” mindset have given rise to a malicious underworld of sophisticated cybercriminals and constantly-evolving cyberattacks. Understanding these new forms of attack, predicting strikes, and responding quickly is the only way to defend...

0.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/10/15 5:49 p.m.68 views

Introducing Integrated Threat Intelligence from ThreatConnect on the PSC

To effectively defend against attacks, analysts must leverage details from multiple tools to gain an understanding of the actions they need to take to protect their environment. By integrating context from different tools and intelligence feeds into the alerts security teams receive, they have...

Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/10/09 5:0 p.m.70 views

How We Developed Our EQR Plugins

Extensible Analytics with EQR’s Lightweight, Ultra-Performance Plugin System I’ve written a few posts now on the plans and development of EQR Event Query Router, the open-source tool we built to give data scientists the ability to execute large-scale queries on real-time big data streams without...

7.8AI score
Exploits0
Total number of security vulnerabilities849