Lucene search
K
CarbonblackRecent

849 matches found

Carbon Black Blog
Carbon Black Blog
added 2019/04/05 5:22 p.m.167 views

CB TAU Threat Intelligence Notification: Hunting APT28 Downloaders

Recently the Carbon Black Threat Analysis Unit TAU analyzed the APT28 downloaders SedUploader and Zebrocy which has been observed over the previous six months. There have been several good publications regarding the code analysis of SedUploader and Zebrocy already 125679. Therefore, in this artic...

7.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/05 4:37 p.m.73 views

Carbon Black Awarded 5-Star Rating in CRN’s 2019 Partner Program Guide for the Third Consecutive Year

We are proud to announce that CRN®, a brand of The Channel Company, has given Carbon Black a 5-Star rating in its 2019 Partner Program Guide for the third consecutive year! According to CRN, this annual guide identifies the strongest and most successful partner programs in the channel today,...

0.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/04 4:44 p.m.96 views

CB TAU Threat Intelligence Notification: Email VBS Downloader Connects to C2 Server, Downloads Trickbot Payload

Carbon Black recently learned a customer had received a malicious email attached with a zip file which contained a malicious VBS script file. This malicious VBS downloader will connect to a Command & Control server and then download a malicious payload which contains Trickbot onto the victim’s...

1.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/03 5:0 p.m.50 views

SANS Reviews the CB Predictive Security Cloud

Understanding The Landscape Day by day, it is becoming more challenging to keep endpoints secure. In the SANS “Endpoint Protection and Response” survey from 2018, 42% of respondents indicated at least one of their endpoints had been compromised, and another 20% didn’t know if any endpoints had be...

0.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/03 3:0 p.m.127 views

CB TAU Threat Intelligence Notification: GandCrab 5.2 Ransomware Attempts to Delete Volume Shadow Copies

GandCrab 5.2 ransomware will append seven randomly generated strings as the file extension to each encrypted file and drop a ransom note named as ‘generated file extension-MANUAL.txt’, for example, “office.doc.uahmthl” and “UAHMTHL-MANUAL.txt”. It will also change the desktop background of the...

6.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/02 5:6 p.m.54 views

Carbon Black’s Global Incident Response Threat Report: The Ominous Rise of “Island Hopping” & Counter Incident Response Continues

To stay abreast of the current attack landscape and to quantify the latest attack trends seen by leading IR firms, Carbon Black is publishing its third Global Incident Response Threat Report GIRTR since introducing it in July 2018. Aggregating qualitative and quantitative input from 40 Carbon Bla...

0.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/02 5:0 p.m.55 views

Keys to Mature to a Level 4 Threat Hunting Program

Three Commonalities Among Level 4 Threat Hunting Programs Threat hunting programs that have reached level 4 maturity have three commonalities: The have implemented automation wherever possible to scale their effectiveness They have developed threat hunting processes to operationalize how they...

6.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/02 12:30 p.m.74 views

Partner Perspectives: Better Together: Blue Hexagon Deep Learning-Powered Network Security and Carbon Black Endpoint Security

Tom Guerrette is the Director of Solutions Architecture for Blue Hexagon. It’s no surprise to any of us in the security industry that the threat landscape has transformed in the last 5 years in both speed and volume of attacks. According to The AV-Test Security Report, in 2017, 121.6 million new...

0.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/01 3:23 p.m.137 views

CB TAU Threat Intelligence Notification – Recent Emotet Campaign Leverages Phishing, PDFs & Droppers Impersonating Legitimate Applications

This past week, CB ThreatSight analysts were investigating suspicious events in an environment. This customer had installed the CB Defense sensor on a subset of systems in monitor only mode for evaluation. While investigating suspicious events, a CB ThreatSight analyst uncovered a new Emotet...

0.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/28 2:52 p.m.112 views

CB TAU Threat Intelligence Notification: CryptoMix Clop Ransomware Disables Startup Repair, Removes & Edits Shadow Volume Copies

Summary A wew variant of CryptoMix Clop ransomware has been distributed as a binary that is digitally signed and verified which makes it look like a legitimate executable. In addition, CryptoMix Clop ransomware will append ‘.clop’ or ‘.ciop’ as a file extension to the encrypted file and drop a...

7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/27 1:38 p.m.55 views

CB Threat Intelligence Notification: Vidar InfoStealer Trojan Aims to Steal Data Before Erasing Itself

Vidar is an info stealer trojan, which was sold under the name Vidar Pro stealer and can be distributed through different campaigns. This malware will perform multiple types of malicious behavior including stealing web browser cookies and history, digital wallets, two-factor authentication data,...

1.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/26 5:0 p.m.88 views

Real World Examples Demonstrating the Need for Mature Threat Hunting

A recent article discussed the keys to becoming a level 4 maturity threat hunting program. This article will bring these concepts into the real world by discussing examples of attacks that required that high level of threat hunting maturity to find them and defend against them. The case studies...

7.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/26 3:38 p.m.59 views

Register for #CBConnect19 in San Diego Using Code SOCIAL50 to Receive 50% Off

In two months, hundreds of security professionals will gather in San Diego for two days of discussion around the future of endpoint security at CB Connect 2019. The event will take place at Hotel Del Coronado June 4-5 with sweeping views of Coronado beach where attendees will hear from robust...

0.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/26 2:19 p.m.60 views

Partner Perspectives: ThreatConnect and Carbon Black: Incorporating Threat Intel for Quicker Incident Response

Megan Horner is the Director of Product Marketing for ThreatConnect. When it comes to incident response, there’s typically a focus on three main stages: investigation, containment, and remediation. Moving from one stage to the next as efficiently as possible is critical to expediting response...

0.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/25 5:0 p.m.58 views

CB Customer Spotlight: Q&A with ALLETE’s Jeff Rotenberger

For five years now, Jeff Rotenberger has served as a cybersecurity analyst for ALLETE, an energy and utilities company providing for the Upper Midwest. Rotenberger and his team have been working with Carbon Black CB APIs and CB Response to greatly reduce time spent on security remediation. Read o...

7.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/22 4:5 p.m.168 views

CyberAegis Aether Competition Team Reflects Bright Future for Young Women in STEM & Cybersecurity

I am always excited to get involved in conversations around getting more young women into STEM earlier. Recently, I was able to catch up with the members of the CyberAegis Aether team, an all-girls, middle school cybersecurity competition team. Here is what they had to say: Tell us a little bit...

7.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/22 3:32 p.m.204 views

TAU Threat Intelligence Notification – LockerGoga Ransomware

LockerGoga ransomware has recently surfaced with a few successful infections mostly discovered in Europe that have caused very large and notable damage to businesses. This ransomware uses Windows “living off the land” tools LOLBins for the most part in order to infect and encrypt the victim’s...

7.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/21 3:0 p.m.39 views

Cybersecurity Teardown: Using Hash Values

Welcome to the final installment of Hash Values in our greater Cybersecurity Teardown series. In today's post, we'll cover the 'How' of hash values - which includes: Traiging alerts for deeper research Investigating an issue for malicious activity Reassembling our previous examples within a CB...

1.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/20 7:14 p.m.1549 views

TAU Threat Intelligence Notification: NanoCore – Old Malware, New Tricks!

In analyzing the stream of raw emails seen in the wild, TAU discovered a campaign of what first appeared to be a fairly standard spear-phishing attack. The email contained a Word document which carried an exploit for CVE-2017-11882, a vulnerability that allows for Microsoft Office documents to ru...

9.3CVSS0.2AI score0.99945EPSS
Exploits33
Carbon Black Blog
Carbon Black Blog
added 2019/03/19 3:0 p.m.81 views

Mature Your Threat Hunting by Testing Your Visibility

Threat hunting starts with a hypothesis. Without a hypothesis, you’re just combing through log files - and that isn’t threat hunting. Once you have a hypothesis, you can begin your search, but you won’t always find a hacker. Testing, like the open source tests available from Red Canary’s Atomic R...

0.9AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/19 12:53 p.m.77 views

Partner Perspectives: Stay Proactive with Automated Threat Blocking from Carbon Black and IntSights

Alon Yotvat is a Senior Solutions Architect for IntSights. Carbon Black and IntSights have joined forces to combine next-gen endpoint security solutions with powerful external threat intelligence. This potent integration of cybersecurity technologies gives enterprises the protection they need to...

0.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/18 6:18 p.m.185 views

TAU Threat Intelligence Notification: Operation SharpShooter

Operation Sharpshooter, leverages an embedded shellcode as an in-memory implant to download and retrieve a second-stage implant, which is known as Rising Sun. Rising Sun uses source code from the Duuzer backdoor that has been used in a past campaign of Lazarus group. This newly discovered campaig...

0.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/18 5:45 p.m.94 views

Why DevOps is Becoming More Like DevSecOps

Editor's Note: Sam Bocetta, a guest author on the Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. In the year 2000, a Time magazine essay authored by Steward...

0.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/18 4:0 p.m.76 views

Cybersecurity Teardown: Benefit of Hash Values

Welcome to the second part in our Hash Values series of the Cybersecurity Teardown. Today, we'll be covering: How hashing could provide a valuable benefit A real-world example and explanation at work The results of our hashing This is the second part of a three-part series. Be sure to check back...

1.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/14 5:0 p.m.71 views

Cybersecurity Teardown: Understanding Hash Values

We just started a new series called “Cybersecurity Teardown.” In this series, we’ll be ripping apart ideas and attacks, then reassembling them with a Carbon Black mindset. Each idea or attack will be broken down into three phases: What, Why, and How. In this first entry, I wanted to call your...

2.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/14 12:0 p.m.58 views

RSA Wrap Up: It’s All About The People

RSA 2019 just finished and -- as always -- what a week it was. This year was a personal milestone for me, with the week culminating in my presentation with Gary Hayslip, CISO at WebRoot, titled: “Why the Role of the CISO Sucks and What We Should Do about It.” But, before we get to Friday morning ...

6.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/12 3:0 p.m.64 views

How to Mature Your Threat Hunting Program with the ATT&CK™ Framework

John Wunder, Principal Cybersecurity Engineer at MITRE spoke in a recent webinar about how the ATT&CK framework is a knowledgebase of adversary behaviors, describing the things that are tough for the adversary to change – those at the top of David J. Bianco’s influential Pyramid of Pain. Wunder...

7.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/05 10:36 p.m.93 views

Carbon Black + VMware at RSA2019: Working Together to Secure the Digital Workspace

VMware and Carbon Black have a strong history of working together to fundamentally change the model for securing the virtualized data center, a concept that is resounding with attendees here at RSA2019 in San Francisco. A little more than a year ago, we announced a jointly developed, integrated...

0.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/05 6:7 p.m.94 views

Partner Perspectives: Endpoint Security Analytics with Sumo Logic and Carbon Black

As the threat landscape continues to expand, having end-to-end visibility across your modern application stack and cloud infrastructures is crucial. Customers cannot afford to have blind spots in their environment; and that includes data being ingested from third-party tools. With the industry...

0.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/05 3:49 p.m.73 views

Modern Bank Heists: The Bank Robbery Shifts to Cyberspace

The financial sector has long been the target of some of the world’s greatest guilds of thieves, none perhaps more popular than the Dillinger gangs of the 1930s. In the second annual “Modern Bank Heists” report, Carbon Black collaborated with Optiv to survey CISOs at some of the world’s largest...

1.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/05 2:0 p.m.64 views

Partner Perspectives: Endpoint Security Analytics with Sumo Logic and Carbon Black

The post Partner Perspectives: Endpoint Security Analytics with Sumo Logic and Carbon Black appeared first on Carbon Black...

3.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/04 10:30 p.m.61 views

Carbon Black and Chronicle: Stronger Cybersecurity through Big Data and Analytics

This is another exciting day for cybersecurity professionals, for Carbon Black and for me personally. It’s also a very exciting way to kick of RSA 2019! Earlier today, we announced an exciting new integration with Chronicle Security to harness the power of big data and analytics. Our goal is to...

1.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/04 2:2 p.m.140 views

Carbon Black Cybersecurity Experts to Present in 4 Sessions at RSA 2019

We hope you’ll join Carbon Black at one of the company’s four presentations at RSA 2019. And don’t forget the company will also host a book launch and advanced signing of “Gray Day: My Undercover Mission to Expose America’s First Cyber Spy,” with Carbon Black’s National Security Strategist and...

7.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/01 6:29 p.m.129 views

Enter to Win a Trip to #CBConnect2019 in San Diego during #RSAC19

We know RSA 2019 is exciting, but why should the fun stop in San Francisco? We want to give one of you the chance to win a trip to San Diego to attend CB Connect 2019, our premier customer and partner event, held June 4-5, 2019. This trip includes roundtrip airfare, a free pass to CB Connect 2019...

Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/28 9:20 p.m.142 views

TAU Threat Intelligence Notification: DarkHydrus/RogueRobin

Recently, Palo Alto Unit 42 released an updated report regarding new DarkHydrus delivery documents, which includes the installation of an updated variant of the RogueRobin trojan. This document includes details on both DarkHydrus and RogueRobin, along with detection rules and search queries that...

1.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/26 6:39 p.m.125 views

Partner Perspectives: Faster Response with Carbon Black and Tines.io

Tines was founded by former DocuSign and eBay security engineers who were frustrated by existing security automation platforms. “I was leading an enterprise security team that had to work harder and harder every day just to keep up with the volume of alerts that required investigation,” said Eoin...

7.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/25 4:0 p.m.81 views

CB Customer Spotlight: Q&A with MSD of Mt. Vernon’s William Stein

For the past 28 years, William Stein, Certified Education Technology Leader, has served as the Director of Information Systems for the Metropolitan School District MSD of Mt. Vernon in Indiana. Stein uses Carbon Black solutions to protect the K-12 school district’s data by responding to emerging...

0.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/25 3:56 p.m.107 views

Defeating Compiler-Level Obfuscations Used in APT10 Malware

Summary The Carbon Black Threat Analysis Unit TAU recently analyzed a series of malware samples that utilized compiler-level obfuscations. For example, opaque predicates were applied to Turla mosquito and APT10 ANEL. Another obfuscation, control flow flattening, was applied to APT10 ANEL and Dhar...

7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/25 2:29 p.m.65 views

Carbon Black Wins Four 2019 Cybersecurity Excellence Awards

We’re excited to announce that the 2019 Cybersecurity Excellence Awards recognized Carbon Black as a winner of the following four categories: Best Cybersecurity Company Gold Winner Endpoint Security for Predictive Security Cloud Gold Winner Endpoint Detection and Response for CB ThreatHunter Silv...

0.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/19 2:44 p.m.158 views

Partner Perspectives: Optimize your Case Management with CB Defense and Swimlane

Jay Spann is a SOAR Evangelist for Swimlane. As today’s threat landscape continues grow and change, security operations centers SOCs are inundated with endless alerts and have to implement incident response processes and policies to address them. This typically means long days of tedious, manual...

Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/15 8:55 p.m.139 views

Carbon Black Named a Finalist in 2019 Cybersecurity Excellence Awards and SC Media Awards

Carbon Black has been a leader in endpoint security for years and, yet, we’re still extremely grateful for continued recognition in the industry. Most recently, Carbon Black is honored to be recognized as a finalist in four categories for the 2019 Cybersecurity Excellence Awards including: Best...

1.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/14 4:0 p.m.61 views

Why Our Customers Love the PSC

As the cybersecurity world advances, organizations are starting to embrace cloud-based security platforms. More and more Carbon Black customers are moving to the CB Predictive Security Cloud PSC, an extensible cloud platform that consolidates security and provides you everything needed to secure...

7.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/12 7:37 p.m.94 views

TAU Threat Intelligence Notification: New macOS Malware Variant of Shlayer (OSX) Discovered

Carbon Black’s Threat Analysis Unit TAU recently discovered a new variant of a family of macOS malware which was first discovered in February of 2018 by researchers from Intego. TAU has obtained new samples of this malware and observed downloads of the malware from multiple sites, primarily...

1.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/11 1:52 p.m.126 views

TAU Threat Intelligence Notification – Fake Movie File Attack Targeting Cryptocurrency

A malicious Windows shortcut file is posing as a movie available on a torrent site - its payload is used to conduct web-injection, ultimately targeting victim’s web searches in browsers like Chrome, Firefox and Internet Explorer. The payload has the ability to search for and steal cryptocurrency...

1.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/11 1:35 p.m.172 views

TAU Threat Intelligence Notification: Spear Phishing Targeting Italy

Summary This campaign is targeting users in Italy with spear phishing email containing malicious attachments. Figure 1: Emails with the malicious XLS attachment The image above show one of the sample has attached in multiple email that has been sent to email address with Italy ccTLD. The attached...

0.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/11 12:45 p.m.70 views

TAU Threat Intelligence Notification: Java Embedded MSI Files

Summary Application whitelisting provides environments with access controls to stop unauthorized software from executing. This is accomplished by utilizing file and folder attributes including but not limited to file path, filename, digital signature, publisher, cryptographic hash and product nam...

0.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/06 5:55 p.m.79 views

How CB LiveOps Helps with Compliance

Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...

1.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/05 2:32 p.m.78 views

Partner Perspectives: How SOAR Acts as a Force Multiplier in Incident Response

John Moran is a Senior Product Manager for DFLabs. As a recovering incident response consultant, I am familiar with many of the common challenges incident response teams are faced with on a daily basis. When an incident occurs, teams are immediately bombarded with a myriad of critical questions...

0.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/01 3:45 p.m.137 views

TAU Threat Intelligence Notification: Shade Ransomware

Summary Recently there is a new wave of malicious spam campaign distributing Shade ransomware via sending malicious JavaScript attachments. The spam campaign was mainly targeting users from Russia, and the ransom note was written in both Russian and English. This variant of Shade ransomware will...

6.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/01/31 6:14 p.m.272 views

CB ThreatSight Uncovers & Stops Active WannaMine Cryptocurrency Attack Targeting Software Provider

CB ThreatSight, Carbon Black’s 24×7 managed threat hunting service for CB Defense, recently investigated an alert within a software provider’s environment that uncovered an ongoing WannaMine attack campaign. This blog will introduce some of the processes and remediation steps involved when an...

8.7AI score
Exploits0
Total number of security vulnerabilities849