849 matches found
CB TAU Threat Intelligence Notification: Hunting APT28 Downloaders
Recently the Carbon Black Threat Analysis Unit TAU analyzed the APT28 downloaders SedUploader and Zebrocy which has been observed over the previous six months. There have been several good publications regarding the code analysis of SedUploader and Zebrocy already 125679. Therefore, in this artic...
Carbon Black Awarded 5-Star Rating in CRN’s 2019 Partner Program Guide for the Third Consecutive Year
We are proud to announce that CRN®, a brand of The Channel Company, has given Carbon Black a 5-Star rating in its 2019 Partner Program Guide for the third consecutive year! According to CRN, this annual guide identifies the strongest and most successful partner programs in the channel today,...
CB TAU Threat Intelligence Notification: Email VBS Downloader Connects to C2 Server, Downloads Trickbot Payload
Carbon Black recently learned a customer had received a malicious email attached with a zip file which contained a malicious VBS script file. This malicious VBS downloader will connect to a Command & Control server and then download a malicious payload which contains Trickbot onto the victim’s...
SANS Reviews the CB Predictive Security Cloud
Understanding The Landscape Day by day, it is becoming more challenging to keep endpoints secure. In the SANS “Endpoint Protection and Response” survey from 2018, 42% of respondents indicated at least one of their endpoints had been compromised, and another 20% didn’t know if any endpoints had be...
CB TAU Threat Intelligence Notification: GandCrab 5.2 Ransomware Attempts to Delete Volume Shadow Copies
GandCrab 5.2 ransomware will append seven randomly generated strings as the file extension to each encrypted file and drop a ransom note named as ‘generated file extension-MANUAL.txt’, for example, “office.doc.uahmthl” and “UAHMTHL-MANUAL.txt”. It will also change the desktop background of the...
Carbon Black’s Global Incident Response Threat Report: The Ominous Rise of “Island Hopping” & Counter Incident Response Continues
To stay abreast of the current attack landscape and to quantify the latest attack trends seen by leading IR firms, Carbon Black is publishing its third Global Incident Response Threat Report GIRTR since introducing it in July 2018. Aggregating qualitative and quantitative input from 40 Carbon Bla...
Keys to Mature to a Level 4 Threat Hunting Program
Three Commonalities Among Level 4 Threat Hunting Programs Threat hunting programs that have reached level 4 maturity have three commonalities: The have implemented automation wherever possible to scale their effectiveness They have developed threat hunting processes to operationalize how they...
Partner Perspectives: Better Together: Blue Hexagon Deep Learning-Powered Network Security and Carbon Black Endpoint Security
Tom Guerrette is the Director of Solutions Architecture for Blue Hexagon. It’s no surprise to any of us in the security industry that the threat landscape has transformed in the last 5 years in both speed and volume of attacks. According to The AV-Test Security Report, in 2017, 121.6 million new...
CB TAU Threat Intelligence Notification – Recent Emotet Campaign Leverages Phishing, PDFs & Droppers Impersonating Legitimate Applications
This past week, CB ThreatSight analysts were investigating suspicious events in an environment. This customer had installed the CB Defense sensor on a subset of systems in monitor only mode for evaluation. While investigating suspicious events, a CB ThreatSight analyst uncovered a new Emotet...
CB TAU Threat Intelligence Notification: CryptoMix Clop Ransomware Disables Startup Repair, Removes & Edits Shadow Volume Copies
Summary A wew variant of CryptoMix Clop ransomware has been distributed as a binary that is digitally signed and verified which makes it look like a legitimate executable. In addition, CryptoMix Clop ransomware will append ‘.clop’ or ‘.ciop’ as a file extension to the encrypted file and drop a...
CB Threat Intelligence Notification: Vidar InfoStealer Trojan Aims to Steal Data Before Erasing Itself
Vidar is an info stealer trojan, which was sold under the name Vidar Pro stealer and can be distributed through different campaigns. This malware will perform multiple types of malicious behavior including stealing web browser cookies and history, digital wallets, two-factor authentication data,...
Real World Examples Demonstrating the Need for Mature Threat Hunting
A recent article discussed the keys to becoming a level 4 maturity threat hunting program. This article will bring these concepts into the real world by discussing examples of attacks that required that high level of threat hunting maturity to find them and defend against them. The case studies...
Register for #CBConnect19 in San Diego Using Code SOCIAL50 to Receive 50% Off
In two months, hundreds of security professionals will gather in San Diego for two days of discussion around the future of endpoint security at CB Connect 2019. The event will take place at Hotel Del Coronado June 4-5 with sweeping views of Coronado beach where attendees will hear from robust...
Partner Perspectives: ThreatConnect and Carbon Black: Incorporating Threat Intel for Quicker Incident Response
Megan Horner is the Director of Product Marketing for ThreatConnect. When it comes to incident response, there’s typically a focus on three main stages: investigation, containment, and remediation. Moving from one stage to the next as efficiently as possible is critical to expediting response...
CB Customer Spotlight: Q&A with ALLETE’s Jeff Rotenberger
For five years now, Jeff Rotenberger has served as a cybersecurity analyst for ALLETE, an energy and utilities company providing for the Upper Midwest. Rotenberger and his team have been working with Carbon Black CB APIs and CB Response to greatly reduce time spent on security remediation. Read o...
CyberAegis Aether Competition Team Reflects Bright Future for Young Women in STEM & Cybersecurity
I am always excited to get involved in conversations around getting more young women into STEM earlier. Recently, I was able to catch up with the members of the CyberAegis Aether team, an all-girls, middle school cybersecurity competition team. Here is what they had to say: Tell us a little bit...
TAU Threat Intelligence Notification – LockerGoga Ransomware
LockerGoga ransomware has recently surfaced with a few successful infections mostly discovered in Europe that have caused very large and notable damage to businesses. This ransomware uses Windows “living off the land” tools LOLBins for the most part in order to infect and encrypt the victim’s...
Cybersecurity Teardown: Using Hash Values
Welcome to the final installment of Hash Values in our greater Cybersecurity Teardown series. In today's post, we'll cover the 'How' of hash values - which includes: Traiging alerts for deeper research Investigating an issue for malicious activity Reassembling our previous examples within a CB...
TAU Threat Intelligence Notification: NanoCore – Old Malware, New Tricks!
In analyzing the stream of raw emails seen in the wild, TAU discovered a campaign of what first appeared to be a fairly standard spear-phishing attack. The email contained a Word document which carried an exploit for CVE-2017-11882, a vulnerability that allows for Microsoft Office documents to ru...
Mature Your Threat Hunting by Testing Your Visibility
Threat hunting starts with a hypothesis. Without a hypothesis, you’re just combing through log files - and that isn’t threat hunting. Once you have a hypothesis, you can begin your search, but you won’t always find a hacker. Testing, like the open source tests available from Red Canary’s Atomic R...
Partner Perspectives: Stay Proactive with Automated Threat Blocking from Carbon Black and IntSights
Alon Yotvat is a Senior Solutions Architect for IntSights. Carbon Black and IntSights have joined forces to combine next-gen endpoint security solutions with powerful external threat intelligence. This potent integration of cybersecurity technologies gives enterprises the protection they need to...
TAU Threat Intelligence Notification: Operation SharpShooter
Operation Sharpshooter, leverages an embedded shellcode as an in-memory implant to download and retrieve a second-stage implant, which is known as Rising Sun. Rising Sun uses source code from the Duuzer backdoor that has been used in a past campaign of Lazarus group. This newly discovered campaig...
Why DevOps is Becoming More Like DevSecOps
Editor's Note: Sam Bocetta, a guest author on the Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. In the year 2000, a Time magazine essay authored by Steward...
Cybersecurity Teardown: Benefit of Hash Values
Welcome to the second part in our Hash Values series of the Cybersecurity Teardown. Today, we'll be covering: How hashing could provide a valuable benefit A real-world example and explanation at work The results of our hashing This is the second part of a three-part series. Be sure to check back...
Cybersecurity Teardown: Understanding Hash Values
We just started a new series called “Cybersecurity Teardown.” In this series, we’ll be ripping apart ideas and attacks, then reassembling them with a Carbon Black mindset. Each idea or attack will be broken down into three phases: What, Why, and How. In this first entry, I wanted to call your...
RSA Wrap Up: It’s All About The People
RSA 2019 just finished and -- as always -- what a week it was. This year was a personal milestone for me, with the week culminating in my presentation with Gary Hayslip, CISO at WebRoot, titled: “Why the Role of the CISO Sucks and What We Should Do about It.” But, before we get to Friday morning ...
How to Mature Your Threat Hunting Program with the ATT&CK™ Framework
John Wunder, Principal Cybersecurity Engineer at MITRE spoke in a recent webinar about how the ATT&CK framework is a knowledgebase of adversary behaviors, describing the things that are tough for the adversary to change – those at the top of David J. Bianco’s influential Pyramid of Pain. Wunder...
Carbon Black + VMware at RSA2019: Working Together to Secure the Digital Workspace
VMware and Carbon Black have a strong history of working together to fundamentally change the model for securing the virtualized data center, a concept that is resounding with attendees here at RSA2019 in San Francisco. A little more than a year ago, we announced a jointly developed, integrated...
Partner Perspectives: Endpoint Security Analytics with Sumo Logic and Carbon Black
As the threat landscape continues to expand, having end-to-end visibility across your modern application stack and cloud infrastructures is crucial. Customers cannot afford to have blind spots in their environment; and that includes data being ingested from third-party tools. With the industry...
Modern Bank Heists: The Bank Robbery Shifts to Cyberspace
The financial sector has long been the target of some of the world’s greatest guilds of thieves, none perhaps more popular than the Dillinger gangs of the 1930s. In the second annual “Modern Bank Heists” report, Carbon Black collaborated with Optiv to survey CISOs at some of the world’s largest...
Partner Perspectives: Endpoint Security Analytics with Sumo Logic and Carbon Black
The post Partner Perspectives: Endpoint Security Analytics with Sumo Logic and Carbon Black appeared first on Carbon Black...
Carbon Black and Chronicle: Stronger Cybersecurity through Big Data and Analytics
This is another exciting day for cybersecurity professionals, for Carbon Black and for me personally. It’s also a very exciting way to kick of RSA 2019! Earlier today, we announced an exciting new integration with Chronicle Security to harness the power of big data and analytics. Our goal is to...
Carbon Black Cybersecurity Experts to Present in 4 Sessions at RSA 2019
We hope you’ll join Carbon Black at one of the company’s four presentations at RSA 2019. And don’t forget the company will also host a book launch and advanced signing of “Gray Day: My Undercover Mission to Expose America’s First Cyber Spy,” with Carbon Black’s National Security Strategist and...
Enter to Win a Trip to #CBConnect2019 in San Diego during #RSAC19
We know RSA 2019 is exciting, but why should the fun stop in San Francisco? We want to give one of you the chance to win a trip to San Diego to attend CB Connect 2019, our premier customer and partner event, held June 4-5, 2019. This trip includes roundtrip airfare, a free pass to CB Connect 2019...
TAU Threat Intelligence Notification: DarkHydrus/RogueRobin
Recently, Palo Alto Unit 42 released an updated report regarding new DarkHydrus delivery documents, which includes the installation of an updated variant of the RogueRobin trojan. This document includes details on both DarkHydrus and RogueRobin, along with detection rules and search queries that...
Partner Perspectives: Faster Response with Carbon Black and Tines.io
Tines was founded by former DocuSign and eBay security engineers who were frustrated by existing security automation platforms. “I was leading an enterprise security team that had to work harder and harder every day just to keep up with the volume of alerts that required investigation,” said Eoin...
CB Customer Spotlight: Q&A with MSD of Mt. Vernon’s William Stein
For the past 28 years, William Stein, Certified Education Technology Leader, has served as the Director of Information Systems for the Metropolitan School District MSD of Mt. Vernon in Indiana. Stein uses Carbon Black solutions to protect the K-12 school district’s data by responding to emerging...
Defeating Compiler-Level Obfuscations Used in APT10 Malware
Summary The Carbon Black Threat Analysis Unit TAU recently analyzed a series of malware samples that utilized compiler-level obfuscations. For example, opaque predicates were applied to Turla mosquito and APT10 ANEL. Another obfuscation, control flow flattening, was applied to APT10 ANEL and Dhar...
Carbon Black Wins Four 2019 Cybersecurity Excellence Awards
We’re excited to announce that the 2019 Cybersecurity Excellence Awards recognized Carbon Black as a winner of the following four categories: Best Cybersecurity Company Gold Winner Endpoint Security for Predictive Security Cloud Gold Winner Endpoint Detection and Response for CB ThreatHunter Silv...
Partner Perspectives: Optimize your Case Management with CB Defense and Swimlane
Jay Spann is a SOAR Evangelist for Swimlane. As today’s threat landscape continues grow and change, security operations centers SOCs are inundated with endless alerts and have to implement incident response processes and policies to address them. This typically means long days of tedious, manual...
Carbon Black Named a Finalist in 2019 Cybersecurity Excellence Awards and SC Media Awards
Carbon Black has been a leader in endpoint security for years and, yet, we’re still extremely grateful for continued recognition in the industry. Most recently, Carbon Black is honored to be recognized as a finalist in four categories for the 2019 Cybersecurity Excellence Awards including: Best...
Why Our Customers Love the PSC
As the cybersecurity world advances, organizations are starting to embrace cloud-based security platforms. More and more Carbon Black customers are moving to the CB Predictive Security Cloud PSC, an extensible cloud platform that consolidates security and provides you everything needed to secure...
TAU Threat Intelligence Notification: New macOS Malware Variant of Shlayer (OSX) Discovered
Carbon Black’s Threat Analysis Unit TAU recently discovered a new variant of a family of macOS malware which was first discovered in February of 2018 by researchers from Intego. TAU has obtained new samples of this malware and observed downloads of the malware from multiple sites, primarily...
TAU Threat Intelligence Notification – Fake Movie File Attack Targeting Cryptocurrency
A malicious Windows shortcut file is posing as a movie available on a torrent site - its payload is used to conduct web-injection, ultimately targeting victim’s web searches in browsers like Chrome, Firefox and Internet Explorer. The payload has the ability to search for and steal cryptocurrency...
TAU Threat Intelligence Notification: Spear Phishing Targeting Italy
Summary This campaign is targeting users in Italy with spear phishing email containing malicious attachments. Figure 1: Emails with the malicious XLS attachment The image above show one of the sample has attached in multiple email that has been sent to email address with Italy ccTLD. The attached...
TAU Threat Intelligence Notification: Java Embedded MSI Files
Summary Application whitelisting provides environments with access controls to stop unauthorized software from executing. This is accomplished by utilizing file and folder attributes including but not limited to file path, filename, digital signature, publisher, cryptographic hash and product nam...
How CB LiveOps Helps with Compliance
Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...
Partner Perspectives: How SOAR Acts as a Force Multiplier in Incident Response
John Moran is a Senior Product Manager for DFLabs. As a recovering incident response consultant, I am familiar with many of the common challenges incident response teams are faced with on a daily basis. When an incident occurs, teams are immediately bombarded with a myriad of critical questions...
TAU Threat Intelligence Notification: Shade Ransomware
Summary Recently there is a new wave of malicious spam campaign distributing Shade ransomware via sending malicious JavaScript attachments. The spam campaign was mainly targeting users from Russia, and the ransom note was written in both Russian and English. This variant of Shade ransomware will...
CB ThreatSight Uncovers & Stops Active WannaMine Cryptocurrency Attack Targeting Software Provider
CB ThreatSight, Carbon Black’s 24×7 managed threat hunting service for CB Defense, recently investigated an alert within a software provider’s environment that uncovered an ongoing WannaMine attack campaign. This blog will introduce some of the processes and remediation steps involved when an...