849 matches found
How a Dedicated Focus on Clarity Can Relieve Disorganization, Distraction and Confusion in Infosec
clar·i·ty /ˈklerədē/ noun the quality of being coherent and intelligible. "For the sake of clarity, each of these strategies is dealt with separately" 1. synonyms: | lucidity, lucidness, clearness, perspicuity, intelligibility, comprehensibility, coherence;More ---|--- It’s been three years on th...
CB Customer Spotlight: Q&A with Ritter Insurance Marketing’s Dan McLellan
Dan McLellan is a Network Support Specialist at Ritter Insurance Marketing, and uses the Carbon Black community to increase his security knowledge and share information with his colleagues. Having access to insights from other security professionals has not only shortened the time he spends tryin...
TAU Threat Intelligence Notification: BlackRouter Ransomware
According to the article from BleepingComputer, BlackRouter Ransomware was being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. BlackRouter Ransomware will append ‘.BlackRouter’ as file extension to the encrypted file. In addition, it will attempt to delete volume shad...
How CB LiveOps Helps with Incident Response
Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...
Partner Perspectives: Beyond SIEM: Carbon Black + JASK Connected
Oren Arar is the Head of Alliances for JASK. The real-time integration of JASK & Carbon Black provides high-value alerts and extended contextual investigation insights to our joint customers, all within a cloud-native environment. Background The JASK Autonomous Security Operations Center ASOC...
5 Questions to Ask About Your Security People in a World Saturated by Security Tools
Definition of tool - 1a: a handheld device that aids in accomplishing a task b1: the cutting or shaping part in a machine or machine tool 2: a machine for shaping metal : MACHINE TOOL 2a: something such as an instrument or apparatus used in performing an operation or necessary in the practice of ...
TAU Threat Intelligence Notification: PPID Spoofing – Explorer CLSID
Summary Popular Attack Surface Reduction bypasses allow adversaries to hinder threat hunting activities by spoofing Parent Process ID. PPID to PID relationships have always been a key indicator of compromise and removing these conditions lead to false sense of security. Upon investigation its bee...
Carbon Black TAU & ThreatSight Analysis: GandCrab and Ursnif Campaign
Summary Analysis conducted by Andrew Costis, Cathy Cramer, Emily Miner and Jared Myers. The Carbon Black ThreatSight team observed an interesting campaign over the last month. ThreatSight worked with the Threat Analysis Unit TAU to research the campaign. This report is being released to help...
Carbon Black Global Threat Report: ‘The Year of the Next-Gen Cyberattack’
In 2016, fileless attacks such as PowerWare and the alleged hack against the Democratic National Committee DNC stole sensitive information and global headlines. In 2017, WannaCry, NotPetya and BadRabbit demonstrated ransomware’s global ubiquity. Then, as we kicked off 2018, the Spectre and Meltdo...
Partner Perspectives: The Speed of Prevention – eSentire + Carbon Black
Editor's Note: This blog originally appeared on eSentire.com. Let’s start with a brief history lesson. In September 2016, eSentire and Carbon Black™ announced a strategic partnership in conjunction with launching esENDPOINT built on CB Response to augment our market-leading Managed Detection and...
How CB LiveOps Helps with Vulnerability Assessment
Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...
TAU Threat Intelligence Notification – WindTail (OSX)
Summary Dark Matter researcher Taha Karim recently presented his research on the APT group WindShift at Hack in the Box Singapore. This group primarily focuses on highly targeted campaigns directed toward Middle Eastern government and commercial entities. One of the custom macOS backdoors employe...
TAU Threat Intelligence Notification – MongoLock Ransomware
Summary The new variant of MongoLock Ransomware will delete users’ files immediately instead of encrypting them. Upon execution, MongoLock will scan specific locations such as Desktop, Documents, or Recycle Bin Folders, then delete files and format the local disk drives. The following is the list...
TAU Threat Intelligence Notification – Crypt0r Ransomware
Summary Crypt0r ransomware is a new strain of ransomware that operates similar to WannaCry and NotPetya. When executed, it first checks for a hardcoded mutex value, and if it isn’t found, creates it as “crypt0r-mutex”. It then retrieves the temporary path of the currently logged in user, and...
Partner Perspectives: Awake Security and Carbon Black Deliver Comprehensive Threat Detection and Response
Rudolph Araujo is the Vice President of Awake Security. Even relatively unsophisticated attackers today use tools, tactics and techniques that make them difficult to uncover. For instance, the use of non-malware tools, such as PowerShell, psexec and Python, places a burden on security teams to...
TAU Threat Intelligence Notification: Israbye Wiper
Summary Israbye is a disk wiper first discovered by a researcher in August 2017, as reported by Bleeping Computer. A newer sample has since been discovered, which appears to timely coincide with a recent news story that references the Al-Aqsa mosque. This mosque is also referenced within the...
TAU Threat Intelligence Notification: Israbye Wiper
Summary Israbye is a disk wiper first discovered by a researcher in August 2017, as reported by Bleeping Computer. A newer sample has since been discovered, which appears to timely coincide with a recent news story that references the Al-Aqsa mosque. This mosque is also referenced within the...
TAU Threat Intelligence Notification: LamePyre (OSX)
Summary MalwareBytes researcher Adam Thomas recently discovered a malicious MacOS application masquerading as the chat app Discord that they have named “LamePyre." Although it is made to look like a typical application installer, it does not attempt to appear legitimate by running a decoy install...
TAU Threat Intelligence Notification: Djvuu Ransomware
Summary Djvuu ransomware is believed to be a newer variant of the “Stop” ransomware strain, which was seen circulating in the early part of 2018. There are also similarities to the Goren-B trojan originally reported by Sophos back in 2016. Djvuu is likely to be delivered through phishing e-mail...
How CB LiveOps Helps with IT Hygiene
Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...
Top 5 Threat Hunting Myths: “Threat Hunting Is Just a Fad”
The cybersecurity landscape is in a constant state of change and, as many organizations have learned, it’s no longer a matter of if you’ll face a cyberattack, but when. In today’s world, attackers intentionally look normal to evade automated defenses. With the rise of ransomware, fileless and...
3 Infosec Reflections to Kick off 2019 & Finally Shift the Balance of Power Back to Defenders
Wow. It's already 2019. Talk about a year in 2018 that flew by! I won’t spend this entire blog talking about 2018 but, needless to say, a lot happened in 2018 and it doesn’t look to slow down anytime soon. This time of year, I like to stop and reflect on the previous year and think about moving...
CB Customer Spotlight: Q&A with Kaas Tailored’s Joe Mrazik
For the past eight years, Joe Mrazik has taken on the role of Network Administrator for Kaas Tailored, protecting the company’s endpoints with CB Defense. Kaas Tailored is an aerospace and furniture manufacturing company that supplies parts to aerospace companies like Boeing. Read on to learn how...
Cybersecurity Skills Gap: “There’s No Silver Bullet to Solving the Problem” & Other Takeaways From the Toronto Global Forum
Last week, I ventured up to the beautiful city of Toronto — and while I’d love to go back for pleasure, this trip was strictly business. The Toronto Global Forum is an international conference that brings together heads of states, central bank governors, ministers and global economic decision...
Untainted By Design: How Our MITRE ATT&CK Results Demonstrate the Resilience of Carbon Black
I started my career in cybersecurity 10 years ago as a Technical Operations Officer in the US Intelligence Community, where I had a first-hand view into the most sophisticated ongoing cyber operations in the world. One thing was always clear: attackers always found ways to stay a step ahead of th...
BLITZ! Like a Great Middle Linebacker, An Agile & Strong EDR Solution Can Quickly Respond to an Offensive Attack
As we near the close of 2018, we should appreciate that cyberspace has become an increasingly hostile landscape. Geoplitical tensions are manifesting in cyberspace and cyber criminals have become increasingly punitive this year. We at Carbon Black have observed some interesting trends: Vapor Worm...
Top 5 Threat Hunting Myths: “Threat Hunting Is Too Expensive”
The cybersecurity landscape is in a constant state of change and, as many organizations have learned, it’s no longer a matter of if you’ll face a cyberattack, but when. In today’s world, attackers intentionally look normal to evade automated defenses. With the rise of ransomware, fileless and...
Top 5 Threat Hunting Myths: “Threat Hunting Isn’t Worth My Time”
The cybersecurity landscape is in a constant state of change and, as many organizations have learned, it’s no longer a matter of if you’ll face a cyberattack, but when. In today’s world, attackers intentionally look normal to evade automated defenses. With the rise of ransomware, fileless and...
Forrester Finds Carbon Black’s Predictive Security Cloud to have 261% ROI
Your endpoints are one of the most targeted assets in your organization—in 2017 alone, more than 50% of organizations experienced a data breach of some kind.1 At Carbon Black, we understand this risk, and are committed to providing the best possible endpoint protection. In order to demonstrate...
Partner Perspectives: Insight on Turla PNG Dropper
Editor's Note: This blog originally appeared on NCC Group's website. This is a short blog post on the PNG Dropper malware that has been developed and used by the Turla Group 1. The PNG Dropper was first discovered back in August 2017 by Carbon Black researchers. Back in 2017 it was being used to...
Proper File Integrity Monitoring Critical in Light of Big Breaches & Regulatory Pressure
In light of the recent mega data breaches that have plagued our market over the last year, and the continued escalation of attempted cyberattacks against critical systems during peak periods i.e. the retail sector POS and payment systems, reported in the Carbon Black Threat Analysis Unit TAU...
Partner Perspectives: Put Access Control in Context with ClearPass and Carbon Black
Paul Kaspian is a Senior Product & Solutions Marketing Manager for Aruba, a Hewlett Packard Enterprise company. Strengthen your security defenses by considering endpoint context in access control decisions. As enterprise security continues to evolve, organizations are constantly deploying new...
CB ThreatHunter: Now Available on the CB Predictive Security Cloud (PSC)
Today Carbon Black is announcing the general availability of CB ThreatHunter, our newest offering on the CB Predictive Security Cloud PSC, which delivers powerful threat hunting and incident response IR capabilities on the same platform. The release of CB ThreatHunter marks the fourth service...
Top 5 Threat Hunting Myths: “Threat Hunting Is Too Complicated”
The cybersecurity landscape is in a constant state of change and, as many organizations have learned, it’s no longer a matter of if you’ll face a cyberattack, but when. In today’s world, attackers intentionally look normal to evade automated defenses. With the rise of ransomware, fileless and...
NRCC Email Hack Highlights Lack of Visibility & Proactive Threat Hunting at Political Organizations
Earlier this week, Politico reported that the National Republican Congressional Committee NRCC suffered a major attack prior to the 2018 U.S. midterm elections, with thousands of sensitive emails from four senior aides exposed to an outside intruder. While the impact of this breach is still...
A Way Forward
Carbon Black recently published a report on the challenges of securing Linux-based operating systems and how Carbon Black is redesigning the approach. For more information about how the CB Predictive Security Cloud, Carbon Black's consolidated endpoint security platform, helps enterprises cut cos...
6 Security Tips to Consider While You Travel
Following the “8 Ways to Avoid the Cybersecurity Grinch” blog post, it seems like a follow-up is in order given the recent Marriott Breach disclosure. It is important to note that when we travel, similar to when we shop, we are putting our trust in the organizations we are dealing with during our...
Using the L.U.R.E. Method to Swim Free of Phishing Attacks
baitfish noun bait·fish | \ˈbāt-ˌfish \ Definition of baitfish : a small fish such as a golden shiner or menhaden that attracts and is a food source for a larger game fish also : a fish used for bait Think about being in a school of fish for a second. Schools behave the way they do for a reason...
Why I’m Ecstatic About the MITRE ATT&CK Results
Yesterday, MITRE published the results of its first public evaluation of endpoint detection & response EDR vendors based on its increasingly-popular ATT&CK framework. The ATT&CK evaluations are a new approach to EDR testing - open, sophisticated, rigorous, and reflective of the real world. We...
Top 5 Threat Hunting Myths: “EDR Is Threat Hunting”
The cybersecurity landscape is in a constant state of change and, as many organizations have learned, it’s no longer a matter of if you’ll face a cyberattack, but when. In today’s world, attackers intentionally look normal to evade automated defenses. With the rise of ransomware, fileless and...
Discovering Design Principles
Carbon Black recently published a report on the challenges of securing Linux-based operating systems and how Carbon Black is redesigning the approach. For more information about how the CB Predictive Security Cloud, Carbon Black's consolidated endpoint security platform, helps enterprises cut cos...
8 Ways to Avoid the Cybersecurity Grinch This Holiday Season
'Tis the season to be jolly…unless you work in cybersecurity. According to the Carbon Black Threat Analysis Unit TAU, organizations should expect to see a spike in potential cyberattacks starting with Black Friday/Cyber Monday and continuing through the holiday shopping season. TAU’s analysis...
Partner Perspectives: Notes from the Field: Extending Carbon Black Visibility to Undetected Malware
Daniel LaVoie is a Senior Solutions Specialist at ReversingLabs. On a recent customer visit, I asked the company’s Director of Security Operations how ReversingLabs came to be deployed as a part of their SOC tool set. The answer was quite interesting, and one that I wanted to share with our blog...
Building Better Evaluation Criteria for Linux Security
Carbon Black recently published a report on the challenges of securing Linux-based operating systems and how Carbon Black is redesigning the approach. For more information about how the Cb Predictive Security Cloud, Carbon Black's consolidated endpoint security platform, helps enterprises cut cos...
Flaws in Evaluating Security Tools for Linux
Carbon Black recently published a report on the challenges of securing Linux-based operating systems and how Carbon Black is redesigning the approach. For more information about how the Cb Predictive Security Cloud, Carbon Black's consolidated endpoint security platform, helps enterprises cut cos...
6 Signs of Successful Threat Hunting
When a threat hunting program is established by an organization, their goal is to proactively hunt threats, with a focus on newer, more sophisticated attacks for which reliable signatures or indicators are not yet available. Bonus: Check out the "Top 5 Threat Hunting Myths" However, without an...
Re-designing Linux Security: Do No Harm – Introduction
Carbon Black recently published a report on the challenges of securing Linux-based operating systems and how Carbon Black is redesigning the approach. For more information about how the Cb Predictive Security Cloud, Carbon Black's consolidated endpoint security platform, helps enterprises cut cos...
Partner Perspectives: Collaborate and Consolidate with King & Union and Carbon Black
Peter Prizio Jr. is the Senior Product Manager for King & Union. One of the biggest challenges facing security organizations today is dealing with the overwhelming number of alerts received each and every day. A staggering 27 percent of IT professionals report receiving more than one million aler...
Small Business Benefits of Moving to the Cloud: Resource Friendly
Small businesses never seem to have enough people or funding, and the last thing they need is for their security solution to be eating up precious resources. Your people are stretched thin and don’t really have time or budget to source new hardware or push software updates. Not to mention the...
Cb Customer Spotlight Series: Q&A with Integral’s Sean McFeely
Featuring Sean McFeely, Sr. Information Analyst at Valvoline’s Integral Defense This year at Cb Connect 2018, we had our first ever Developer Day to recognize our vibrant partner and developer ecosystem. We had an amazing group of 100 developers attend, culminating in a hackathon. Sean McFeely, S...