Read the original article: Busting the Myths of Remote Workforce Security This is part of our ongoing conversation about the worldwide challenges of working remotely. To stay up-to-date on the latest insights, refer to our live page for COVID-19: Cybersecurity…
Tag: VMware Carbon Black
Busting the Myths of Remote Workforce Security
Read the original article: Busting the Myths of Remote Workforce Security This is part of our ongoing conversation about the worldwide challenges of working remotely. To stay up-to-date on the latest insights, refer to our live page for COVID-19: Cybersecurity…
Predicting the Future of the SOC Analyst
Read the original article: Predicting the Future of the SOC Analyst I’ve been a SOC Analyst for four years now and was a desktop support engineer before that. When I first started as a SOC Analyst it was an exciting…
‘Modern Bank Heists’ Threat Report Finds Dramatic Increase in Cyberattacks Against Financial Institutions Amid COVID-19
Read the original article: ‘Modern Bank Heists’ Threat Report Finds Dramatic Increase in Cyberattacks Against Financial Institutions Amid COVID-19 This marks the third edition of the Modern Bank Heists report, which takes an annual pulse of some of the financial…
Bringing Intrinsic Security to Containers: VMware Announces Intent to Acquire Octarine
Read the original article: Bringing Intrinsic Security to Containers: VMware Announces Intent to Acquire Octarine Today is a very exciting day for VMware and for our customers as we announce our intent to acquire Octarine, whose innovative security platform for Kubernetes applications…
Kicking off Developer Day 2020
Read the original article: Kicking off Developer Day 2020 Developer Day 2020 kicks off today with seven on-demand sessions for more than 2,600 registrants. This is the first time Developer Day has been held in a virtual setting and the VMware Carbon Black team is excited to welcome the…
Cybersecurity Needs to Go Back to the Basics
Read the original article: Cybersecurity Needs to Go Back to the Basics This is part of our ongoing conversation about the worldwide challenges of working remotely. To stay up-to-date on the latest insights, refer to our live page for COVID-19:…
Tips for Securing Remote Work from Homes to Corporate Networks
Read the original article: Tips for Securing Remote Work from Homes to Corporate Networks On a recent webinar, Ryan Murphy, a founding team member of VMware Carbon Black, interviewed Cybersecurity Strategists, Tom Kellerman and Rick McElroy on how to work…
Tips for Securing Remote Work from Homes to Corporate Networks
Read the original article: Tips for Securing Remote Work from Homes to Corporate Networks On a recent webinar, Ryan Murphy, a founding team member of VMware Carbon Black, interviewed Cybersecurity Strategists, Tom Kellerman and Rick McElroy on how to work…
Join Us for the Virtual Connect 2020 Conference
Read the original article: Join Us for the Virtual Connect 2020 Conference Every year, VMware Carbon Black Connect brings together some of the best and brightest in security to collaborate on solving today’s most pressing problems and to learn about…
Join Us for the Virtual Connect 2020 Conference
Read the original article: Join Us for the Virtual Connect 2020 Conference Every year, VMware Carbon Black Connect brings together some of the best and brightest in security to collaborate on solving today’s most pressing problems and to learn about…
Join us for the Virtual Connect 2020 Conference
Read the original article: Join us for the Virtual Connect 2020 Conference Every year, VMware Carbon Black Connect brings together some of the best and brightest in security to collaborate on solving today’s most pressing problems and to learn about…
MITRE ATT&CK Evaluation Demonstrates the Power of the VMware Carbon Black Cloud
Read the original article: MITRE ATT&CK Evaluation Demonstrates the Power of the VMware Carbon Black Cloud MITRE has released the results for its latest endpoint detection and response (EDR) product evaluation using its now industry-standard open methodology, the ATT&CK® framework.…
MITRE ATT&CK Evaluation Demonstrates the Power of the VMware Carbon Black Cloud
Read the original article: MITRE ATT&CK Evaluation Demonstrates the Power of the VMware Carbon Black Cloud MITRE has released the results for its latest endpoint detection and response (EDR) product evaluation using its now industry-standard open methodology, the ATT&CK® framework.…
Intrinsic Security Series: Blog 1 (Tom Corn Video)
Read the original article: Intrinsic Security Series: Blog 1 (Tom Corn Video) We Need to Change the Structure of Security to Transform Security Tom Corn, Senior Vice President of Security Products at VMware, was recently recorded giving his overview of…
Intrinsic Security Series: Blog 1 (Tom Corn Video)
Read the original article: Intrinsic Security Series: Blog 1 (Tom Corn Video) We Need to Change the Structure of Security to Transform Security Tom Corn, Senior Vice President of Security Products at VMware, was recently recorded giving his overview of…
VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus
Read the original article: VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus On February 14, 2020 the U.S. Department of Homeland Security (DHS) released a Malware Analysis Report (MAR-10271944-1.v1) which provided information about a trojan they referred to…
Time for Reflection and Thanks
Read the original article: Time for Reflection and Thanks Most of the programs I ran used calendar years for project planning, budgets, etc. I always found November to be a good time to reflect on the progress made, plan for…
Amid COVID-19, Global Orgs See a 148% Spike in Ransomware Attacks; Finance Industry Heavily Targeted
Read the original article: Amid COVID-19, Global Orgs See a 148% Spike in Ransomware Attacks; Finance Industry Heavily Targeted Cyber criminals often exploit fear and uncertainty during major world events by launching cyberattacks. These attacks are often performed with social engineering campaigns…
6 Tips to Keep Your Video Conferencing Meetings Secure
The sudden and dramatic shift to a mobile workforce has thrust video conferencing into the global spotlight and evolved video conferencing vendors from enterprise communication tools to critical infrastructure. During any major (and rapid) technology adoption, cyberattackers habitually follow the…
The Results Are In: Defender Confidence Is On The Rise
Recently, I spent two weeks traveling across Europe talking with defenders, reporters, and leaders of security programs. While each country faces its own unique challenges and has its own needs, there were a few themes that were consistently present. (Threat…
TAU Threat Analysis: NetWire Variant Leveraging AutoIt Scripts and Windows Shortcut Links
NetWire, an information stealing RAT that dates back multiple years, has been witnessed in the wild recently using a tactic of combining Windows shortcut link files and AutoIt scripts. These scripts pose as BitTorrent files, a protocol used for direct…
Coronavirus and the Growing Mobile Workforce: Prioritizing Endpoint Security
(Editor’s Note: Gary Stevens, a technology writer, is posting as a guest author to carbonblack.com) Despite the global COVID-19 response and current recommendations for social distancing, institutions, enterprises and businesses still need to function and maintain all necessary operations where…
COVID-19: Cybersecurity Community Resources
Novel Coronavirus (COVID-19) has thrust personal safety and security into the public’s consciousness in an unprecedented way. Families, employees and global businesses have been forced to upend their lives to make their respective communities healthier and more resilient. Our collective response to COVID-19 is critical to…
vExpert Security 2020 Award Announcement
Thank you to everyone who applied for the vExpert Security sub-group and thank you to the vExpert PRO’s for doing their part in this process. We are pleased to announce the list of 2020 vExperts Security. Each of these vExperts…
AMA Recap: Top 10 Tips to Secure Your Remote Workforce
This is part of our ongoing conversation about the worldwide challenges of working remotely. To stay up-to-date on the latest insights, refer to our live page for COVID-19: Cybersecurity Community Resources. As organizations around the world transition to remote work en masse, cybersecurity professionals are focused on securing their workforces more than ever. Continued business productivity should not come…
How Federal Employees Can Protect their Agencies During the Pandemic
It’s no secret that the way the world works has shifted since COVID-19 came on the scene. Operations are going remote and, for many government and federal agencies, this is new territory. This novelty is compounded by the fact that…
Managing Team Burn Out
According to the World Health Organization: “Burn-out is a syndrome conceptualized as resulting from chronic workplace stress that has not been successfully managed. It is characterized by three dimensions: feelings of energy depletion or exhaustion increased mental distance from one’s job,…
Announcing the Release of Malware Prevention for Linux
The VMware Carbon Black team has a mission to keep your entire organization safe from cyber attacks. To deliver on this for today’s landscape, the Carbon Black Cloud platform has added malware prevention for Linux to bring the entire protection…
COVID-19: Cybersecurity Community Resources
Novel Coronavirus (COVID-19) has thrust personal safety and security into the public’s consciousness in an unprecedented way. Families, employees and global businesses have been forced to upend their lives to make their respective communities healthier and more resilient. Our collective response to COVID-19 is critical to…
The Dukes of Moscow
Overview APT29, also known as The Dukes or Cozy Bear, is a cyberespionage group active since at least 2008. It’s believed that the group operates either under the Russian Foreign Intelligence Service (SVR) or the Russian Federal Security Service (FSB).…
How to Do More with Less — a CISO’s Perspective
I’ve learned a ton of lessons over my years in the InfoSec world. I’ve made a lot of the right calls, but also a bunch of wrong ones. One of the lessons I have learned is how to operate in…
How VMware Carbon Black Helps Agencies Meet CDM Requirements
When a crime is committed, one of the first things the police do is collect evidence from any security cameras nearby, and these days, cameras are everywhere. That’s a model that federal agencies want to apply to cybersecurity. This constant…
Defender Behavior in 2019
Security is a team sport, or at least it should be. Given the constant behavior evolution we see from attackers and the vast IT footprint attackers can target, IT and security teams clearly face an uphill battle. Whereas attackers only…
Q&A: Insights from the Red Canary 2020 Threat Detection Report
In light of the latest update to the MITRE ATT&CK framework, Red Canary has developed a Threat Detection Report uncovering the top techniques attackers use to target your organization. To understand the significance of the report, we turned to two…
COVID-19: Cybersecurity Community Resources
Novel Coronavirus (COVID-19) has thrust personal safety and security into the public’s consciousness in an unprecedented way. Families, employees and global businesses have been forced to upend their lives to make their respective communities healthier and more resilient. Our collective response to COVID-19 is critical to…
VMware Carbon Black Removes Endpoint Limits for Customers to Secure Their Changing Environments During the COVID-19 Crisis
Novel Coronavirus (COVID-19) has thrust personal safety and security into the public’s consciousness in an unprecedented way. Families, employees, and global businesses have been forced to upend their lives to make their respective communities healthier and more resilient. A key…
VMware Carbon Black Removes Endpoint Limits for Customers to Secure Their Changing Environments During the COVID-19 Crisis
Novel Coronavirus (COVID-19) has thrust personal safety and security into the public’s consciousness in an unprecedented way. Families, employees, and global businesses have been forced to upend their lives to make their respective communities healthier and more resilient. A key…
What is the Cybersecurity Equivalent of Washing Your Hands for 20 Seconds?
With COVID-19’s spread, there have been numerous recommendations from health authorities and experts that one of the best, first-level measures to help spread infection is to wash hands with soap and water thoroughly for 20 seconds. In recent days, we’ve…
COVID-19: Cybersecurity Community Resources
Novel Coronavirus (COVID-19) has thrust personal safety and security into the public’s consciousness in an unprecedented way. Families, employees and global businesses have been forced to upend their lives to make their respective communities healthier and more resilient. Our collective response to COVID-19 is critical to…
Detecting Fileless Attacks with Enterprise EDR’s AMSI Visibility
If this year’s 2020 Cybersecurity Outlook Report taught us anything, it’s that defenders are seeing an increasing amount of defense evasion techniques in their environments. It’s crucial for security teams to have the granular visibility they need to spot malicious…
COVID-19: Cybersecurity Community Resources
Novel Coronavirus (COVID-19) has thrust personal safety and security into the public’s consciousness in an unprecedented way. Families, employees and global businesses have been forced to upend their lives to make their respective communities healthier and more resilient. Our collective response to COVID-19 is critical to…
Evaluating EPP in the Time of XDR
The endpoint detection and response (EDR) market is not only more critical than ever, it is also going through the biggest period of innovation in its history – bigger than when EDR was first introduced by Carbon Black 7 years…
2019: Looking Back at Ransomware
In security, 2016 was “The Year of Ransomware.” Since then, ransomware has only gotten more pervasive, costing billions in damages. In that vein, 2019 could have been referred to as “The Year of Ransoming Governments.” More than 70 state and…
New Osterman Research Report | Cyber Security in Healthcare
In 2019, roughly 45 million healthcare records were breached in the United States. With ransomware as their go-to technique, cyber attackers are targeting healthcare providers, medical devices, and critical supply chains more than ever before. The latest Osterman Research report,…
2019: Looking Back at Malware
In 2019, attacker behavior evolved, becoming more evasive. The most common behaviors seen across all attack data—mapped to the MITRE ATT&CK™ Framework—were: Software Packing for Defense Evasion, Hidden Windows for Defense Evasion, Standard Application Layer Protocol for Command and Control…
2019: Looking Back at Malware
In 2019, attacker behavior evolved, becoming more evasive. The most common behaviors seen across all attack data—mapped to the MITRE ATT&CK™ Framework—were: Software Packing for Defense Evasion, Hidden Windows for Defense Evasion, Standard Application Layer Protocol for Command and Control…
Announcing the VMware vExpert Security Program!
We’re excited to share that the VMware Security Products Team and Carbon Black is announcing a new Security vExperts program. If you’re not familiar with vExperts, the program is designed to recognize individuals who are passionate about sharing their knowledge…
RSA 2020 – That’s a Wrap!
Last week VMware Carbon Black attended the RSA Conference 2020 in San Francisco! This year was bigger than ever before, as we shared our vision for intrinsic security — for a safer, more effective world. Get all the highlights and…
IT Operations and Security: It’s Time to Build Something Better Together
Having been in the industry for longer than I care admit, I have seen the growth pre and post public internet. With that growth, there have been many changes with how organizations address the balance of IT Operations and Security,…
VMware Carbon Black Threat Analysis: FTCODE Ransomware
FTCODE is a fully PowerShell-based ransomware. It is distributed via malicious document files that contain macros or using VBScript to download and launch the malicious PowerShell script. FTCODE ransomware will scan a specific list of file extensions and encrypt them…
2020 Cybersecurity Outlook Report
In case you missed it, we are excited to release our latest report from the VMware Carbon Black Threat Analysis Unit (TAU), the “2020 Cybersecurity Outlook Report”. In the search for clarity in the modern attacker vs. defender battle, it’s…
Performance Testing: Justifying Cost and Performance Improvements (Part 2)
As mentioned in the first blog in this series, Melanie, a performance engineer at VMware Carbon Black, built both baseline and investigative tests for the engineers that develop and maintain the company’s reputation services. Here’s a deeper look at these…
Simplicity is the Key to Enterprise Cybersecurity
(**Editor’s Note: **Sam Bocetta, a guest author on the VMware Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography.) In today’s digital environment,…
Bringing Intrinsic Security to RSA Conference 2020
This year at the RSA Conference, VMware will be highlighting our vision for Intrinsic Security, a safer, more effective security built into the fabric of the various infrastructure control points that are vulnerable to attack (endpoint, identity, network, cloud, workload). …
The Game Changing Role of Performance Testing (Part 1)
In two previous blogs, VMware Carbon Black software engineers discussed how important it was to maintain a balance of latency, scale, and cost as they built out and enhanced the company’s reputation services. They also provided some insights into the…
The Game Changing Role of Performance Testing (Part 1)
In two previous blogs, VMware Carbon Black software engineers discussed how important it was to maintain a balance of latency, scale, and cost as they built out and enhanced the company’s reputation services. They also provided some insights into the…
Bringing Intrinsic Security to RSA Conference 2020
This year at the RSA Conference, VMware will be highlighting our vision for Intrinsic Security, a safer, more effective security built into the fabric of the various infrastructure control points that are vulnerable to attack (endpoint, identity, network, cloud, workload). …
Breaking Down Election Security: Points of Vulnerability and Solutions
The importance of cybersecurity in the context of the democratic process has become undeniable—with nation-state hackers setting their sights on elections as effective vehicles for attack, disruption, and social unrest. Christopher Wray, the Director of the FBI, testified to Congress…
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0)
Summary The VMware Carbon Black Threat Analysis Unit (TAU) previously released a blog post documenting the Winnti version 4.0 malware. The new command and control (C2) protocol that was implemented in one of the 4.0 samples was completely different from…
State & Local Governments: The Cyberinsurgency Spreads
Today’s world is dramatically different than even five years ago. Ransomware attacks, which used to make global headlines, are now commonplace. Cybercriminals—who have historically targeted large enterprises—are now also setting their sights on state and local governments. New, sophisticated cyberattacks…
State & Local Governments: The Cyberinsurgency Spreads
Today’s world is dramatically different than even five years ago. Ransomware attacks, which used to make global headlines, are now commonplace. Cybercriminals—who have historically targeted large enterprises—are now also setting their sights on state and local governments. New, sophisticated cyberattacks…
Why Our Customers Love VMware Carbon Black
As the cybersecurity world advances, organizations are starting to change their approach to security. More and more teams are moving to the cloud to maximize their endpoint protection and simplify their security stack. Using VMWare Carbon Black’s Cloud platform, our…
See the Advantages of Intrinsic Security | Join the Webinar Next Week
At VMware Carbon Black, we’re excited to continue exploring our approach to Intrinsic Security. What what does “intrinsic security” mean, and how does it help enhance and support an organization’s existing security stack? Truly, there has never been a more challenging nor exciting time in cybersecurity. Sophistication…
VMware Carbon Black TAU Threat Analysis: Shlayer (macOS)
Following our initial reporting of this threat, Carbon Black’s Threat Analysis Unit (TAU) has continued following the Shlayer family of malware and monitoring changes adopted by this campaign. Although detection by antivirus vendors has improved over the past year, the malware authors continue to release new…
VMware Carbon Black TAU: Ryuk Ransomware Technical Analysis
Ryuk Ransomware has been crippling both the public and private sector recently with the ability to disrupt its target environment. The ransomware will typically be dropped by an already compromised system that has been infected by Trickbot or Emotet through…
Partner Perspectives: Protecting Industrial Control Systems with Verve Industrial’s Endpoint Management and Carbon Black App Control
Imagine waking up in the morning, flipping on your light switch and nothing happens. The natural human response is to flip the switch a few more times before realizing something is wrong. You jump out of bed and notice the…
Threat Analysis Unit (TAU) Threat Intelligence Notification: MailTo (NetWalker) Ransomware
MailTo is a ransomware variant that has recently been reported to have been part of a targeted attack against Toll Group, an Australian freight and logistics company. This ransomware makes no attempt to remain stealthy, and quickly encrypts the user’s…
How we Developed a Unified Binary Store (UBS): Part 2
[As you may have seen in Part One of this blog, one of our engineering teams at VMware Carbon Black was tasked with building a Unified Binary Store (UBS) that would increase operational efficiencies and serve as a centralized source…
Invoke-APT29: Adversarial Threat Emulation
MITRE recently conducted its second ATT&CK exercise in their ongoing annual series of Endpoint Security Efficacy testing and evaluation. This test focuses on assessing the behavioral capabilities of multiple endpoint security vendors against a simulated adversary, based closely around well-documented, real-world…
Threat Analysis Unit (TAU) Threat Intelligence Notification: SNAKE Ransomware
A new enterprise targeting ransomware named ‘SNAKE’ was recently discovered. Similar to the other variants of ransomware, it will stop numerous processes or services such as antivirus software and perform the deletion of volume shadow copies to ensure all the…
Threat Analysis Unit (TAU) Threat Intelligence Notification: SNAKE Ransomware
A new enterprise targeting ransomware named ‘SNAKE’ was recently discovered. Similar to the other variants of ransomware, it will stop numerous processes or services such as antivirus software and perform the deletion of volume shadow copies to ensure all the…
CB Customer Spotlight: Q&A with BraunAbility’s Arlie Hartman
BraunAbility is a mobility vehicle company committed to improving access and transportation for the world’s wheelchair community. Driven by a strong corporate culture of doing right by their customers and communities, providing advanced security has become an essential pillar of…
Threat Analysis Unit (TAU) Threat Intelligence Notification: Snatch Ransomware
During the end of the year 2019, a ransomware named ‘Snatch” was discovered. Snatch ransomware will force Windows to reboot in Safe Mode (where most of the software and system drivers will not be running) in order to perform the…
Threat Analysis Unit (TAU) Technical Report: The Prospect of Iranian Cyber Retaliation
Several different events in the Middle East (ME) region have escalated in the last several weeks between Iran and the United States. After a series of military operations between the two countries, several alerts were released from the U.S. government…
Threat Analysis Unit (TAU) Threat Intelligence Notification: SatanCryptor Ransomware
In early January 2020, a new ransomware named ‘SatanCryptor’ was discovered. After it performs file encryption, it will drop a ransom note named “# SATAN CRYPTOR #.hta” and append ‘.satan’ as a file extension to the encrypted files. In addition,…
Threat Analysis Unit (TAU) Technical Report: The Prospect of Iranian Cyber Retaliation
Several different events in the Middle East (ME) region have escalated in the last several weeks between Iran and the United States. After a series of military operations between the two countries, several alerts were released from the U.S. government…
Threat Analysis Unit (TAU) Threat Intelligence Notification: Snatch Ransomware
During the end of the year 2019, a ransomware named ‘Snatch” was discovered. Snatch ransomware will force Windows to reboot in Safe Mode (where most of the software and system drivers will not be running) in order to perform the…
Threat Analysis Unit (TAU) Threat Intelligence Notification: SatanCryptor Ransomware
In early January 2020, a new ransomware named ‘SatanCryptor’ was discovered. After it performs file encryption, it will drop a ransom note named “# SATAN CRYPTOR #.hta” and append ‘.satan’ as a file extension to the encrypted files. In addition,…
Using Live Query to Audit Your Environment for the Windows CryptoAPI Spoofing Vulnerability
This week, as part of its monthly patch Tuesday release, Microsoft disclosed an important security vulnerability (CVE-2020-0601) affecting millions of Windows 10 and Windows Server 2016 & 2019 systems. More specifically, this vulnerability is a result of the way Windows…
How we Developed a Unified Binary Store (UBS): Part 1
Like most technology companies, VMware Carbon Black has a combination of acquired and built technologies that all utilize their own data stores. As our products have evolved to include the benefits of a centralized cloud offering, our data stores needed…
How to Use VMware Carbon Black’s Real-Time Endpoint Query to Identify BlueKeep Vulnerability Risk
Recently, security researchers revealed a Proof of Concept attack that leverages the BlueKeep vulnerability. Whenever this type of news breaks on the twittersphere, organizations are left with the question: “Are we susceptible to this type of attack?” Using CB LiveOps,…
Making Container Deployment and Analysis Self-Service for Development
Team Riptide was tasked with creating an environment for our developers that removes operational burdens. We wanted to provide them with infrastructure, best practices, automation, and self-service tooling so that they could focus on innovation. The result is an internal…