<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">
Go

New Pervasive Worm Exploiting Linux Exim Server Vulnerability
Cybersecurity

New Pervasive Worm Exploiting Linux Exim Server Vulnerability

There’s an active, ongoing campaign exploiting a widespread vulnerability in linux email servers. Read about the attack first here.

Jun 13, 2019
Read More

Excel4.0 Macros - Now with Twice The Bits!
Vulnerabilities

Excel4.0 Macros - Now with Twice The Bits!

In this research, we outline how to enable the execution of 64-bit shellcode via Excel 4.0 macros and previous research on 32-bit shellcode.

May 9, 2019
Read More

GandCrab's new Evasive Infection Chain
Research

GandCrab's new Evasive Infection Chain

Ransomware is not a new form of attack, but GandCrab has upgraded it to be more dynamic and harder to resolve.

May 7, 2019
Read More

Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
LOLbins

Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware

In this research, we introduce a meticulously planned, malicious operation against a financial institution in April of 2019 by TA505.

Apr 25, 2019
Read More

How to Generate a Hypothesis for a Threat Hunt
Threat Hunting

How to Generate a Hypothesis for a Threat Hunt

Many find the process of threat hunting to be too demanding. What are you supposed to hunt? Where do you even begin?

Apr 24, 2019
Read More

A One-two Punch of Emotet, TrickBot, & Ryuk Stealing & Ransoming Data
Trojan

A One-two Punch of Emotet, TrickBot, & Ryuk Stealing & Ransoming Data

The Cybereason team has identified a malware campaign that combines Emotet, TrickBot, and Ryuk to steal and ransom data.

Apr 2, 2019
Read More

Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk
Trojan

Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk

The Cybereason team has uncovered a severe threat that adapts Emotet to drop TrickBot, and adapts TrickBot to not only steal data but also download the Ryuk ransomware.

Apr 2, 2019
Read More

Use SIEM and EDR Together to Improve Defenses and Save Money
Cybersecurity

Use SIEM and EDR Together to Improve Defenses and Save Money

Our white paper explores the complementary and interdependent uses of SIEM, SOAR, and EDR technologies. By using these tools in conjunction with clearly defined roles, security operations teams can reduce costs, improve security, and assist human intelligence in a repeatable, reliable way.

Mar 25, 2019
Read More

Delayed Detections in MITRE ATT&CK: What Do They Mean for a Business?
MITRE ATT&CK Framework

Delayed Detections in MITRE ATT&CK: What Do They Mean for a Business?

During the recent MITRE evaluations, it became apparent that many security vendors, while able to detect threats, were doing so well after the fact. It's important to consider what these delayed detections would mean for a SOC experiencing a real breach.

Mar 19, 2019
Read More

New Ursnif Variant Comes with Enhanced Information Stealing Features
Research

New Ursnif Variant Comes with Enhanced Information Stealing Features

The Cybereason research team observed a new campaign involving Ursnif in the beginning of 2019 attacking users in Japan across multiple customer environments. This Ursnif variant has enhanced stealing modules focused on taking data from mail clients and email credentials stored in browsers.

Mar 12, 2019
Read More