<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">
Cybereason + Arm: Securing The Core of IoT
LEARN MORE →
Securing IoT
LEARN MORE →
Go

LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack
Phishing

LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack

Cybereason detected an evasive infection technique used to spread a variant of the Ramnit banking Trojan as part of an Italian spam campaign. We investigate this attack, its use of sLoad, and its adoption of LOLbins to minimize discovery.

Jan 3, 2019
Read More

The Round I MITRE ATT&CK Product Evaluations: A Guide By Security Experts
MITRE ATT&CK Framework

The Round I MITRE ATT&CK Product Evaluations: A Guide By Security Experts

The MITRE ATT&CK framework is a complex solution to a complex problem. Rather than simply scoring vendors on a linear scale, it offers a more profound view of capabilities, applicability, and use-case. This is what you need to know about the way MITRE uses ATT&CK to evaluate security vendors, and how threat hunting factors into the ATT&CK framework.

Dec 20, 2018
Read More

Pervasive Brazilian financial malware targets bank customers in Latin America and Europe

Pervasive Brazilian financial malware targets bank customers in Latin America and Europe

Cybereason’s Nocturnus team analyzed numerous campaigns related to Brazilian financial malware and found that these programs have become pervasive and infected 60 banks in nearly a dozen countries throughout South America, Spain and Portugal.

Nov 29, 2018
Read More

How to navigate events that can either make or a break a CISO's career: maturity shift and management briefings
CISO

How to navigate events that can either make or a break a CISO's career: maturity shift and management briefings

Security leaders need to approach management briefings and maturity shifts with a business mindset and show how the security department will help the organization. Remember to omit the technical details. They'll only portray the CISO or CSO as a technologist who isn't ready for the C-suite, said Cybereason CSO Sam Curry.

Nov 28, 2018
Read More

Irresistible forces must be met with immovable objects
IoT

Irresistible forces must be met with immovable objects

Cybereason and ARM are teaming up to secure IoT devices. Here's how the two companies plan on using threat hunting powered by artificial intelligence to detect attackers that use connected devices as infiltration points to move laterally to networks.

Oct 17, 2018
Read More

New Betabot campaign under the microscope

New Betabot campaign under the microscope

The Cybereason SOC has detected multiple Betabot infections in customer environments. In this blog, Cybereason researchers study Betabot’s infection chain and self-defense mechanisms using data gathered from customer environments.

Oct 3, 2018
Read More

Why hacking electronic voting machines isn't the only way to impact an election
Cybersecurity

Why hacking electronic voting machines isn't the only way to impact an election

Cybereason held a tabletop exercise to see how attackers could influence elections and how elected officials would protect the vote.

Sep 24, 2018
Read More

VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE: Part one

VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE: Part one

Cybereason's Nocturnus Research team analyzes campaigns targeting the Brazilian financial sector, focusing on infection vectors and the threat actor's toolset and techniques.

Sep 18, 2018
Read More

Wannamine cryptominer that uses EternalBlue still active

Wannamine cryptominer that uses EternalBlue still active

The Wannamine cryptominer, which uses the EternalBlue exploits, is still active although a patch that fixes these well-known vulnerabilities was released last March. Amit Serper, Cybereason's head of security research, examines this variant and makes the case for patching your systems.

Sep 14, 2018
Read More

The anatomy of a .NET malware dropper
Cybersecurity

The anatomy of a .NET malware dropper

Attackers don't need sophisticated tools to create effective malware. Basic tools work just fine. Case in point: Cybereason researchers discovered a .NET dropper/crypter. Here's how they reverse engineered it.

Sep 10, 2018
Read More