Next-Generation Antivirus
Stop tomorrow's threats today
Endpoint Controls
Securely manage the endpoint
Endpoint Detection & Response
Mitigate security threats before they cause harm
Deep Response
Advanced tools for investigation & remediation
Hunter
Hunt at scale with ease
Infinity
Investigate historical data
Managed Detection & Response
Strengthen your security program
Remote Workforce Protection
Easy-to-install protection for remote employees
Active Hunting
Proactively seek out malicious activity
Advanced Analysis
Solve your most complex challenges
Incident Response
Comprehensive resolution to security incidents
Cyber Posture Assessment
Strengthen your security hygiene by closing gaps
Compromise Assessment
Uncover threats active in your environment
In this research, we outline how to enable the execution of 64-bit shellcode via Excel 4.0 macros and previous research on 32-bit shellcode.
Ransomware is not a new form of attack, but GandCrab has upgraded it to be more dynamic and harder to resolve.
In this research, we introduce a meticulously planned, malicious operation against a financial institution in April of 2019 by TA505.
Many find the process of threat hunting to be too demanding. What are you supposed to hunt? Where do you even begin?
The Cybereason team has identified a malware campaign that combines Emotet, TrickBot, and Ryuk to steal and ransom data.
The Cybereason team has uncovered a severe threat that adapts Emotet to drop TrickBot, and adapts TrickBot to not only steal data but also download the Ryuk ransomware.
Our white paper explores the complementary and interdependent uses of SIEM, SOAR, and EDR technologies. By using these tools in conjunction with clearly defined roles, security operations teams can reduce costs, improve security, and assist human intelligence in a repeatable, reliable way.
During the recent MITRE evaluations, it became apparent that many security vendors, while able to detect threats, were doing so well after the fact. It's important to consider what these delayed detections would mean for a SOC experiencing a real breach.
The Cybereason research team observed a new campaign involving Ursnif in the beginning of 2019 attacking users in Japan across multiple customer environments. This Ursnif variant has enhanced stealing modules focused on taking data from mail clients and email credentials stored in browsers.
In this research we dissect a recent campaign that uses language checks and steganography to evade detection. The new variant features a stealthy persistence mechanism, revamped information-stealing modules focusing on mail clients and cryptocurrency, and targets Japanese security products.
