<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">

Insights Resources

Research

WANNAMINE CRYPTOMINER THAT USES ETERNALBLUE STILL ACTIVE

The Wannamine cryptominer, which uses the EternalBlue exploits, is still active although a patch that fixes these well-known vulnerabilities was released last March. Amit Serper, Cybereason's head of security research, examines this variant and makes the case for patching your systems.

Read More
Research

The Wannamine cryptominer, which uses the EternalBlue exploits, is ...

Read More
White Papers

AI Hunting with the Cybereason Platform: A SANS Review

SANS reviewed Cybereason's AI hunting platform, which offers a lightweight, behavior-focused model ofhost-based protection that can help intrusion analysis and investigations teams more rapidly and efficiently prevent, detect and analyze malicious behavior in their environments.

Read More
White Papers

SANS reviewed Cybereason's AI hunting platform, which offers a ligh...

Read More
Research

ATTACKERS INCRIMINATE A SIGNED ORACLE PROCESS FOR DLL HIJACKING, RUNNING MIMIKATZ

With application whitelisting being integrated into an OS’s security stack, attackers need more creative ways to use their tools without getting detected. In this incident observed by Cybereason, DLL hijacking was used to run Mimikatz using a process that was signed and verified by Oracle.

Read More
Research

With application whitelisting being integrated into an OS’s securit...

Read More
Research

NIGHT OF THE DEVIL: RANSOMWARE OR WIPER? A LOOK INTO TARGETED ATTACKS IN JAPAN USING MBR-ONI

For several months Cybereason has been following the concerning rise of ONI, a family of ransomware involved in targeted attacks against Japanese companies. We suspect that the ONI ransomware was used as a wiper to cover up an elaborate hacking operation.

Read More
Research

For several months Cybereason has been following the concerning ris...

Read More
Research

LEVERAGING EXCEL DDE FOR LATERAL MOVEMENT VIA DCOM

DDE, or Dynamic Data Exchange, is a legacy interprocess communication mechanism that’s been part of some Windows applications since as early as 1987. DDE enables applications to request items made available by other programs, such as cells in a Microsoft Excel spreadsheet, and be notified of any changes within these items.

Read More
Research

DDE, or Dynamic Data Exchange, is a legacy interprocess communicati...

Read More