Endpoint Security Advanced Threat Detection Strategies for EDR November 23, 2017 by arpit Advancements in cybersecurity products and widespread adoption of HTML5 and the Chrome browser have made carrying out browser-based exploits much more labor intensive for malware authors, so they shifted their focus to human engineering. These days, people are much easier fooled than technology. Research shows that approximately 5% of enterprise users will fall for clever […] Read more » advanced threat detection EDR malware detection
Endpoint Security Watch Out for These Two Data Exfiltration Channels November 9, 2017 by arpit Data exfiltration is a form of security breach whereby attackers attempt to break into a network and gain control of a target machine to steal valuable data. IT security teams try to prevent data exfiltration by predicting exactly how the data will be stolen from a machine. Common detection techniques focus on attributes of the […] Read more » data exfiltration
Endpoint Security Is Your EDR Putting Your Data and Network at Risk? August 10, 2017 by arpit The latest debate about the disclosure of customers data uploaded by an EDR solution to multi scanners raises some important questions about how much you can really trust your security vendor. Although it seems that the EDR vendor did not intentionally do anything wrong, the problem is embedded within the concept. Like many other security products, […] Read more » EDR
Endpoint Security Whitelisting Fails: 4 Ways Malware Bypass Application Whitelisting July 11, 2017 by arpit Application whitelisting is a method for security control which only allows approved processes, applications and DLLs to load and execute. It involves building a baseline of known trusted applications that are approved to use and updating this baseline when an application is changed or added. Whitelisting is useful in environments that don’t change very often, […] Read more » EDR malware detection Whitelisting
Endpoint Security Petya Ransomware: What’s Old, What’s New and What You Should Do June 27, 2017 by arpit A new strain of the Petya ransomware is spreading rapidly over the last 24 hours. The new variant attacked critical infrastructure, airports, pharmaceutical companies, and public transit companies throughout Europe, Asia, and North America. This post will provide a brief overview of the old and new tactics used by the new Petya, and a comprehensive […] Read more » Malware Petya Ransomware
Endpoint Security WannaCry Ransomware Exposed – Behavioral Analysis in Cyberbit EDR May 16, 2017 by arpit The WannaCry/WannaCrypt0r Ransomware attack has been receiving massive publicity following its severe global impact. Much has been written about WannaCry’s ability to spread rapidly by exploiting a Windows Server Message Block (SMBv1) vulnerability, AKA EternalBlue. Upon the outbreak of the attack Cyberbit’s malware researchers took the liberty of running the ransomware on a computer protected by […] Read more » Ransomware wannacry WannaCryptor
Endpoint Security NHS ransomware – what healthcare security leaders should do May 15, 2017 by arpit WannaCry, WannaCryptor and Wana Decryptor are three of the common pseudonyms for Friday’s massive NHS ransomware attacks on the UK’s national healthcare system. As the UK gets ready to return to work Monday morning experts are still very concerned about the continued outbreak and are busy trying to help get computers up and running again […] Read more » EDR healthcare hospital NHS ransomware Ransomware security awareness
Endpoint Security WannaCryptor Ransomware – 3 Actions You Should Take Immediately May 13, 2017 by arpit WannaCryptor Ransomware hit over 40 UK hospitals, as well as over 75,000 additional workstations in 99 countries as of today, in what is turning to be the most massive ransomware campaign to date. The ransomware, also referred to as WannaCry and Wana Decrypt0r, is delivered as a Trojan, which is downloaded when the user mistakenly […] Read more » Ransomware WannaCryptor
Endpoint Security Malware Terms for Non-techies: What is DLL Hijacking? February 13, 2017 by arpit In this next installment of our Malware Terms for Non-Techies series, we’re unraveling a term you have probably come across: DLL hijacking. This method has been a key player in some recent pervasive attacks. Actually, DLL hijacking has been in use for years, causing loss of data in Windows OSs since the early 2000’s. Dynamic […] Read more » DLL Hijacking Windows 10 OS