Visibility Becomes Paramount As Endpoints and MSSPs Heat Up

Ben Johnson

This is a guest post contributed by Benjamin Johnson, Chief Security Strategist, Bit9 + Carbon Black. The endpoint security space is hot right now. The managed security provider space is also hot right now. So it only makes sense that managed endpoint security, in one form or another, is the place to be. You cannot defend what you cannot see, … Read More

“Operation Cleaver” Blade Dulled

Phil Hagen

“Operation Cleaver” is an attack campaign Cylance details in a new report.  They contend an Iran-based attack group has compromised hundreds of targets in multiple countries and industries.  Regardless of the claims of attribution, the message is clear: well-financed, strategically focused attack groups continue to digitally plunder their targets.  As a community, our decades-old approach to network and information security simply … Read More

Apple OS X: Now With Red Canary Threat Detection Coverage

Phil Hagen

While Apple OS X has seen increasing market share in many enterprises, the security market has so far failed to provide a corresponding expansion in OS X coverage. Similarly, the once-held and thoroughly misguided concept that “Apple doesn’t get malware” is finally starting to die with the release of several families of malware targeting OS X users. Combined, these two developments mean that … Read More

Are Rogue Code Signing Keys in Your Environment?

Phil Hagen

Although this specific example has been exposed as part of a joke, the threat is real – code signing keys are often targeted by advanced attackers.  Keys stolen during other breach operations have been used to sign malicious software. Perhaps this was inevitable – it appears the attackers behind the Sony breach are using stolen code signing keys to sign the latest variants … Read More

Rapid Detection – CVE-2014-4114, “Sandworm”

Phil Hagen

This week, iSight Partners and Microsoft announced CVE-2014-4114 – “Sandworm”. While Microsoft has released a patch, exploit activity has already been identified in the wild. Red Canary customers will be pleased to know that within 24 hours of the CVE-2014-4114/Sandworm vulnerability’s announcement, we were successfully detecting the threat on their systems. Our team quickly identified the endpoint observations that indicate exploitation has occurred due … Read More

People as the Weak Link in Cybersecurity: Deep Dive Edition

Red Canary

People, it is often said, are the weak link in computer security. Its people falling victim to myriad social engineering techniques that help evil doers overcome technical defenses that lead to data breaches. Yes and no. It is true that stupid human tricks lead to a disturbing number of system compromises, but as Veracode points out in their annual State … Read More

Point of Sale Compromises: Security at the Speed of Business

Phil Hagen

Getting your credit card data pilfered at a point-of-sale system (e.g. cash register) is something that happens to someone else. YOU don’t go to dingy restaurants staffed with shifty wait staff and dodgy card-swipe machines; you go to reputable establishments that use systems built by people who know what they’re doing, right?  Consider this: A remote-access attack on a point-of-sale vendor may … Read More