RSS

Russian Intrusion into Critical US Infrastructure: Did the US Ignore Critical Warning Signs? Will it Continue to Ignore Them?

We’ve seen this spring and summer how hackers have been targeting nuclear power plants in the US. Since May, a dozen power plants, including the Wolf Creek nuclear facility in […]

July 27, 2017 by Nick Bilogorskiy

NotPetya: A Ransomware Wave on the Wake of WannaCry

On June 27, we have seen yet another wave of ransomware with worm spreading capability hit various countries around the world. This one, dubbed PetrWrap, seem to be similar to Petya […]

June 30, 2017 by Cyphort Labs

Turf War Erupts Between Cryptocurrency Miners

Cyphort has been monitoring how threat actors are exploiting computing resources from compromised victims to mine various cryptocurrency. In our latest discovery, it seems these threat actors are aware of […]

June 15, 2017 by Mounir Hahad

Avoid Security Alert Fatigue: Simplify and Accelerate Your Incident Response

An FBI report released last year estimated 327,374 robberies nationwide, which accounted for an estimated loss of $390 million. Cyber theft is not far different from the physical theft but […]

June 13, 2017 by Suba Pandian

Samba CVE-2017-7494 Getting Exploited in the Wild, Distributing Bitcoin Miners

In our continuous monitoring of threats in the wild, Cyphort Labs has detected multiple exploitation attempts using the recently disclosed Samba vulnerability CVE-2017-7494. The threat actors probably belong to some cyber […]

June 12, 2017 by Alex Burt

Why UEBA Might Have Sent Johnny to Jail

Strange title, I know. But hang with me. In my previous blog, I mentioned three research projects that Cyphort recently completed, which revealed growing dissatisfaction among SIEM users. Their two […]

May 23, 2017 by Franklyn Jones

EternalBlue Exploit Actively Used to Deliver Remote Access Trojans

During the WannaCry pandemic attack, Cyphort Labs discovered that other threat actors have been using the same EternalBlue exploit to deliver other malware. This malware is not a ransomware and is not […]

May 17, 2017 by Paul Kimayong

Turf War Erupts Between Cryptocurrency Miners

Cyphort has been monitoring how threat actors are exploiting computing resources from compromised victims to mine various cryptocurrency. In our latest discovery, it seems these threat actors are aware of […]

June 15, 2017 by Mounir Hahad

Cyphort identifies harder to kill WannaCry Ransomware

In the course of our research on the massive WannaCry ransomware campaign that affected more than a hundred countries since Friday May 12, Cyphort researchers have come across a sample […]

May 15, 2017 by Mounir Hahad

Hancitor’s Exploitation of Win32 APIs to do its Malicious Bidding

Cyphort has been seeing an ongoing spam campaign distributing the Hancitor trojan. Hancitor is a malicious document that contains a macro which will trigger the download of a secondary payload. The […]

May 9, 2017 by Marci Kusanovich

New Emotet likes Cookies, C2 Server Responds with Fake 404

At Cyphort Labs, we discovered a new wave of Emotet making rounds as early as March 29, 2017. Emotet is known to be a notorious banking Trojan that performs information […]

May 2, 2017 by Joe Dela Cruz

See the Anti-SIEM in Action.

Schedule a live demo at your convenience, and we’ll present the detection, analytics, and mitigation capabilities of the platform.