Why UEBA Might Have Sent Johnny to Jail

Strange title, I know. But hang with me. In my previous blog, I mentioned three research projects that Cyphort recently completed, which revealed growing dissatisfaction among SIEM users. Their two […]

May 23, 2017 by Franklyn Jones

EternalBlue Exploit Actively Used to Deliver Remote Access Trojans

During the WannaCry pandemic attack, Cyphort Labs discovered that other threat actors have been using the same EternalBlue exploit to deliver other malware. This malware is not a ransomware and is not […]

May 17, 2017 by Paul Kimayong

Cyphort identifies harder to kill WannaCry Ransomware

In the course of our research on the massive WannaCry ransomware campaign that affected more than a hundred countries since Friday May 12, Cyphort researchers have come across a sample […]

May 15, 2017 by Mounir Hahad

Hancitor’s Exploitation of Win32 APIs to do its Malicious Bidding

Cyphort has been seeing an ongoing spam campaign distributing the Hancitor trojan. Hancitor is a malicious document that contains a macro which will trigger the download of a secondary payload. The […]

May 9, 2017 by Marci Kusanovich

New Emotet likes Cookies, C2 Server Responds with Fake 404

At Cyphort Labs, we discovered a new wave of Emotet making rounds as early as March 29, 2017. Emotet is known to be a notorious banking Trojan that performs information […]

May 2, 2017 by Joe Dela Cruz

Putting the “S” Back into SIEM

Over the past several months, Cyphort has been working with the Ponemon Institute, Osterman Research, and InterQ research on three separate research projects, all aimed at getting a better understanding […]

April 26, 2017 by Franklyn Jones

Karmen Ransomware-as-a-Service flawed

Karmen is a new RaaS (Ransomware as a Service) being offered in the underground forum. According to a recent research from Recorded Future, this ransomware is being advertised and sold in a […]

April 24, 2017 by Paul Kimayong

Cyphort identifies harder to kill WannaCry Ransomware

In the course of our research on the massive WannaCry ransomware campaign that affected more than a hundred countries since Friday May 12, Cyphort researchers have come across a sample […]

May 15, 2017 by Mounir Hahad

New Breed of Cerber Ransomware Employs Anti-Sandbox Armoring

Most sandboxes typically have some API monitoring module to be able to identify and describe what the program is trying to do. In order to do this, they hook APIs […]

April 12, 2017 by Paul Kimayong

Avoid the Click Bait: Secure your Email from Ransomware & Spear Phishing Attacks

Exciting new technological innovations are changing our lifestyle everyday, and so are the new types of cyber threats making us more vulnerable. When we worry about the possibility of our […]

April 11, 2017 by Suba Pandian

From Zero-Day to Zero Privacy

I recently participated in a panel hosted by ITSP Magazine about #Vault7. For background, on March 7, WikiLeaks posted the “largest ever publication of confidential documents” from the CIA, that […]

March 23, 2017 by Nick Bilogorskiy

See the Anti-SIEM in Action.

Schedule a live demo at your convenience, and we’ll present the detection, analytics, and mitigation capabilities of the platform.