-
BlogHere our experts provide in-depth analysis of advanced threats,
reveal the latest tricks and tools used by hackers,
and profile the ones that we catch.BlogHere our experts provide in-depth analysis of advanced threats, reveal the latest tricks and tools used by hackers, and profile the ones that we catch.
Highlights from Black Hat & DEFCON
/0 Comments/in Blog /by Daniel GoldbergI spent the last week at the “Hacker Summer Camp” of Black Hat and DEFCON. Besides meeting people and enjoying the dual craziness of the DEFCON crowd and the Black Hat business hall, we also gave a well received lecture – Escalating Insider Threats using VMWare’s API. Ofri Ziv, Head of GuardiCore labs, presented a […]
Escalating Insider Threats Using VMware’s API
/2 Comments/in Blog /by Ofri Ziv and Daniel GoldbergOverview VMware vSphere is the most widely used virtualization platform for on-premises data centers. Similarly to other virtualization platforms, it basically relies on host servers running guest machines. These hosts and guest machines can be managed using administration interfaces such as vSphere API and VIX API. The GuardiCore Labs team has discovered a vulnerability in […]
Top 5 Things to See and Do During Black Hat 2017
/0 Comments/in Blog /by Dave KleinFrom the horrors of ransomware, panic over election hacking, stolen emails to very interesting things like WannaCry andPetya/NotPetya/Nyetya/Goldeneye, it’s been a red-letter year in the world of cybersecurity. At Black Hat 2016 we introduced the Infection Monkey, free, open source pen test tool to educate the world on lateral movement. Lateral movement is how hackers […]
GDPR is coming. Brace for impact
/0 Comments/in Blog /by Sharon BesserDo you remember the Data Protection Directive 95/46 EC ? Probably not, and for a good reason: This 1995 European Union (EU) directive regulates the processing of personal data within the EU. Compliance throughout the years has been mandatory but its enforcement section was weak, keeping the risk of non-compliance for companies at low rates. […]
Notes and Takeaways from Gartner’s Security and Risk Management Summit – Part 2
/0 Comments/in Blog /by Sharon BesserMore Notes and Takeaways from Gartner’s Security and Risk Management Summit This is the second post in a series about “things that I observed and learned at the Gartner Security and Risk Management Summit”. In this post I will focus on some “product” aspects of the conference. (Missed the first blog? See it here) Gartner […]
Key Takeaways from Gartner’s Security and Risk Management Summit
/0 Comments/in Blog /by Sharon BesserLast week Gartner held its annual Security and Risk Management Summit in National Harbor, MD, few miles away from Washington D.C. Much like the RSA Conference, this event is becoming a “must” for security and risk management leaders. While the presentations and discussions in San Francisco (RSA) focus on technology and implementation best practices, at […]
SambaCry, the Seven Year Old Samba Vulnerability, is the Next Big Threat (for now)
/4 Comments/in Blog /by Ravit Greitser and Daniel GoldbergOverview The Samba team released a patch on May 24 for a critical remote code execution vulnerability in Samba, the most popular file sharing service for all Linux systems. Samba is commonly included as a basic system service on other Unix-based operating systems as well. This vulnerability, indexed CVE-2017-7494, enables a malicious attacker with valid […]
Detecting and Mitigating WannaCry and Its Copycats Using GuardiCore Centra Platform
/0 Comments/in Blog /by Daniel Goldberg and Ofri ZivAttack overview WannaCry and its copycat attacks work by exploiting the Microsoft Windows SMB Server critical vulnerability (MS17-010). Patched Windows machines are safe while any unpatched Windows machine is at risk. The WannaCry campaign threatens internet facing as well as internal networks, since a compromised laptop/server in the network will try to propagate and infect […]
Musing on Ransomware and Other Sophisticated Attacks
/0 Comments/in Blog /by Sharon BesserEveryone has something to write about ransomware. One can not open a mobile device or a news site without getting notification about some new ransomware-related content. There’s a good reason: The recent events, media attention and to a certain degree, the public’s panic around the WannaCry ransomware attack are driving a lot of interest and even increase the […]
The Bondnet Army: Questions & Answers
/0 Comments/in Blog /by Daniel Goldberg and Ravit GreitserLast week we announced the discovery of Bondnet, a new botnet that was uncovered by GuardiCore Labs. The originator of Bondnet had installed a cryptocurrency miner and backdoor in thousands of servers of varying power and conscripted them into a botnet – a group of computing devices that can be centrally controlled for malicious purposes.