Collaborate Disseminate
Google Cloud’s intelligence research and applications team has created and released a collection of 165 YARA rules to help defenders flag Cobalt Strike components deployed by attackers. “Our intention is to move the tool back to the domain of leg… Continue reading Google seeks to make Cobalt Strike useless to attackers
Tanium has expanded its partnership with Google Cloud to help organizations accelerate the transformation to distributed business operations. This new offering, sold by Tanium, will help enterprises detect, investigate, and scope advanced, long-lived a… Continue reading Tanium and Google Cloud partner to deliver security transformation
Note: Yes, this is written while wearing my vendor hat. But do keep in mind that I only work on things I believe in! So, don’t knock that hat off my head :-)
If you recall my post “So, Chronicle, Are You A SIEM?”, the conversatio… Continue reading Cyderes CNAP Makes SIEM Modernization a Snap
Road to Detection: YARA-L Examples — Part 4 of 3
Upon reading all of Part 1, Part 2 and Part 3 of my blog series that revealed our (Chronicle) approach to detection, many of you asked for more YARA-L detection language examples.
… Continue reading Road to Detection: YARA-L Examples — Part 4 of 3
In the news segment, Is Broadcom buying Symantec?, Chronicle will join Google Cloud, PingID to Support FIDO-Compliant Biometric Authentication and Security Keys, and BeyondTrust Simplifies Endpoint Privilege Management with PAM Platform Integration… Continue reading PinID, Infoblox, & BeyondTrust – Enterprise Security Weekly #144
When U.S. Cyber Command warned last week that a hacking group was using a Microsoft Outlook vulnerability previously leveraged by an Iran-linked malware campaign, it appeared to be signaling just how much the military knows about those operations. But the alert was significant in other ways: behind-the-scenes details uncovered by CyberScoop show that it is an example of how the U.S. government has built up its use of the information-sharing platform VirusTotal so the private sector gets more information sooner. Along with Cyber Command’s warning, which also was shared in a tweet, the Department of Homeland Security (DHS) released its own private warning to industry, CyberScoop has learned. The department’s traffic light protocol (TLP) alert covered the same threat that Cyber Command would eventually post to VirusTotal. In going public with the malicious files, Cyber Command appears to have revealed new information about how Iran-linked actors leveraged another malware family, known as Shamoon, as recently as 2017, according to Chronicle, which owns VirusTotal. Not only is it […]
The post Why Cyber Command’s latest warning is a win for the government’s information sharing efforts appeared first on CyberScoop.
Alphabet’s moonshot appears to have flown off course. Google Cloud announced on Thursday it will takeover Chronicle, the cybersecurity company that Alphabet launched last year as part of its “moonshot program.” Chronicle began as an independent Alphabet company led by former Symantec chief operating officer Stephen Gillett. Chronicle launched its first product, the analytics tool Backstory, in March. “Chronicle’s products and engineering team complement what Google cloud offers,” Google Cloud CEO Thomas Kurian wrote in a blog post. “Chronicle’s VirusTotal malware intelligence services will be a powerful addition to the pool of threat data informing Google Cloud offerings, and will continue to support applications running on our platforms.” The companies are scheduled to be completely combined by the fall, Kurian added. This change comes after Google Cloud purchased Looker, a data analytics provider, for $2.6 billion with an eye on accelerating that company’s growth. Google said at the time that […]
The post Chronicle, Alphabet’s push into security, will join Google Cloud appeared first on CyberScoop.
Continue reading Chronicle, Alphabet’s push into security, will join Google Cloud
The malware sample that U.S. Cyber Command uploaded to VirusTotal last week is still involved in active attacks, multiple security researchers tell CyberScoop. Researchers from Kaspersky Lab and ZoneAlarm, a software security company run by Check Point Technologies, tell CyberScoop they have linked the malware with APT28, the same hacking group that breached the Democratic National Committee during the 2016 election cycle. A variant of the malware is being used in ongoing attacks, hitting targets as recently this month. The targets include Central Asian nations, as well as diplomatic and foreign affairs organizations, Kaspersky Lab’s principal security researcher Kurt Baumgartner tells CyberScoop. While ZoneAlarm can’t confirm the targets the attack is focused on, the company detected the specific malware hash in an active attack in the Czech Republic last week, Lotem Finkelsteen, ZoneAlarm’s Threat Intelligence Group Manager, tells CyberScoop. “Although we cannot confirm such an attack, Finkelsteen said, referring to the […]
The post Cyber Command’s latest VirusTotal upload has been linked to an active attack appeared first on CyberScoop.
Continue reading Cyber Command’s latest VirusTotal upload has been linked to an active attack
ESET, a global leader in cybersecurity, announced it has partnered with Chronicle, an Alphabet company, to provide essential validation on security incidents and alerts within Backstory, Chronicle’s global cloud service where companies can privately up… Continue reading ESET and Chronicle provide validation on security incidents and alerts within Backstory
Flame, the nation-state-developed malware kit that targeted computers in Iran, went quiet after researchers exposed it in 2012. The attackers tried to hide their tracks by scrubbing servers used to talk to infected computers. Some thought they had seen the last of the potent malware platform. Flame’s disappearance “never sat right with us,” said Juan Andres Guerrero-Saade and Silas Cutler, researchers with Alphabet’s Chronicle. On Tuesday at the Kaspersky Security Analyst Summit in Singapore, they showed that Flame hadn’t died, it had just been reconfigured. Tracing early components of Flame, Guerrero-Saade and Cutler found a new version of it that was likely used between 2014 and 2016. Flame 2.0 is “clearly built” from the original source code, but it has new measures aimed at eluding researchers, they wrote in a paper. The discovery shows how good source code dies hard, and that tracking its evolution can be a very long game […]
The post Nation-state hacking kit ‘Flame’ had a second life, researchers say appeared first on CyberScoop.
Continue reading Nation-state hacking kit ‘Flame’ had a second life, researchers say