The purpose of this white paper is to help users understand how CrowdStrike ® uses ML to protect endpoints. To get there, we must first clarify what ML is and how it works. Then we will describe how Crowdstrike implements ML, specifically in the area of malware detection. Finally, we will discuss the benefits and limitations of applying ML in cybersecurity. In the end, the reader will get a better understanding of ML and how — when used correctly — it can help defend against cyber threats.

This report discusses a key issue in a Malware-centric defense approach; it will leave you vulnerable to attacks that don’t leverage malware. Read on to learn more.

Carbon Black adapts key sections from the SANS Buyer’s Guide for Endpoint Security and provides assistance for helping you assess your options.

This report from July of 2018 discusses China, Russia & North Korea Launching Sophisticated Espionage-Focused Cyberattacks.

From the report, “IT security leaders know their companies’ endpoints, PCs, and servers are continuously targeted by hackers. They also agree following best practices in endpoint security hygiene is instrumental in reducing cyber incidents. However, our 2017 survey of IT security leaders points to a situation where most are concerned about their actual practices in endpoint security hygiene. Fortunately, most also acknowledge they need to improve. When it comes to identifying their top priorities, IT security leaders are clear: they want to reduce the frequency and severity of data breaches; streamline regulatory compliance; and maintain business continuity. When it comes to identifying and executing upon the security hygiene best practices required to deliver on these priorities, things begin to get murky. Our 2017 survey of IT security leaders reveals a situation in which most respondents express concern about their security hygiene practices and waning confidence in the ability of existing tools to help them improve. Read on for more about what we learned, plus five recommended action items you can take today to address these issues.”

This report is part of a larger developing series, the aim of which is to apply a different approach to threat intelligence to identify a new threat actor and its previously unknown espionage campaigns; it also aims to link together campaigns that were assumed to be unrelated, or which were falsely attributed to other groups. We call this new project — and threat actor — The White Company in acknowledgement of the many elaborate measures the organization takes to whitewash all signs of its activity and evade attribution. The White Company consists of three reports. The first report tells the story of the overall campaign and presents forensic findings in a manner suitable for a general audience, including analyses of the technical and geopolitical considerations that enable readers to draw conclusions about the threat actors and understand the campaign in context. Two additional technical reports follow: One is focused on The White Company’s exploits, the other on its malware and infrastructure.

SE Labs tested a product from Cylance and sought to discover its weaknesses.

This report details a new Cylance survey of iTnews readers and provides insight into the state of endpoint security.

In this whitepaper they cover the different defense technologies used over time, how different attacks vectors influenced this evolution, how the industry adopted different approaches over time, and why the prevention approach has returned and why it matters.

This paper discusses one possible avenue for improving EDR which is the broader adoption of machine learning techniques.

This paper exerts that there exists very little data on whether companies are winning the war against cyber crime. It seeks to answer several questions with this survey of 270 IT security professionals in North America.

This guide is designed to help enterprises endpoint security solutions.

In this edition, we highlight the notable investigative research and trends in threats statistics gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q2 of 2018. Cybercriminals continue to follow the money. Although this statement is familiar, our latest Threats Report clearly shows the migration from certain older attacks to new threat vectors as they become more profitable. Just as in Q1, we see the popularity of cryptocurrency mining continue to rise. In this report we detail recent findings from three McAfee Labs analyses that appeared in Q2. You can read summaries of each on pages 5-7. One area of investigation by our research teams is in digital assistants. In Q2 we analyzed a vulnerability in Microsoft’s Cortana. This flaw allowed an attacker to log into a locked Windows device and execute code. Following our vulnerability disclosure policy, we communicated our findings to Microsoft; the analysis resulted in CVE-2018-8140. We also examined the world of cryptocurrency attacks with an in-depth view of blockchain technology. Our report detailed many of the vulnerabilities being exploited by threat actors looking for a quick return on their investment.

This paper outlines the results of the DomainTools second annual Cybersecurity Report Card Survey. More than 500 security professionals from companies ranging in size, industry and geography were surveyed about their security posture and asked to grade the overall health of their programs.

The purpose of this document is to briefly describe the features of Necurs malware. During the analysis, we have been able to identify the different “features” and “capabilities” of the Necurs malware.

This white paper examines challenges for healthcare organizations and presents how the key to effective endpoint and server protection lies in the ability to dynamically analyze behavior in order to recognize malicious software by its actions, not its appearance. Intelligent response at machine speed is required to prevent, contain and mitigate potential threats. Success in this mission results in a major benefit for providers and payers: the ability to keep IT systems operation so medical and non-medical personnel can stay focused on patient care.

Ponemon Institute is pleased to present the results of The 2018 State of Cybersecurity in Small and Medium Size Businesses sponsored by Keeper Security. The goal of this study is to track how small and medium size companies address the same threats faced by larger companies. This report features the findings from 2018 and 2017.

Everything you wanted to know about log management but were afraid to ask.

This report provides a “data-driven analysis of vulnerabilities in our industrial and critical infrastructure.”

Palo Alto Networks Unit 42 has identified a series of phishing emails containing updated versions of the previously discussed CMSTAR malware family targeting various government entities in the country of Belarus. We first reported on CMSTAR in spear phishing attacks in spring of 2015 and later in 2016. In this latest campaign, we observed a total of 20 unique emails between June and August of this year that included two new variants of the CMSTAR Downloader. We also discovered two previously unknown payloads. These payloads contained backdoors that we have named BYEBY and PYLOT respectively.

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013.