Select Category:


SentinelOne Discovers a New Delivery Tactic for BlackEnergy 3

Read more →

We’ve recently detected a new distribution mechanism for BlackEnergy 3 that’s actively in use today affecting SCADA systems across Europe. BlackEnergy of course has been in existence since 2007, and has evolved significantly into a complete rootkit that can perform data exfiltration and network sniffing, among other tasks....


XRTN: More batch script-based Ransomware

Read more →

A few weeks ago reports emerged about victims being attacked by a new ransomware variant called XRTN. What’s interesting in this case, is that XRTN uses a “pure” batch script as the actual payload that is responsible for filesystem encryption, presumably to bypass anti-virus (AV) solutions. Until now, binary files were the mainstream method for...


Reversing Apple’s syslogd bug

Read more →

Two days ago El Capitan 10.11.3 was released together with security updates for Yosemite and Mavericks. The bulletin available here describes nine security issues, most of them related to kernel or IOKit drivers. The last security issue is about a memory corruption issue on syslog that could lead to arbitratry code execution with root privileges....


Vulnerability in Blackphone Puts Devices at Risk for Takeover

Read more →

Modem Flaw Exposes Encrypted Device to Hacking The Blackphone is generally considered the most secure smartphone available today. Unfortunately, no matter how secure a system is designed to be, it remains vulnerable to security flaws. We recently discovered a vulnerability that could allow an attacker to remotely control the phone’s modem functions. Developed by SGP...


Interview with SentinelOne Co-Founder and CEO

Read more →

Nick Normille, Analyst at JMI Equity, conducted an interview with our very own SentinelOne co-founder/CEO Tomer Weingarten on the state of endpoint protection. This excerpt was published this week in Nick’s newsletter. Take a look…———–There are a lot of interesting things happening in endpoint security nowadays and I’ve been fascinated with the progression of the space. Antivirus products....


The curious case of Gh0st RAT

Read more →

What happened? I’ve recently come across a sample of Gh0st RAT that our agent failed to catch. This wasn’t alarming news. Usually, the reason for this is that the sample doesn’t work. It’s missing some resource that was to be installed alongside it by the dropper, or it fails to connect to its long-dead C2....


Breaking and evading Linux with a new novel technique

Read more →

The focus of any malware research is on anticipating where an attack may go, or where it’s already been in order to develop and implement new prevention techniques. While reverse engineering some recent Linux malware samples, I found an interesting and novel technique being used that’s important to share with the broader community. A malicious....


Utilities Company Chooses SentinelOne to Safeguard Devices

Read more →

When was the last time you thought about your utilities company? Maybe a power outage? A water cutback notification? Utilities companies are challenged to deliver critical consumer services while under global pressure to conserve resources. IoT has benefitted utilities companies to help meet these demands with intelligent meters and grids, delivering better operational processes and...


Does Your Law Firm Need Locks or a Security Guard?

Read more →

It’s time to mature our endpoint security focus! With the rapid increase of ransomware, spyware and other aggressive and creative ways of destruction, Innovative Computing Systems is focused on ways to support our clients by increasing layers of protection across the network. Historically, anti-virus vendors have focused on matching signatures at endpoints to stop the....


The 7 ‘Most Common’ RATS In Use Today

Read more →

Sniffing out RATS — remote access Trojans — is a challenge for even the most hardened cyber defender. Here’s a guide to help you in the hunt. Earlier this month, the Office of Personnel Management reported that 21.5 million Americans had their social security numbers and other sensitive data stolen in the second breach to........


CryptoWall – Capturing The Threat

Read more →

Background Cryptowall is an aggressive form of malware designed to infect a computer and steal its data. Once Cryptowall infects a computer, attackers steal the data and lock it behind an encryption wall. To unlock the data, victims are forced to pay a ransom fee. Various forms of Cryptowall exist; in this blog post we.......


Get Ready for Complete AV Replacement

Read more →

They said it couldn’t be done. When we started SentinelOne people told us we were crazy… Targeting the antivirus vendors? Developing a completely new technology to replace existing antivirus suites? Disrupting a space that hadn’t experienced any significant innovation in 20 years? That definitely sounds crazy. But we’ve done it and now it’s official. We’ve.....


The First AV-TEST Certified Enterprise Anti-Virus Replacement and Next Generation Endpoint Protection Platform IS HERE

Read more →

AV-TEST, a leading independent anti-virus research institute, has awarded SentinelOne EPP the Approved Corporate Endpoint Protection certification. The certification validates SentinelOne EPP for its effectiveness in detecting both advanced malware and blocking known threats. SentinelOne EPP is the first and only AV-TEST certified next generation endpoint security solution that combines prevention, detection, mitigation, remediation, and......


Reversing Prince Harming’s kiss of death

Read more →

The suspend/resume vulnerability disclosed a few weeks ago (named Prince Harming by Katie Moussouris) turned out to be a zero day. While (I believe) its real world impact is small, it is nonetheless a critical vulnerability. It must be noticed that firmware issues are not Apple exclusive. For example, Gigabyte ships their UEFI with the.......


What is Next Generation Endpoint Protection?

Read more →

By now you have probably heard the term “Next Generation Endpoint Protection. A slew of companies, startups and incumbents alike use the term to describe some of their offerings. But what does it actually mean? What are the capabilities you should look for in a Next Generation Endpoint Protection Platform? What makes it “next generation”?.....

sentinelone malware

Turning the Tables on “Rombertik” Reveals the Story Behind the Threat

Read more →

A malware variant named “Rombertik” recently made headlines for its ability to wipe the Master Boot Record (MBR) of a machine if it detected the presence of analysis or debugging functions. For example, Rombertik can detect system strings that contain “malwar,” “sampl,” “viru,” and “sandb,” – all commonly used strings by malware researchers and online....


Understanding “Kjw0rm” Malware – We Dive in to the TV5 Cyber Attack

Read more →

Pro-Islamic state hackers conducted an attack against “TV5Monde” TV station in France, news sources report that the Islamic hacktivist were apparently unhappy about the TV station that covered the recent events in Paris. TV5Monde’s “defaced” twitter account. Sources report that the attack chain was a social engineering phishing via social networks that was followed by exploitation of......


How to Protect Against Latest OSX Pw2Own Vulnerabilities – SentinelOne Anti-Exploitation

Read more →

At this year’s CanSecWest security conference, a researcher demonstrated how Apple’s OS X is vulnerable to a software hack in which applications load infected shared software libraries. Applications use dynamic linked libraries, or DLLs, as software repositories. Apple’s OS X can be compromised by a DLL hijack, which tricks Apple’s operating system loader into verifying......


Anatomy of CryptoWall 3.0 – a look inside ransomware’s tactics

Read more →

Background CryptoWall is a new and highly destructive variant of ransomware. Ransomware is malicious software (malware) that infects your computer and holds hostage something of value to you in exchange for money. Older ransomware used to block access to computers. Newer ransomware, such as CryptoWall, takes your data hostage. With CryptoWall, thieves use asymmetric encryption..........


OSX.IronCore.A or what we know about OSX.FlashImitator.A

Read more →

On December 12th, Apple updated XProtect, OS X’s built-in malware detection tool, to include a signature for OSX.FlashImitator.A. We analyzed the matched file and found even more samples. For some time now, OS X has been the target of Download Valley companies such as Genieo Innovation and Conduit, until Apple published an adware removal guide. This....


How Technically Accurate is Blackhat the Movie?

Read more →

This weekend Michael Mann’s latest movie Blackhat, starring Chris Hemsworth, Tang Wei, Viola Davis, Holt McCallany, and Wang Leehom, was released. Given the high profile mainstream media coverage of attacks and data breaches over the past few years, it’s not surprising that Hollywood is capitalizing on cyber-crime trends. We were curious about how accurately the.....


The Truth About Whitelisting

Read more →

In recent years, security products utilizing application whitelisting have gained popularity as a cost-effective alternative for fighting malware and advanced persistent threats. In this first in a series of posts about whitelisting, we will discuss the limitations of relying on whitelisting for combatting both common threats and APTs. First generation whitelisting mechanisms were introduced by....


2015 Predictions Report: Hostage-Ware, OS X, Power Grids and More

Read more →

Based on our predictive execution inspection technology, which monitors every process on machines it protects, we have unique visibility into advanced attacks. For example, earlier this year our researchers discovered and reported on government grade attack code being used to make ransomware invisible. As a result, we are regularly called upon by law enforcement and....


WireLurker Malware Targets iPhone and Mac

Read more →

The news last week that malware had infected Apple phones and computers in China sent a shiver down the spine of Mac and iPhone users everywhere. The malware, called WireLurker, targets Apple mobile and desktop devices to steal personal information. So far, the campaign has only affected users in China, but it illustrates the new....


Unpatched Vulnerabilities Leave Apple Users at Risk

Read more →

Apple has a long-standing reputation for silence when it comes to security. Whether it’s OS X or iOS, details around vulnerabilities, security patches and malware attacks are often obscured. This has led leading researchers and security vendors to reference the notorious idiom“security through obscurity” to describe Apple’s approach to threats. Whether this approach is effective or not, is up for...


Sandworm Demonstrates Why Patches aren’t Foolproof

Read more →

Last week the security community was scrambling to update new AV signatures while continuing to patch systems against new variants of the “Sandworm” malware, which attacks Windows systems using a zero-day flaw that can enable attackers to take complete control of an infected system. The vulnerability used by Sandworm resides in a Windows component called....


Is Zero Day Java Exploit Detection Possible?

Read more →

Java is an expansive, ubiquitous, platform agnostic infrastructure for delivering remote code to endpoint computers. That makes it a perfect malware distribution pipeline. It enables malware authors to take advantage of Java exploits to infect computers on a global scale. To make matters worse, security updates are not installed automatically when the Java updater launches....


More Embedded Systems Havoc: ATM Hacks Target Endpoints Once Again

Read more →

Recently, reports surfaced about new malware being used to hack ATM machines across the globe. The program, named Backdoor.MSIL.Tyupkin, creates a backdoor that bypasses the ATM’s security system and forces it to dispense cash. Though the hacks are primarily taking place in Russia and Europe, reports from the U.S., China, India, and Israel have also...


Why Anti-Exploitation Only Solves Part of the Endpoint Security Problem

Read more →

In July Microsoft introduced an updated version of its Enhanced Mitigation Experience Toolkit (EMET), designed to protect against malicious and targeted attacks on its software. EMET aims to prevent software vulnerabilities from being successfully exploited. The most recent version employs Return-Oriented Programming protections (ROP), Export Address Filter (EAF) and EAF+ security, and Attack Surface Reduction....


Internet Explorer Vulnerability Kept Secret For Three Years

Read more →

Security vulnerability research companies search for vulnerable applications and disclose their findings to application vendors, governmental agencies, and operating system vendors. Often this information costs a substantial fee. For example, vulnerable code found inside a browser, such as Internet Explorer or Chrome, can cost thousands of dollars. Agencies around the world typically pay high amounts of money in....

case of the Gyges, the invisible Malware

The case of the Gyges, the invisible Malware

Read more →

Government-Grade now in the Hands of Cybercriminals In March 2014, the Sentinel Labs Research Lab detected a sophisticated piece of malware dubbed Gyges that is virtually invisible and capable of operating undetected for long periods of time. We first detected Gyges with our heuristic sensors and then our reverse engineering task force performed an...