Security

SentinelOne Releases Open Source Tool to Help Enterprises Protect from the Latest macOS Code-Signing Vulnerability

What Happened? It was published on June 12th that security firm Okta unveiled a code signing vulnerability in macOS that revolves around validation of universal/FAT binaries. An attack exploiting this vulnerability may give an attacker the ability to make an improperly or weakly signed binary look like a signed binary with a valid certificate chain whose root […]

READ MORE

SentinelOne Detects New Malicious PDF File

Documents have always been a popular attack vector. Documents, unlike executables, have been traditionally considered less suspicious and harmful. This concept made it easier for attackers using them to circumvent traditional security solutions. But, over time and with the growing scripting and macro capabilities, documents became much more similar to executables, in a sense that […]

READ MORE

SentinelOne Detects and Prevents WSL Abuse

Introduction Introduced in 2016, WSL (Windows Subsystem for Linux) allows developers to run Linux environments and command-line tools directly on Windows machines without the need to use virtualization platforms. Hence, with WSL, developers can run ELF files as they are, which obviously has many advantages. However, as described here, WSL architecture also creates a new […]

READ MORE

Ransomware Mitigation – SentinelOne’s Rollback Demo

Like every year, RSAC was a magnificent show. We had a lot of people attending the SentinelOne booth who wanted to get more familiar with our solution. We had four demo stations in the booth, in which we demonstrated real-world use-cases where SentinelOne solution is truly valuable. One of the demos was really a jaw […]

READ MORE

SentinelOne Detects and Protects from GandCrab Ransomware

GandCrab, a relatively new player at the Ransomware scene was released at the end of January and has already infected over 50,000 victims around the world.  It’s the first one to use the Dash cryptocurrency as payment (as opposed to the popular Bitcoin). GandCrab is distributed via the Rig and GrandSoft exploit kits, as well […]

READ MORE

How Deep Visibility helps you against Phishing

As of today, most of the network traffic is encrypted. This improves privacy but eliminates the option for network product to see the traffic. Google played a significant role, has pressure on websites to adopt HTTPS and recently announced Jigsaw – allowing anyone to set up and run their own ‘homebrew’ VPN. According to Google: […]

READ MORE

SentinelOne Detects and Protects from GhostMiner CryptoMiner

Crypto-miners are becoming alarmingly widespread. In fact, a new form of sophisticated miner was lately discovered. The miner, named GhostMiner, uses advanced techniques copied from the malware world. For example, it uses Windows built-in PowerShell framework to run in file-less mode. This technique is popular practice used by malware, allowing them to run completely from memory, […]

READ MORE

Samsam Ransomware hits City of Atlanta IT Systems

Samsam ransomware used in targeted attacks was first seen around 2016 and it’s set its sights on the healthcare industry. Typical ransomware victims are infected by clicking on a malicious link, opening an email attachment, or through malvertising. Samsam is unique because it infects servers directly using a vulnerability in Red Hat’s JBoss enterprise products. Hackers […]

READ MORE

SentinelOne Prevents Dofoil Trojan, Even when offline

It was published recently that a malware campaign tried to infect 400,000 users in 12 hours on March 6, 2018. The malware is a variant of Dofoil, carrying a cryptocurrency miner. It usually comes to the infected machine through malicious spam email with a DOC or ZIP file attachment. It then connects to the C&C […]

READ MORE