Carbon Black – Computer Security Articles

Caution: Misuse of security tools can turn against you

July 11, 2019 admin automation, Carbon Black, data leaks, EDR platforms, exes, infosec, opsec, plugins, remediation and prevention, Researcher's corner, rules-based segmentation, security solutions, Security Tools, virustotal, VT

Credit to Author: Vasilios Hioureas| Date: Thu, 11 Jul 2019 17:34:57 +0000

If not implemented correctly, the very security tools we use to keep our information private may actually cause data leaks themselves. We outline a few cases and provide suggestions for researchers and security admins.

Categories:

Researcher’s corner

Tags: automation Carbon Black data leaks EDR platforms exes infosec opsec plugins remediation and prevention rules-based segmentation security solutions security tools virustotal VT

Independent Krebs

Dell Lost Control of Key Customer Support Domain for a Month in 2017

October 24, 2017 admin Abuse.ch, Carbon Black, Celedonio Albarran, Chris Baker, Dell, Dell Backup and Recovery Application, dell service tag scams, Dellbackupandrecoverycloudstorage.com, digital river, Dmitrii Vassilev, Dyn, Ellen Murphy, Equifax, Equity Residential, Fireclick, Other, parkingcrew, Rapid7, SoftThinks.com, Team Internet, Trans Union

Credit to Author: BrianKrebs| Date: Wed, 25 Oct 2017 03:22:34 +0000

A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all Dell computers called “Dell Backup and Recovery Application.” It’s designed to help customers restore their data and computers to their pristine, factory default state should a problem occur with the device. That backup and recovery program periodically checks a rather catchy domain name — DellBackupandRecoveryCloudStorage.com — which until recently was central to PC maker Dell’s customer data backup, recovery and cloud storage solutions. Sometime this summer, DellBackupandRecoveryCloudStorage.com was suddenly snatched away from a longtime Dell contractor for a month and exposed to some questionable content. More worryingly, there are signs the domain may have been pushing malware before Dell’s contractor regained control over it.

Independent Krebs

Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight

August 18, 2017 admin Amazon Macie, Carbon Black, DirectDefense, Mike Viscuso, Other, Spotify, virustotal

Credit to Author: BrianKrebs| Date: Fri, 18 Aug 2017 17:38:57 +0000

Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary from customers who use it. Carbon Black responded that the bug identified by its competitor was a feature, and that customers were amply cautioned in advance about the potential privacy risks of using the feature. Now Carbon Black is warning that an internal review has revealed a wholly separate bug in Cb Response that could in fact result in certain customers unintentionally sharing sensitive files.

Independent Krebs

Beware of Security by Press Release

August 10, 2017 admin Adrian Sanabria, Carbon Black, Cb Response, Cylance, DirectDefense, Leslie Carhart, Other

Credit to Author: BrianKrebs| Date: Thu, 10 Aug 2017 15:40:30 +0000

On Wednesday, the security industry once again witnessed an all-too-familiar cycle: I call it “Security by press release.” It goes a bit like this: A security firm releases a report claiming to have unearthed a major flaw in a competitor’s product; members of the trade press uncritically republish the claims without adding much clarity or waiting for responses from the affected vendor; blindsided vendor responds in a blog post showing how the issue is considerably less dire than originally claimed. At issue are claims made by Denver-based security company DirectDefense, which published a report this week warning that Cb Response — a suite of security tools sold by competitor Carbon Black (formerly Bit9) — was leaking potentially sensitive and proprietary data from customers who use its product.