ThreatSTOP

Subscribe to ThreatSTOP feed
Updated: 1 hour 24 min ago

New Botnet Targets and more

Thu, 06/08/2017 - 14:12

 

ThreatSTOP's Security team is adding multiple new cybercrime threat trackers to our expert and standard lists. These lists will better help our customers against various sources of cybercrime. 

Darktrack on Track to Success

Wed, 06/07/2017 - 21:26

Darktrack received some publicity in late 2016 for being a free Remote Access Trojan (RAT) that was comparable to some of the top commercially available RATs. Darktrack has the ability to access a victim's webcam, microphone, files, and passwords. It can also execute commands on infected machines, and make infected computers participate in DDoS attacks.

Irena Damsky Speaking About WannaCry at M3AAWG's 40th General Meeting

Wed, 06/07/2017 - 00:04

Come see our Sr. Director of Security Research, Irena Damsky, break down WannaCry's timeline and give an overview of what happened at M3AAWG's 40th General Meeting on Tuesday, June 13th, 17:30 - 18:30, in Lisbon, Portugal.

 

The Agile Mole

Mon, 06/05/2017 - 19:40

Ransomware, to this day, is one of the major threats to individual users seen on a daily basis in the form of Malspam. Recently, researcher Brad Duncan published to malware-traffic-analysis.net a report on a piece of Ransomware called Mole. Distributed by Malspam that spoofs United States Postal Service (USPS) status updates, the malware gains privilege escalation and encrypts user data.

Under the Hood: How ThreatSTOP Protects Against WannaCry

Wed, 05/31/2017 - 20:29

 

One of the key features of the ThreatSTOP platform is the ability to tailor a security policy to meet specific operational objectives. In a broad sense, this is done by selecting the policy components, such as botnets or banking Trojans, but another powerful tool is the application of User Defined Lists (UDLs) to the customer security policy. Using UDLs, our customers can use ThreatSTOP DNS Firewall to identify machines infected by Wannacry ransomware that are latent because of the accessibility of the “kill switch” domains.

OilRig: Another Attack Wave Hits

Tue, 05/30/2017 - 20:58

Another attack wave directed at Israeli Organizations was reported by Morphisec and Palo Alto Networks on April 27th. OilRig was initially discovered in May 2016, after two attack waves targeting financial institutions and technology organizations in Saudi Arabia were detected. OilRig is attributed to an Iranian APT cyber group, its namesake stemming from the Farsi word "Nafti," (Oily) also hardcoded into a number of analyzed malware samples discovered in 2016.

SambaCry Vulnerability Announced, Patches Released

Fri, 05/26/2017 - 22:09

On 26, May 2017 Samba.org in cooperation with SerNet released a security advisory for all versions of Samba.

Bi-Weekly Security Update 5/25/17

Thu, 05/25/2017 - 20:54

Enhancing Protection Against Tor

Wed, 05/24/2017 - 16:49

 

In the past week, we decided to enhance the protection we offer via our Anonymous Networks target, and discussed the use of VPN and Tor to bypass network security. Up until today, we primarily only blocked Tor exit nodes. However, we decided that this target should not only block Exit nodes, but also Guard and Middle relays. Here, we explain how TOR works and what changes were made to the target.

Mo EK Domains, Mo Security Mo Better

Tue, 05/23/2017 - 14:11

Our Security team, working diligently to keep your data safe, has added more Exploit Kit (EK) sources to our Driveby Domains target. We are happy to announce the addition of domains from the BlackHole Exploit Kit.

ThreatSTOP Tools & Action For Visibility Fighting Ransomware & WannaCry

Wed, 05/17/2017 - 23:36

Protecting and empowering our valued customers is always a top priority at ThreatSTOP. Today, we're taking additional action to deliver better protection and greater visibility related to the WannaCry ransomware attack.

Operation Cloud Hopper Jumps Into View

Wed, 05/17/2017 - 18:08

Operation Cloud Hopper, uncovered by researchers at BAE Systems and PwC, was a cyberespionage campaign by APT10 (also known as Red Apollo and the menuPass Team) that targeted IT managed service providers (MSPs) in order to steal their clients' corporate data.

This Past Weekend Made All of Us WannaCry

Sun, 05/14/2017 - 14:38

On May 12th, an outburst of a new Ransomware named WannaCry (aka WannaCrypt, WCry) took place. This ransomware, spread wildly in a short amount of time, infected over 100K victims in over 99 countries utilizing the MS17-010 Vulnerability. The following image from the live infection map, demonstrating how big the impact of this campaign had been over the past 24 hours.

Bi-Weekly Security Update 5/11/17

Thu, 05/11/2017 - 19:39

Malicious Content Identified and Inserted:

ThreatSTOP & Reposify Partner to Stop DDoS Attacks from Infected IoT Devices & Services

Tue, 05/09/2017 - 18:54
Cyber Security Startups Combine Threat Data & Real-Time Policy Delivery Platform to Address Huge Gap in Cybersecurity.

Knock-Knock! Who’s There? ... NoTrove.

Tue, 05/09/2017 - 17:34

 

Internet-based advertising has been in wide use since the early 21st century. Its popularity grew in 2010 with the development of programmatic advertising. (Also referred to as automated advertainment) Here, you pay per ad view, which can be maliciously misused by counting machines and bots as actual viewers. Additional types of malicious use include accumulating web traffic and selling it to web traffic brokers, or engaging this traffic in semi-malicious programs like PUP. (Potentially Unwanted Programs)

Targets for Inbound Attacks & Whitelisting Major Services in Policies

Tue, 05/09/2017 - 14:54

We are happy to announce the release of a new Blacklist target for our IP Firewall service.

Use of VPN and Tor Traffic Allows Corporate Security Bypassing

Mon, 05/08/2017 - 23:47

 

We’ve all been bored at work, that’s a given. We don’t have a need to go crashing through the brush looking for our next meal and that leaves our brains with a bunch of extra cycles to spend on life in the modern world. That means our personal lives, our jobs, and what to have for lunch.

New DGA Targets for DNS Firewall Policy

Thu, 05/04/2017 - 13:20

ThreatSTOP’s Security Research Team has been busily tracking down new threat sources and compiling publicly shared data from multiple research teams. The result is our New Domain Generation Algorithm (DGA) target collection.

Bi-Weekly Security Update 4/28/17

Fri, 04/28/2017 - 19:50

Pages

Want to Learn More?

Request a free, 30-minute online walk-through of the ThreatSTOP Platform.

Request a Free Demo

Already in Prevention Mode?

Sign-up for a free, 14-day trial of the ThreatSTOP Platform.

Start a Free Trial

Prefer a Free Assessment?

Use any of our free assessment tools to better
understand your need for proactive defense.

Get a Real-time Assessment