Feed aggregator

Magic Hound Sniffs Out Trouble

ThreatSTOP - Tue, 02/28/2017 - 17:51


Magic Hound, as dubbed by researchers at Palo Alto Networks, is a targeted espionage campaign against Saudi Arabian government, energy and technology industries. The campaign utilized a common phishing tactic, embedding macros into Word and Excel documents. If the victim enabled macros on the document, Powershell scripts downloaded additional malware onto their computer, such as the open-source Python RAT, Pupy.

Highlights, Trends & Predictions from RSA 2017

ThreatSTOP - Thu, 02/23/2017 - 19:03

We’re back!

It was a fun, productive week in San Francisco exhibiting and chatting with attendees about our product suite, including the soon-to-be ThreatSTOP family member, Roaming Endpoint.



ThreatSTOP at RSA 2017

ThreatSTOP - Thu, 02/16/2017 - 16:38

Hello again, San Francisco! We can’t believe it’s already the third day of RSA, but we’ve had a great time exhibiting and talking to attendees and partners about our newest product, Roaming Endpoint. (And our existing products, DNS and IP Firewall Services)

Bi-weekly Security Update 2/15/2017

ThreatSTOP - Wed, 02/15/2017 - 22:00

Malicious content identified and inserted:

  • IPs – 1318
  • Domains – 323

Target list content updated:

  • TSCritical
  • TSRansomware
  • TSPhishing
  • TSBanking

ThreatSTOP Launches New Roaming DNS Protection Service at RSA

ThreatSTOP - Tue, 02/14/2017 - 19:51

The Cyber Security Start Up’s Answer to Roaming Security

CARLSBAD, CA: Feb 8, 2017:  Cyber security company ThreatSTOP announced today a Cloud-based offering that quickly detects and automatically blocks DNS attacks on laptops outside a secured company network, without using external 3rd party DNS servers or requiring a VPN connection. This new SaaS offering, Roaming Endpoint, is ThreatSTOP’s answer to a growing mobile workforce, protecting devices when they leave the corporate network, anywhere and anytime.

Locky Back in Action

ThreatSTOP - Thu, 02/09/2017 - 17:43

Locky, the infamous ransomware plaguing computers worldwide since it was first seen early last year, has recently made a comeback after a severe drop in activity over the holiday season. The Necurs botnet, which is Locky's primary distributor, was offline for the final weeks of 2016, equating to an 81% decrease in the number of Locky attacks.

CryptXXX Ransomware Spread Through SoakSoak Botnet: Two Big Actors As One

ThreatSTOP - Tue, 01/31/2017 - 20:55

CryptXXX and SoakSoak are huge threats individually.