Anomali Blog

Anomali Blog

Cyber Threat Intelligence

Data Breach Costs: Scare Tactic No More

We now know more than we’ve ever known about the true cost of a data breach. In addition to survey-based research, costs are discussed openly in quarterly reporting calls, made available via court documents, reported in the news, and apparent in stock values. The available information has taught...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Slack Bug Allows Remote File Hijacking, Malware Injection

The intelligence in this week’s iteration discuss the following threats: Data theft, Banking malware, Magecart, RCE, Threat group, targeted attacks, Website compromise, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Top-Tier Russian Hacking Collective Claims Breaches of Three Major Anti-Virus Companies

The intelligence in this week’s iteration discuss the following threats: FIN7, Gandcrab,Hidden Cobra, Rootkits, and Turla. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending ThreatsTop-Tier Russian Hacking...
Read More


Everything You Need to Know to Become a Guardian of the Cyberverse!

Join Us at Detect ‘19 the Threat Intelligence Event of the YearDetect '19 is the single largest conference dedicated to threat intelligence. We will be bringing together enterprise organizations and government agencies under one roof to learn about and discuss threat intelligence best practices and the ever-changing landscape of...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: 50,000 Enterprise Firms Running SAP Software Vulnerable to Attack

The intelligence in this week’s iteration discuss the following threats: APT, Backdoor, BEC, Data breach, Data leak, Malspam, Malvertisements, Phishing, Ransomware, targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your...
Read More


Threat Intelligence Platform

Tracking Your Adversary with a Threat Intelligence Platform

Anomali’s slogan is “Tracking The Adversary,” or as I like to say it, “Tracking Your Adversary.” Many of my prospects and customers ask me, “How does your platform help me to track my adversaries?” My response is that it takes a lot...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Contract Management Company Evisort Accidentally Exposed Sensitive Documents Publicly

The intelligence in this week's iteration discuss the following threats: AZORult, Backdoor, Data breach, Malware, Phishing, Supply Chain, Targeted attacks, Trojans, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Research

WorrisomeWiki: Is Collaboration Leaving You Exposed to Cyberattacks?

Weighing the Benefits of Project Management Applications Against the RiskDisclaimer: With the sensitive information possibly being leaked by a number of entities and it being hard to discern those intended to be open as opposed to those intended to be private. Anomali has contacted Atlassian to work with and...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Watch Out for Game of Thrones Phishing Scams As The Final Season Arrives

The intelligence in this week’s iteration discuss the following threats: Brute force, Data breach, Data theft, Phishing, Personally Identifiable Information, Ransomware, Threat group, Vulnerabilities, and Zero-day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More


Cyber Threat Intelligence

Mind the Threat Intelligence Gap With a Strong Cybersecurity Strategy

85% say Threat Intelligence is important for a strong security posture but 41% say they have not made progress in the effectiveness of Threat Intelligence data. This comes from a recent 2019 study carried out by the Ponemon institute with over 1000 IT Security Practitioners in North America and the U.K.The difference...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support

The intelligence in this week’s iteration discuss the following threats: APT, APT platform, Banking trojan, Botnet, Malspam, Phishing, Spear phishing, Targeted attacks, Vulnerabilities, and Zero day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your...
Read More


Cyber Threat Intelligence

Level Up Your SOC - Focus On People, Process, and Technology

IntroductionA Security Operations Center (SOC) is an organized and highly skilled team whose mission is to continuously monitor and improve an organization’s cybersecurity posture while preventing, detecting, analysing and responding to security incidents with the aid of technology and well-defined processes and procedures. The success of your...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Cybercriminals Spoof Major Accounting and Payroll Firms in Tax Season Malware Campaigns

The intelligence in this week’s iteration discuss the following threats: Backdoor, FIN6, LockerGoga, MageCart, Malicious applications, Malspam, Phishing, Ransomware, Ryuk, Trickbot, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Threat Intelligence Platform

Unlock Your Threat Data with the Enrichment SDK

A few months back, Anomali released a set of SDKs that greatly expanded our ability to deliver content within the platform, and with integrated systems. One of those SDKs – focusing on enrichments – was introduced to provide a straightforward means for adding contextual information.In the threat intel world,...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Planet Hollywood Owner Suffers Major POS Data Breach

The intelligence in this weekís iteration discuss the following threats: Cryptocurrency, Data breach, Elfin, Emotet, Gustuff, Lazarus, Magento, Malware, Misconfigured databases, Ransomware, Trojans, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Russian State Hackers Phish Euro Governments Ahead of Elections

The intelligence in this weekís iteration discuss the following threats: APT28, APT32, Cryptominer, FIN7, IoT, MageCart, Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Cyber Threat Intelligence

Anomali Joins No More Ransom Partnership Ecosystem

On the 25th of March, Anomali is proud to announce a supporting partnership with No More Ransom (NMR). Anomali innovates intelligence-driven solutions that address cyber security challenges to achieve a more secure world. NMR is a non-commercial public-private initiative launched in July 2016 which created a common portal containing relevant information...
Read More


Research

“Bad Tidings” Phishing Campaign Impersonates Saudi Government Agencies and a Saudi Financial Institution

Executive SummaryIn January 2019, researchers from Anomali Labs and Saudi Telecom Company (STC) observed a spike in phishing websites impersonating the Saudi Arabian Ministry of Interior’s e-Service portal known as “Absher”. Further analysis uncovered a broader phishing campaign targeting four different Kingdom of Saudi Arabia government...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware

The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Malspam, Malware, Phishing, Point-of-Sale, Ransomware, RAT, Supply chain, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Research

Rocke Evolves Its Arsenal With a New Malware Family Written in Golang

SummaryThe “Rocke group”, a Chinese threat actor group who specializes in cryptojacking, has shifted gears on how they’re stealing your cycles. Rocke is actively updating and pushing a new dropper using Pastebin for Command and Control (C2). Recent updates to the C2 as of March 1...
Read More


Get the latest threat intelligence news in your email.