Anomali Blog

Weekly Threat Briefing

WTB: MuddyWater Expands Operations

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Drupal, FruityArmor, Gallmaker, KeyBoy, Magecart, Panda Banker, Phishing, Remote access tool, and Vulnerabilities. The IOCs related to these...
Read More


Research

Estimated 35 Million Voter Records For Sale on Popular Hacking Forum

Anomali Labs researchers in close partnership with Intel 471, a leading cybercrime intelligence provider, have uncovered a widespread unauthorized information disclosure of US voter registration databases. To be clear, this voter information is made generally available to the public for legitimate uses. Anomali and Intel 471 researchers discovered dark web communications offering...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

UBF-Tasharuk: One year on…

September 2018 marked the one-year anniversary of the UBF-Tasharuk, an Information Sharing and Analysis Centre (ISAC) formed by the UAE Banks Federation (UBF), the representative body of the banking industry in the United Arab Emirates (UAE), powered by the Anomali Threat Platform. Initial membership consisted of 13 UAE-based banks partnering to equip...
Read More


Weekly Threat Briefing

WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft

The intelligence in this week’s iteration discuss the following threats: APT38, Botnet, Data breach, Exploit kit, FIN7, Lazarus, Malware builder, Pegasus spyware, Spear phishing, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

Anomali Joins the Cybersecurity Tech Accord

Last week Anomali was accepted into the Cybersecurity Tech Accord, a community of organizations committed to “improve cyberspace’s resilience against malicious activities, and reaffirm as a group, their pledge to empower users, developers and customers to better protect themselves.”The Tech Accord was formed in early 2018,...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Cobalt Threat Group Serves Up SpicyOmelette Fresh Bank Attacks

The intelligence in this week’s iteration discuss the following threats: APT28, Botnet, Cobalt Group, Data Breach, DDoS, Ransomware, Vulnerabilities, and Zero day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious...
Read More


Cyber Threat Intelligence

Detect ‘18 - Who’d ya call? Threatbusters!

And that’s a wrap! Thank you to all the speakers, sponsors, and attendees who joined us at Detect ‘18! This year we were fortunate to have some incredible keynote speakers, including:General Colin L. Powell, USA (Ret.) Eric O’Neill, General Counsel and Investigator Hugh Njemanze, Chief...
Read More


Weekly Threat Briefing

WTB: Adwind Trojan Circumvents Antivirus Software To Infect Your PC

The intelligence in this week’s iteration discuss the following threats: Credit card theft, DDoS, Phishing, Ransomware, Trojan, Vulnerabilities, and Web cache poisoning. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Anomali Enterprise Cyber Threat Intelligence Threat Intelligence Platform

Anomali Announces New Threat Platform and SDKs at Detect ‘18

Detect ‘18 began this year with keynote addresses from Hugh Njemanze and General Colin L. Powell, USA (Ret.). Anomali announced in their keynote the launch of a new Threat Platform and developer SDKs. The Anomali Threat Platform delivers a comprehensive threat detection, analysis, and response suite and is comprised of...
Read More


Weekly Threat Briefing

WTB: Windows Systems Vulnerable To FragmentSmack, 90s-Like DoS Bug

The intelligence in this week’s iteration discuss the following threats: APT10, APT34, BEC campaign. BOUNDUPDATER, Data breach, PyLocky and Spear Phishing. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending...
Read More


Cyber Threat Intelligence Malware Research

Evaluating the Threatscape One Year After NotPetya Ransomware Attack

The NotPetya cyber-attack occurred a little over a month after WannaCry, targeting Ukrainian organisations.The attack was initiated utilising a corrupted update for an accounting and tax software that was almost exclusively used throughout every organisation, private and public, in the country. The malware employed the same SMB exploit that...
Read More


Weekly Threat Briefing

WTB: Apple Removes Top Security Tool for Secretly Stealing Data

The intelligence in this week’s iteration discuss the following threats: APT, Data theft, Banking trojan, Malicious applications, Phishing, Social engineering, Targeted attacks, Threat group, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More


Threat Intelligence Platform

Go with the Flow of Intelligence-Driven Security Operations

One of the recent trends I’ve encountered for security operations teams is to design a more intelligence-driven SOC, where existing threat intelligence investments are leveraged to assume a more proactive security posture. More and more frequently, this trend is now a requirement.This requirement may be expressed in...
Read More


Weekly Threat Briefing

WTB: Remote Mac Exploitation Via Custom URL Schemes

The intelligence in this week’s iteration discuss the following threats: Anonymous, Apache Struts vulnerability, BusyGasper, Cobalt Gang, DarkComet, DDoS, Loki Bot, Spear phishing, and WINDSHIFT APT. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More


Weekly Threat Briefing

WTB: Weak Passwords Let a Hacker Access Internal Sprint Staff Portal

The intelligence in this week’s iteration discuss the following threats: APT, Backdoor, Cyberespionage, Data breach, Data leak, Ransomware, Spearphishing, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Cyber Threat Intelligence Research

Anomali Labs Research Shows Email-Based Attacks Continue to Threaten Election Security

The Anomali Labs team today published research on the potential for email-based attacks against election infrastructure. The new report, “Can Lightning Strike the US Elections Twice?: Email Spoofing Threat to the 2018 US Midterm Elections,” reveals that most US states have vulnerabilities that would allow email spoofing...
Read More


Cyber Threat Intelligence Research

What the US-Turkey Escalation Means for Cybersecurity

The recent escalation in US-Turkish political relations has important implications and will likely result in cybersecurity responses. The Anomali Labs research team has published a report providing an overview of the crisis, the key players involved, and analysis of potential cybersecurity reactions.The political tension between the US and Turkey...
Read More


Weekly Threat Briefing

WTB: JavaScript Web Apps And Servers Vulnerable To ReDoS Attacks

The intelligence in this week’s iteration discuss the following threats: APT, Credential theft, Cyberespionage, Malspam, Phishing, Ransomware, Remote access trojan, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More


Cyber Threat Intelligence Malware Research Threat Intelligence Platform

Analyzing WannaCry a Year After the Ransomware Attack

The cyber-attack known as WannaCry first broke out in May of 2017 and was unprecedented in its scope and impact. It utilized a Microsoft Windows vulnerability that was leaked by a cyber threat group, the Shadow Brokers, and despite Microsoft releasing a patch for the vulnerability, many organizations failed to apply...
Read More


Weekly Threat Briefing

WTB: Vulnerabilities In mPOS Devices Could Lead To Fraud And Theft

The intelligence in this week’s iteration discuss the following threats: Backdoor, Banking trojan, Cryptominer, Data breach, Malvertising, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity....
Read More


Get the latest threat intelligence news in your email.