Anomali Blog

Anomali Blog

Threat Intelligence Platform

Anomali Adds DomainTools Iris to APP Store

The DomainTools Iris App for Anomali creates tremendous value for our joint customers and amplifies the complementary values of both solutions. Customers will now benefit from the aggregation and overlay of DomainTools data with other internal and external sources in Anomali for context to determine whether or not to take...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: New Pervasive Worm Exploiting Linux Exim Server Vulnerability

Trending ThreatsThis section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: Dofloo Trojan, EternalBlue, FIN8, MuddyWater, ShellTea, and Vim Vulnerabilities. The IOCs related to these stories are attached to the...
Read More


Research

The InterPlanetary Storm: New Malware in Wild Using InterPlanetary File System’s (IPFS) p2p network

SummaryIn May 2019, a new malware was found in the wild that uses a peer-to-peer (p2p) network on top of InterPlanetary File System’s (IPFS) p2p network. The malware found in the wild targets Windows machines and allows the threat actor to execute any arbitrary PowerShell code...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Magecart Skimmers Found on Amazon CloudFront CDN

The intelligence in this week’s iteration discuss the following threats: Botnet, Data breach, Misconfigurations, Ransomware, Threat groups, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending...
Read More


Research

Phishing Campaign Impersonates Mexico, Peru, Uruguay Government’s e-Procurement Systems

OverviewIn late May 2019, Anomali researchers discovered a phishing campaign impersonating three Latin American government’s electronic procurement (e-Procurement) systems. The campaign uses convincing looking phishing pages where individuals and companies are invited to bid on public projects with the governments of Mexico, Peru, or Uruguay. The actors or...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Emissary Panda Attacks Middle East Government Sharepoint Servers

The intelligence in this week's iteration discuss the following threats: APT, Credential theft, Cryptomining, Data theft, Phishing, Payment card theft, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity. ...
Read More


Anomali Enterprise

Enhancing Your SIEM with Retrospective Analysis in Anomali Enterprise

IntroductionA breach is announced, details are released, and everyone wonders: does my organization have, or has it had, activity associated with the people or methods connected to this breach? Many organizations today can’t  answer this question, as they can’t perform efficient historical analysis of...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

The intelligence in this week’s iteration discuss the following threats: APT, Backdoor, Banking trojan, Data leak, Keylogger, Malspam, Malvertising, Misconfigured database, Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to...
Read More


Cyber Threat Intelligence

Data Breach Costs: Scare Tactic No More

We now know more than we’ve ever known about the true cost of a data breach. In addition to survey-based research, costs are discussed openly in quarterly reporting calls, made available via court documents, reported in the news, and apparent in stock values. The available information has taught...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Slack Bug Allows Remote File Hijacking, Malware Injection

The intelligence in this week’s iteration discuss the following threats: Data theft, Banking malware, Magecart, RCE, Threat group, targeted attacks, Website compromise, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Top-Tier Russian Hacking Collective Claims Breaches of Three Major Anti-Virus Companies

The intelligence in this week’s iteration discuss the following threats: FIN7, Gandcrab,Hidden Cobra, Rootkits, and Turla. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending ThreatsTop-Tier Russian Hacking...
Read More


Everything You Need to Know to Become a Guardian of the Cyberverse!

Join Us at Detect ‘19 the Threat Intelligence Event of the YearDetect '19 is the single largest conference dedicated to threat intelligence. We will be bringing together enterprise organizations and government agencies under one roof to learn about and discuss threat intelligence best practices and the ever-changing landscape of...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: 50,000 Enterprise Firms Running SAP Software Vulnerable to Attack

The intelligence in this week’s iteration discuss the following threats: APT, Backdoor, BEC, Data breach, Data leak, Malspam, Malvertisements, Phishing, Ransomware, targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your...
Read More


Threat Intelligence Platform

Tracking Your Adversary with a Threat Intelligence Platform

Anomali’s slogan is “Tracking The Adversary,” or as I like to say it, “Tracking Your Adversary.” Many of my prospects and customers ask me, “How does your platform help me to track my adversaries?” My response is that it takes a lot...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Contract Management Company Evisort Accidentally Exposed Sensitive Documents Publicly

The intelligence in this week's iteration discuss the following threats: AZORult, Backdoor, Data breach, Malware, Phishing, Supply Chain, Targeted attacks, Trojans, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Research

WorrisomeWiki: Is Collaboration Leaving You Exposed to Cyberattacks?

Weighing the Benefits of Project Management Applications Against the RiskDisclaimer: With the sensitive information possibly being leaked by a number of entities and it being hard to discern those intended to be open as opposed to those intended to be private. Anomali has contacted Atlassian to work with and...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Watch Out for Game of Thrones Phishing Scams As The Final Season Arrives

The intelligence in this week’s iteration discuss the following threats: Brute force, Data breach, Data theft, Phishing, Personally Identifiable Information, Ransomware, Threat group, Vulnerabilities, and Zero-day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More


Cyber Threat Intelligence

Mind the Threat Intelligence Gap With a Strong Cybersecurity Strategy

85% say Threat Intelligence is important for a strong security posture but 41% say they have not made progress in the effectiveness of Threat Intelligence data. This comes from a recent 2019 study carried out by the Ponemon institute with over 1000 IT Security Practitioners in North America and the U.K.The difference...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support

The intelligence in this week’s iteration discuss the following threats: APT, APT platform, Banking trojan, Botnet, Malspam, Phishing, Spear phishing, Targeted attacks, Vulnerabilities, and Zero day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your...
Read More


Cyber Threat Intelligence

Level Up Your SOC - Focus On People, Process, and Technology

IntroductionA Security Operations Center (SOC) is an organized and highly skilled team whose mission is to continuously monitor and improve an organization’s cybersecurity posture while preventing, detecting, analysing and responding to security incidents with the aid of technology and well-defined processes and procedures. The success of your...
Read More


Get the latest threat intelligence news in your email.