Anomali Blog

Anomali Enterprise Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream

Generating Your Own Threat Intelligence Feeds in ThreatStream

Getting threat intelligence into your existing security products - SIEMs, endpoints, network tools -- can significantly enhance their effectiveness and longevity. Here at Anomali we understand the value of product integrations, so much so that my entire job is to manage the 30+ we currently offer.Recently we launched...
Read More


Cyber Threat Intelligence Research

Taking the cyber No-Fly list to the skies

In our last post, we talked about how companies can use the concept of a No-Fly list to keep malicious actors out of their networks. So how does a cyber No-Fly list work in a real situation? We spoke with one of our customers, Alaska Airlines, about how they make...
Read More


Weekly Threat Briefing

WTB: Olympic Destroyer Takes Aim At Winter Olympics

The intelligence in this week’s iteration discuss the following threats: Compromised server, Cryptocurrency miner, Data theft, Malspam, Phishing, Targeted attacks, Underground markets, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More


Getting into Tech…for the Non-Technical

My name is Teddy Powers. I have worked for Anomali (formerly ThreatStream) for almost the last three years and it’s been one of the best experiences of my life. But if you looked at my résumé or LinkedIn, much like anyone else, you’d...
Read More


Research

North Korean Cybersecurity Profile

North Korea, or more formally, the Democratic People’s Republic of North Korea (DPRK), is no stranger to international headlines. Most notably, it has captured attention in recent years for its nuclear testing and ballistic missile launches. Events in the cyber landscape have brought negative attention to North Korea...
Read More


Cyber Threat Intelligence Research

How the No-Fly List Approach Can Be Used to Improve Cybersecurity

We’ve all heard of the No-Fly List. Managed by the FBI’s Terrorist Screening Center, the list bans people on it from boarding commercial aircraft within, into, or out of the United States. The No-Fly List is only one tactic that the U.S. uses in its...
Read More


Weekly Threat Briefing

WTB: Android Devices Targeted by New Monero-Mining Botnet

The intelligence in this week’s iteration discuss the following threats: Botnet, Cryptocurrency miner, Cyber espionage, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsAndroid Devices Targeted...
Read More


Research

The 2018 Winter Olympics in PyeongChang, South Korea and Impact to the Cyber Threat Landscape

Major events like the Winter Olympics attract a lot of attention from fans all around the world.  For three weeks fans will watch in person, on televisions, and online to follow the various competitive events. This attention is attractive to advertisers but it’s also attractive to cyber...
Read More


Weekly Threat Briefing

WTB: Tax Identity Theft Awareness Week

The intelligence in this week’s iteration discuss the following threats: APT, Cryptocurrency miners, Phishing, Ransomware, Remote Access Trojan, Targeted attacks, Tax-related malicious activity, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity. ...
Read More


Cyber Threat Intelligence Malware Research

Welcoming Draft 2, version 1.1 of the NIST Cybersecurity Framework

The NIST Cybersecurity Framework (CSF) is a set of standards, best practices, and recommendations for improving cybersecurity and managing cybersecurity risk at the organizational level. Since original publication in 2014, the Framework, although voluntarily for the private sector and enterprise, has been widely adopted across the globe. Research by NIST...
Read More


Weekly Threat Briefing

WTB: Apple “chaiOS” Flaw Can Crash Your iPhone and macOS with A Single Text Message

The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Data breach, Data theft, Malspam, Phishing, Spyware, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsHalf...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

Introducing Anomali ThreatStream Integrator 6.3.5

Anomali ThreatStream Integrator is a software with a small footprint that allows you to integrate the powerful threat intelligence of Anomali ThreatStream with your existing security tools. Today I'm excited to announce the latest version of Integrator.In addition to the SIEMs, endpoints and numerous other security solutions ...
Read More


Anomali Raises $40 Million in Series D Funding

Today I’m pleased to share the news of our latest fundraising efforts, and the addition of Lumia Capital, Deutsche Telekom Capital Partners, Telstra Ventures and Sozo Ventures to the Anomali family. With this funding, we’ll continue to invest in developing innovative threat management and collaboration solutions...
Read More


Weekly Threat Briefing

WTB: New Mirai Variant Targets Billions of ARC-Based Endpoints

The intelligence in this week’s iteration discuss the following threats: APT, Disk-wiper, DNS hijacking, Malicious extensions, Malicious application, Malvertising, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending Threats ...
Read More


Malware Research

The Rise of Malware Using Legitimate Services for Communications

Malware often includes the ability to communicate with attacker controlled systems on the Internet from within compromised networks. This gives the attacker several important capabilities.Some examples of this communication include:Receive “heartbeats” to maintain an inventory of compromised systems Send Remote control commands and receive the results...
Read More


Weekly Threat Briefing

WTB: Malicious Document Targets Pyeonchang Olympics

The intelligence in this week’s iteration discuss the following threats: Banking trojan, Botnet, Credit card theft, Data breach, Hardcoded backdoor, Malicious applications, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity. ...
Read More


Cyber Threat Intelligence

What is Strategic Threat Intelligence?

This is the second blog in a series called, “What is Threat Intelligence?”  The first blog in the series can be found here.  Stay tuned for future installments in this series.Maintaining a strong security posture requires developing and answering many questions specific to the organization....
Read More


Weekly Threat Briefing

WTB: macOS Exploit Published on the Last Day of 2017

The intelligence in this week’s iteration discuss the following threats: Data leak, Information stealing malware, Malspam, Misconfigured Database, Phishing, RAT, Vulnerabilities, and Zero-day. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending Threats ...
Read More


Cyber Threat Intelligence Malware Research

12 Days of Threats

On the first day of Christmas a hacker stole from me, Thousands in my favorite cryptocurrency… On the second day of Christmas a hacker stole from me, Two plain-text passwords and thousands in my favorite cryptocurrency...We’re sure by now you’ve heard too much Christmas...
Read More


Weekly Threat Briefing

WTB: New GnatSpy Mobile Malware Family Discovered

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: ATM-theft, Data leak, Malspam, Mobile malware, Phishing, Targeted attacks, Threat group, underground markets, and Vulnerabilities. The IOCs related to these stories...
Read More


Get the latest threat intelligence news in your email.