Anomali Blog
Anomali Enterprise Cyber Threat Intelligence Threat Intelligence Platform
Anomali Announces New Threat Platform and SDKs at Detect ‘18
Detect ‘18 began this year with keynote addresses from Hugh Njemanze and General Colin L. Powell, USA (Ret.). Anomali announced in their keynote the launch of a new Threat Platform and developer SDKs. The Anomali Threat Platform delivers a comprehensive threat detection, analysis, and response suite and is comprised of...
Read More
WTB: Windows Systems Vulnerable To FragmentSmack, 90s-Like DoS Bug
The intelligence in this week’s iteration discuss the following threats: APT10, APT34, BEC campaign. BOUNDUPDATER, Data breach, PyLocky and Spear Phishing. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending...
Read More
Cyber Threat Intelligence Malware Research
Evaluating the Threatscape One Year After NotPetya Ransomware Attack
The NotPetya cyber-attack occurred a little over a month after WannaCry, targeting Ukrainian organisations.The attack was initiated utilising a corrupted update for an accounting and tax software that was almost exclusively used throughout every organisation, private and public, in the country. The malware employed the same SMB exploit that...
Read More
WTB: Apple Removes Top Security Tool for Secretly Stealing Data
The intelligence in this week’s iteration discuss the following threats: APT, Data theft, Banking trojan, Malicious applications, Phishing, Social engineering, Targeted attacks, Threat group, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More
Go with the Flow of Intelligence-Driven Security Operations
One of the recent trends I’ve encountered for security operations teams is to design a more intelligence-driven SOC, where existing threat intelligence investments are leveraged to assume a more proactive security posture. More and more frequently, this trend is now a requirement.This requirement may be expressed in...
Read More
WTB: Remote Mac Exploitation Via Custom URL Schemes
The intelligence in this week’s iteration discuss the following threats: Anonymous, Apache Struts vulnerability, BusyGasper, Cobalt Gang, DarkComet, DDoS, Loki Bot, Spear phishing, and WINDSHIFT APT. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More
WTB: Weak Passwords Let a Hacker Access Internal Sprint Staff Portal
The intelligence in this week’s iteration discuss the following threats: APT, Backdoor, Cyberespionage, Data breach, Data leak, Ransomware, Spearphishing, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More
Cyber Threat Intelligence Research
Anomali Labs Research Shows Email-Based Attacks Continue to Threaten Election Security
The Anomali Labs team today published research on the potential for email-based attacks against election infrastructure. The new report, “Can Lightning Strike the US Elections Twice?: Email Spoofing Threat to the 2018 US Midterm Elections,” reveals that most US states have vulnerabilities that would allow email spoofing...
Read More
Cyber Threat Intelligence Research
What the US-Turkey Escalation Means for Cybersecurity
The recent escalation in US-Turkish political relations has important implications and will likely result in cybersecurity responses. The Anomali Labs research team has published a report providing an overview of the crisis, the key players involved, and analysis of potential cybersecurity reactions.The political tension between the US and Turkey...
Read More
WTB: JavaScript Web Apps And Servers Vulnerable To ReDoS Attacks
The intelligence in this week’s iteration discuss the following threats: APT, Credential theft, Cyberespionage, Malspam, Phishing, Ransomware, Remote access trojan, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More
Cyber Threat Intelligence Malware Research Threat Intelligence Platform
Analyzing WannaCry a Year After the Ransomware Attack
The cyber-attack known as WannaCry first broke out in May of 2017 and was unprecedented in its scope and impact. It utilized a Microsoft Windows vulnerability that was leaked by a cyber threat group, the Shadow Brokers, and despite Microsoft releasing a patch for the vulnerability, many organizations failed to apply...
Read More
WTB: Vulnerabilities In mPOS Devices Could Lead To Fraud And Theft
The intelligence in this week’s iteration discuss the following threats: Backdoor, Banking trojan, Cryptominer, Data breach, Malvertising, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity....
Read More
WTB: Computer Virus Cripples iPhone Chipmaker TSMC Plants
The intelligence in this week’s iteration discuss the following threats: Breach, Cryptojacking, GandCrab, malspam, phishing, Ransomware, targeted attacks and WannaCry. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsHave I...
Read More
Vegas Awaits: Seven Things to Do at Black Hat USA 2018
Black Hat is just around the corner, and, like many of us, you may not have planned out your trip yet. That’s okay! We’ve got your back with seven of our favorite activities you should try at Black Hat 2018:1) Neon MuseumWhether you...
Read More
WTB: US State Governments Receive Malware-Laden CDs From China Via Snail Mail
The intelligence in this week’s iteration discuss the following threats: APT34, Hide n Seek Botnet, LeafMiner, Macro Enabled Malspam, Phishing, and QUADAGENT. The IOCs related to these stories are attached to the WTB and can be used to check your logs for ...
Read More
What is Tactical Threat Intelligence?
This is the fourth blog in a series called, “What is Threat Intelligence?” The first blog in the series can be found here, the second on Strategic Intelligence can be found here, and the third on Operational Intelligence can be found here.Tactical IntelligenceTactical intelligence is...
Read More
WTB: Data Breach Exposes Trade Secrets of Carmakers GM, Ford, Tesla, Toyota
The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Data leak, Malspam, Phishing, Ransomware, Spear phishing, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More
Cyber Threat Intelligence Threat Intelligence Platform
5 Reasons Why Threat Intelligence Matters to Your Company
No matter the size, industry, or location, every business will share certain core objectives. These include growing revenue, reducing risk, lowering expenses, increasing customer and employee satisfaction, adhering to compliance regulations, and so on. Often it seems that focusing on information security will negatively impact many of these objectives. After...
Read More
WTB: CSE Malware ZLab – Operation Roman Holiday – Hunting the Russian APT28
The intelligence in this week’s iteration discuss the following threats: APT28, AZORult, BlackTeck, Golden Cup, Leviathan APT, Magecart and Upatre. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More
Cyber Threat Intelligence ThreatStream
The Gamer Theory of Threat Hunting
Teamwork. Determination. Satisfaction. Video gaming missions provide us with an escape from reality that is often viewed as simple and relaxing. However, the dedication required to conquer these complex missions goes largely unnoticed. The copious, and often draining, amounts of effort and cooperation applied to these missions is rewarded by...
Read More
