Anomali Blog

Anomali Blog

Threat Intelligence Platform

The Importance of Managing Threat Intelligence

Data. Data. Data. Threat data can feel like a constant rushing waterfall that can overwhelm an analyst. After all, what good is one more set of data if there’s not an applicable and manageable use case for it. Some people look at threat intelligence (note not threat data)...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group

The intelligence in this weekís iteration discuss the following threats: APT, Data breaches, DDoS, Lazarus group, Malicious mobile applications, Malicious documents, PortSmash, SMiShing, Spear phishing, Trickbot, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used...
Read More


Cyber Threat Intelligence

The Cybersecurity Tech Accord endorses the Paris Call

Strengthening our commitment to ensuring trust and stability in cyberspaceThe Cybersecurity Tech Accord is pleased to endorse the Paris Call for Trust and Security in Cyberspace as an early supporter. The Paris Call was announced today by French President Emmanuel Macron at the opening of the 13th...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

Intelligent Security Automation

Threat feeds and the data they provide continue to grow at a rapid pace. As this amount of data increases, the ability to make efficient use of it moves beyond human capability and must shift towards automation. There are three critical sections of the threat intelligence process that will greatly...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts

The intelligence in this week's iteration discuss the following threats: Backdoors, CommonRansomware, Data breaches, Magecart, Malware, Phishing, Ransomware, Stuxnet, Trickbot, Typosquatting, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Cyber Threat Intelligence Research

Threatscape of the US Election

Cyber attacks and political elections within the US are frequently heard together in the same sentence following the 2016 presidential election. Media outlets are ramping up their efforts to cover the 2018 midterm elections for the 115th Congress, often including online mediums such as social media. This can create an information overload...
Read More


Cyber Threat Intelligence Research

Cyber Countdown to November 6…

Securing US State and Territory Voter Registration and Information WebsitesExecutive SummaryLess than a week away from November 6, 2018, US midterm elections is arguably one of the most important election cycles in history where political parties battle for control of the two chambers of Congress. Additionally, thirty-six state governors,...
Read More


Cyber Threat Intelligence Research

New .republican and .democrat Domains Offer New Ways to Fake Out Voters

IntroductionElection cycles in the US are widely publicized on various forms of media sources but this publicity brings with it inherent risk. A campaign’s online presence is critical as more voters turn to the Internet to learn about candidates, compare positions, and prepare to vote. However, this...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: New Security Flaw Impacts Most Linux And BSD Distros

The intelligence in this weekís iteration discuss the following threats: APT, Data breach, DDoS, NARWHAL SPIDER, Phishing, Ransomware, TA554, Targeted attacks, TRITON, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More


Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

Importing Intelligence Data Directly From iOS 12

One situation I’ll often find myself in is reading a mail, blog post, or bulletin on my phone, such as this detailed analysis blog post here containing some APT file hashes, and I'll want to send it in to ThreatStream for import and pre-processing.Now - for...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records

The intelligence in this weekís iteration discuss the following threats: APT, Cryptomining, Data breach, DDoS, Spear phishing, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending...
Read More


Weekly Threat Briefing

WTB: MuddyWater Expands Operations

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Drupal, FruityArmor, Gallmaker, KeyBoy, Magecart, Panda Banker, Phishing, Remote access tool, and Vulnerabilities. The IOCs related to these...
Read More


Research

Estimated 35 Million Voter Records For Sale on Popular Hacking Forum

Anomali Labs researchers in close partnership with Intel 471, a leading cybercrime intelligence provider, have uncovered a widespread unauthorized information disclosure of US voter registration databases. To be clear, this voter information is made generally available to the public for legitimate uses. Anomali and Intel 471 researchers discovered dark web communications offering...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

UBF-Tasharuk: One year on…

September 2018 marked the one-year anniversary of the UBF-Tasharuk, an Information Sharing and Analysis Centre (ISAC) formed by the UAE Banks Federation (UBF), the representative body of the banking industry in the United Arab Emirates (UAE), powered by the Anomali Threat Platform. Initial membership consisted of 13 UAE-based banks partnering to equip...
Read More


Weekly Threat Briefing

WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft

The intelligence in this week’s iteration discuss the following threats: APT38, Botnet, Data breach, Exploit kit, FIN7, Lazarus, Malware builder, Pegasus spyware, Spear phishing, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

Anomali Joins the Cybersecurity Tech Accord

Last week Anomali was accepted into the Cybersecurity Tech Accord, a community of organizations committed to “improve cyberspace’s resilience against malicious activities, and reaffirm as a group, their pledge to empower users, developers and customers to better protect themselves.”The Tech Accord was formed in early 2018,...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Cobalt Threat Group Serves Up SpicyOmelette Fresh Bank Attacks

The intelligence in this week’s iteration discuss the following threats: APT28, Botnet, Cobalt Group, Data Breach, DDoS, Ransomware, Vulnerabilities, and Zero day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious...
Read More


Cyber Threat Intelligence

Detect ‘18 - Who’d ya call? Threatbusters!

And that’s a wrap! Thank you to all the speakers, sponsors, and attendees who joined us at Detect ‘18! This year we were fortunate to have some incredible keynote speakers, including:General Colin L. Powell, USA (Ret.) Eric O’Neill, General Counsel and Investigator Hugh Njemanze, Chief...
Read More


Weekly Threat Briefing

WTB: Adwind Trojan Circumvents Antivirus Software To Infect Your PC

The intelligence in this week’s iteration discuss the following threats: Credit card theft, DDoS, Phishing, Ransomware, Trojan, Vulnerabilities, and Web cache poisoning. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Anomali Enterprise Cyber Threat Intelligence Threat Intelligence Platform

Anomali Announces New Threat Platform and SDKs at Detect ‘18

Detect ‘18 began this year with keynote addresses from Hugh Njemanze and General Colin L. Powell, USA (Ret.). Anomali announced in their keynote the launch of a new Threat Platform and developer SDKs. The Anomali Threat Platform delivers a comprehensive threat detection, analysis, and response suite and is comprised of...
Read More


Get the latest threat intelligence news in your email.