SPECIAL HOLIDAY OFFER: Custom Recon Report with free Anomali Enterprise Trial   Sign Up Now

Anomali Blog

Weekly Threat Briefing

WTB: New Banking Trojan IcedID Discovered

The intelligence in this week’s iteration discuss the following threats: Business Email Compromise, Financial theft, Malspam, Phishing, Ransomware, Threat group, Trojan, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending Threats ...
Read More


Cyber Threat Intelligence STAXX

Restful Mash-Ups to Help Under-Staffed Infosec Teams

“This article was originally featured on Wire Data on April 2nd, 2017.”In this post, we will couple ExtraHop’s wire data analytics, Anomali STAXX, a leading threat intelligence solution and Slack, a cloud-based collaboration platform to demonstrate how we can use orchestration and...
Read More


Weekly Threat Briefing

WTB: Over A Million Android Users Fooled by Fake WhatsApp App in Official Google Play Store

The intelligence in this week’s iteration discuss the following threats: Botnet, Data leak, Email account compromise, Malicious application, Malspam, Phishing, Ransomware, RAT, Spear phishing, Trojan, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs...
Read More


Research

Russian Federation Cybersecurity Report

Whether the perpetrators or the victims, the Russian Federation is often linked to cyber activities in the news. The Russian Federation was recently hit with a ransomware attack called Bad Rabbit, which security professionals theorize was a retaliation for ransomware known as Petya. Evidence was also recently released indicating that...
Read More


Weekly Threat Briefing

WTB: LokiBot Android Banking Trojan Turns Into Ransomware When You Try to Remove It

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week's iteration discuss the following threats: Botnet, Exploit kit, Malicious Applications, Malspam, Phishing, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and...
Read More


Anomali Enterprise Cyber Threat Intelligence Malware SIEM ThreatStream

What I’ve Learned as a Part-Time Cyber Threat Analyst Using Anomali Enterprise

A few months ago I wrote a post detailing how Anomali Enterprise helped me to identify a malware threat to my home network. Many have since emailed me asking how they can do the same (please keep them coming!).Since writing that post, my router has generated millions of logs...
Read More


Cyber Threat Intelligence Research

Bad Rabbit Ransomware Outbreak in Russia and Ukraine

OverviewOn October 24, 2017, security firms and media organization began reporting about an active ransomware campaign that, as of this writing, has primarily targeted entities in Russia and Eastern Europe. The infections are believed to have initiated on October 24 at approximately 12:16 UTC, evidenced by an infected company’s tweet...
Read More


Weekly Threat Briefing

WTB: Advanced Persistent Threat Activity Targeting Energy and Critical Infrastructure Sectors

The intelligence in this week’s iteration discuss the following threats: APT, Malspam, Malvertising, Malware, Phishing, Targeted attacks, Ransomware, and Underground markets. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsOSX/Proton...
Read More


Cyber Threat Intelligence

The Catch-22 of Security Software

Malicious actors are constantly developing new and improved methods to attack companies. Innovations in security software help organizations to defend against the dynamic world of information security threats, but this protection comes with inherent drawbacks.One of these drawbacks is that security solutions can require significant access to systems and...
Read More


Weekly Threat Briefing

WTB: WPA2 Security Flaw Puts Almost Every Wi-Fi Device at Risk of Hijack, Eavesdropping

The intelligence in this week’s iteration discuss the following threats: Data breach, Malware, Malvertising, Phishing, RAT, Support scam, Threat group, Vulnerabilities, Wi-Fi, and Zero-day. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More


Cyber Threat Intelligence

NCSAM - Dialing in on Cybersecurity Education

“The security aspect of cyber is very tough. And maybe, it’s hardly doable...We have so many things we need to be doing better...And certainly cyber is one of them.”During the 2016 Presidential debates, Presidential candidate Donald Trump expressed his concern at the state of...
Read More


Weekly Threat Briefing

WTB: Every Single Yahoo Account Was Hacked 3 Billion In All

The intelligence in this week’s iteration discuss the following threats: Account compromise, Botnet, Data breach, Data theft, Malspam, Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More


Cyber Threat Intelligence

Hacker Tactics - Part 3: Adversarial Machine Learning

Adversaries are constantly changing and improving how they attack us. In this six-part series we’ll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.The overwhelming trend right now is to take problems old, new, and of large scale and apply...
Read More


Weekly Threat Briefing

WTB: Flawed Apple Mac Firmware Updates May Leave Them Vulnerable to Attack

The intelligence in this week’s iteration discuss the following threats: Data breach, Data theft, Malspam, Phishing, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsFlawed Apple Mac...
Read More


Cyber Threat Intelligence

Detect 2017 Recap

Detect 2017 was a great success, and we'd like to say a huge thank you to all of the speakers and attendees who made this possible. Here are a few highlights that made us say, "Great Scott!".Keynotes from:Kevin Poulsen, Cyber Crime Expert and author of Kingpin General Michael...
Read More


Cyber Threat Intelligence

A Closer Look at the German Election

On September 24th, 2017, federal elections took place in Germany to elect Germany’s next parliament, the 19th Bundestag. The Christian Democratic Union (CDU) won the majority of votes with 33%, making this Angela Merkel’s fourth term in office.Merkel has been a steadfast supporter of the European Union,...
Read More


Cyber Threat Intelligence

What the Equifax Breach means for the Social Security Number System

On September 7th, 2017, Equifax Incorporated publicly announced a major data breach of their systems. Equifax reported that data associated with approximately 143 million Americans were exposed, with records including addresses, date of birth (DOB), full name, Social Security Number (SSN), and some driver’s license numbers. Credit card numbers for...
Read More


Weekly Threat Briefing

WTB: Oracle Patches Apache Vulnerabilities

The intelligence in this week's iteration discuss the following threats: APT, Banking trojan, Data breach, Malspam, Mobile, Ransomware, Spear phishing, Typosquatting, and Vulnerability. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsOracle...
Read More


Anomali Enterprise SIEM Splunk Threat Intelligence Platform

Give Splunk (And Your Security Team) A Helping Hand With Threat Intelligence

Performance is often one of the biggest gripes I hear from Splunk users. Even after spending time carefully architecting a distributed search environment, running it on top-of-the-range hardware, and carefully assigning user permissions, Splunk searches can still often run painfully slowly.This scenario is particularly true of security use-cases where...
Read More


Anomali Enterprise Threat Intelligence Platform

Addressing Threat Blindness

In just four years since launching Anomali we’ve seen Threat Intelligence become a standard element of enterprise security programs. Last week we published a Ponemon Institute report on “The Value of Threat Intelligence” (our 2nd year sponsoring this research) – in it we found:80%of enterprises...
Read More


Get the latest threat intelligence news in your email.