Results Page 2/23 for Anomali Blog

Anomali Blog

Research

Phishing Campaign Spoofs United Nations and Multiple Other Organizations

Anomali Labs researchers recently discovered a phishing site masquerading as a login page for the United Nations (UN) Unite Unity, a single sign-on (SSO) application used by UN staff. When visitors attempt to login into the fraudulent page, their browser is redirected to an invitation for a film viewing at...
Read More


Research

Phishers Target Texas Department of Transportation Contractors with Online Bidding Scheme

On February 15th, 2019, Anomali Labs researchers found an active phishing page masquerading as a legitimate Texas Department of Transportation (TxDOT) online bidding website. The illegitimate portal <hxxps://www[.]txdot[.]gov[.]us.e-bid.sync.auth.moovindancestudio[.]com/secure/user-login/login[.]php> is being hosted on a suspected compromised server...
Read More


Threat Intelligence Platform

Transform Your CTI Program With the Anomali Threat Platform: Exploring 5 Common Use Cases

In this blog, we will be looking at a few popular use cases of Anomali Enterprise™, one of the core components of the Anomali Threat Platform. Anomali Enterprise is a powerful tool that addresses an industry-wide dilemma on how to leverage threat intelligence effectively. A key issue with most...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Google Spots Attacks Exploiting iOS Zero-Day Flaws

The intelligence in this weekís iteration discuss the following threats: Cryptominers, Data breach, ExileRAT, Malware, NanoCore, RATs, Remote code execution, Spear phishing, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: New SpeakUp Backdoor Infects Linux and macOS with Miners

The intelligence in this weekís iteration discuss the following threats: APT32, APT39, Backdoors, CookieMiner, Cryptominers, Data breach, Malspam, Malware, Phishing, SectorA05, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Research

Analyzing Digital Quartermasters in Asia – Do Chinese and Indian APTs Have a Shared Supply Chain?

Anomali Labs recently analyzed a large number of weaponized RTF phishing files related to APT groups aligned with Chinese and Indian state interests. This analysis has identified a shared object dimension and shared obfuscation methods across weaponized RTF files utilized by the APT groups known as Sidewinder (Indian State Interests),...
Read More


Threat Intelligence Platform

How I Learned to Stop Worrying about CVEs and Love Threat Intelligence (es)

In my previous job, one of my main responsibilities was related to consulting services. Most of my customers’ needs were in the field of compliance and security assessment, and one of the most frequent requests was a vulnerability assessment of their IT infrastructure. I frequently had to explain to...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Hackers Are Going After Cisco RV320/RV325 Routers Using A New Exploit

The intelligence in this week’s iteration discuss the following threats: Alert, Data leak, DNS tampering, Misconfigured database, Phishing, Ransomware, Trojan, Vulnerabilities, Website compromise and Zero-day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your...
Read More


Research

Abusing the Mali ccTLD (.ml) To Target Dutch Organisations

IntroductionAt the start of 2019, Anomali Labs observed an upward trend in threat actors abusing the Mali country code top-level domain (ccTLD), “.ml”, to host suspicious and malicious sites closely resembling Dutch-based organisations.  Our research identified the .ml ccTLD is amongst one of the top ten most...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

Partner Spotlight: Silobreaker

One of the key differentiators between good security and great security is the interconnectedness between security solutions. Organizations need numerous specialized tools to aggregate, analyze, monitor, block, share - the list goes on. The more seamless the transfer of information and actions between these tools, the more effectively security teams...
Read More


Research

Weekly Threat Briefing: Ex-Employee Hacks WPML WordPress Plugin Site and Spams Users

The intelligence in this weekís iteration discuss the following threats: Adware, APT, DarkHydrus, Data breach, Emotet, Lazarus group, MageCart, Malvertising, Ransomware, Spearphishing, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More


Research

Phishing Scam Spoofs Canadian eTA and U.S. ESTA Websites To Target Visa-Exempt Foreign Travelers

On January 16, 2019, Anomali Labs detected two suspicious domains gov-canada-eta[.]com and canada-etavisa[.]info targeting foreign nationals interested in applying for a Canadian electronic travel authorization (eTA). Hosted on this domain is a replica website that spoofs the Government of Canada Electronic Travel Authorization (eTA) application site used by tourists, business...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: NASA Jira Server Leaked Internal Project And Employee Data

The intelligence in this week's iteration discuss the following threats: Adware, Backdoor, CryptoMix, Data breaches, DNS hijacking, FlawedGrace, ICEPick-3PC, MageCart, Malware, Phishing, Ransomware, ServHelper, Side-channel attack, TA505, TEMP.MixMaster, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing...
Read More


Research

Phishing Scam Lures Australian Government Contractors Into Disclosing Account Credentials

On January 9, 2019, Anomali Labs observed a new tender-themed phishing scam targeting companies allegedly selected by the Australian Government to submit tenders for commercial projects. The document purports to be from the Secretary of Infrastructure and Regional Development, Dr. Steven Kennedy. The premise behind the scam is to lure users into...
Read More


Malware Research

2019 Attack Predictions for the Payment Sector

Anomali Labs published this week a report, “Cyber Crime in the Payments Industry,” that examines threat trends affecting this sector. The report, available for download, details attacks and techniques, and provides recommendations for organizations that process credit card transactions.The payments industry, including retail, hospitality, restaurants and payment...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Another Windows 10 Zero-Day Bug Could Allow Overwriting Files With Random Data

The intelligence in this weekís iteration discuss the following threats: APT28, Danabot, Data breaches, Miori, Phishing, RATs, Ransomware, Roma225, The Dark Overlord, Vulnerabilities, and Zebrocy. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your...
Read More


Malware Research

Destructive Shamoon Malware Continues its Return with a New Anti-American Message

Anomali Labs in its continued hunt for the destructive Shamoon malware, has identified a new Shamoon malware sample that uses an image of a burning US Dollar as part of its destructive attack. Historic versions of the Shamoon destructive wiper have utilized images of a burning American flag and the...
Read More


Cyber Threat Intelligence Malware

Holiday Shopping Increases Threat Actor Activity in 2018—Be Vigilant and Jolly

OverviewAs the weather grows colder and holiday shopping seasons encroaches, so too, increases the opportunities for data and monetary theft for a threat actor. Every year it seems as if companies are moving their “deals” earlier and earlier than the well-known Black Friday and Cyber Monday shopping...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Save the Children Hit by $1m BEC Scam

The intelligence in this weekís iteration discuss the following threats: Android trojan, BEC, Charming Kitten, Coblat Group, Exploit kit, Malware, Novidade, Phishing, Seedworm, SplitSpectre, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More


Cyber Threat Intelligence Malware Research

New Shamoon V3 Malware Targets Oil and Gas Sector in the Middle East and Europe

A new version of destructive wiper malware Shamoon was first identified by security researchers on December 5, 2018. This malware dubbed Shamoon V3, appears to be a new version of the destructive malware, which has historically been associated with advanced persistent threat actors aligned with the interests of the Iranian state. It...
Read More


Get the latest threat intelligence news in your email.