Categories | Anomali Blog

BLOG

Category:

Cyber Threat Intelligence

Top Five Cyber Threat Intelligence Training Resources to Check Out

Every day, new types of cyberattacks are causing escalating damage to companies, governments, and individuals. Security professionals are often under pressure to keep up and understand new cyberattacks and tricks. Addressing this need in cybersecurity skills requires foundational training resources that can be referenced regularly. Luckily, there are numerous websites...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: “Agent Smith:” The New Virus to Hit Mobile Devices

The intelligence in this week’s iteration discuss the following threats: 16Shop phishing kit, Agent Smith Android malware, Astaroth malware, Magecart, Miori botnet, and Zoom vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Anomali Presents the Black Hat 2019 Travel Guide

10 Things To Do in Las VegasOne of the biggest cybersecurity conferences of the year, Black Hat 2019 is coming up fast, August 3rd through the 8th. Thousands of cybersecurity professionals will gather in Las Vegas for a week of networking, briefings, and hands-on training. If you’re one of...
Read More


Research

The eCh0raix Ransomware

IntroductionAnomali researchers have observed a new ransomware family, dubbed eCh0raix, targeting QNAP Network Attached Storage (NAS) devices. QNAP devices are created by the Taiwanese company QNAP Systems, Inc., and contain device storage and media player functionality, amongst others. The devices appear to be compromised by brute forcing...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Malicious Campaign Targets South Korean Users with Backdoor-Laced Torrents

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT, Automated attacks, Backdoor, Breach, Malspam, Phishing, Targeted attacks, Threat groups, and Vulnerabilities. The IOCs related to these...
Read More


Research

Multiple Chinese Threat Groups Exploiting CVE-2018-0798 Equation Editor Vulnerability Since Late 2018

During Anomali Threat Researcher’s tracking of the “Royal Road” Rich Text Format (RTF) weaponizer, commonly used by multiple Chinese threat actors to exploit CVE-2017-11882 and CVE-2018-0802, it was discovered that multiple Chinese threat groups updated their weaponizer to exploit the Microsoft Equation Editor (EE)...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Georgia Court System Hit in Ransomware Attack

The intelligence in this week’s iteration discuss the following threats: APT, Banking malware, Cryptocurrency miner, Data leak, Exploit kit, Malvertising, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More


Cyber Threat Intelligence

Cyber Threat Intelligence Saves Enterprises Millions

Demand for cyber threat intelligence (CTI) capabilities is growing. More than 85 percent of respondents to the Ponemon Value of Threat Intelligence survey and report we sponsored ranked it as a top security priority. One analyst firm predicts that enterprises will soon be investing 20 percent of their security budgets into it. ...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Millions Exposed in Desjardins Data Leak

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: BlueKeep, Cryptominers, FlawedAmmyy Trojan, Sodinokibi, and TA505. The IOCs related to these stories are attached to the Community Threat Briefing and...
Read More


Threat Intelligence Platform

Anomali Adds DomainTools Iris to APP Store

The DomainTools Iris App for Anomali creates tremendous value for our joint customers and amplifies the complementary values of both solutions. Customers will now benefit from the aggregation and overlay of DomainTools data with other internal and external sources in Anomali for context to determine whether or not to take...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: New Pervasive Worm Exploiting Linux Exim Server Vulnerability

Trending ThreatsThis section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: Dofloo Trojan, EternalBlue, FIN8, MuddyWater, ShellTea, and Vim Vulnerabilities. The IOCs related to these stories are attached to the...
Read More


Research

The InterPlanetary Storm: New Malware in Wild Using InterPlanetary File System’s (IPFS) p2p network

SummaryIn May 2019, a new malware was found in the wild that uses a peer-to-peer (p2p) network on top of InterPlanetary File System’s (IPFS) p2p network. The malware found in the wild targets Windows machines and allows the threat actor to execute any arbitrary PowerShell code...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Magecart Skimmers Found on Amazon CloudFront CDN

The intelligence in this week’s iteration discuss the following threats: Botnet, Data breach, Misconfigurations, Ransomware, Threat groups, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending...
Read More


Research

Phishing Campaign Impersonates Mexico, Peru, Uruguay Government’s e-Procurement Systems

OverviewIn late May 2019, Anomali researchers discovered a phishing campaign impersonating three Latin American government’s electronic procurement (e-Procurement) systems. The campaign uses convincing looking phishing pages where individuals and companies are invited to bid on public projects with the governments of Mexico, Peru, or Uruguay. The actors or...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Emissary Panda Attacks Middle East Government Sharepoint Servers

The intelligence in this week's iteration discuss the following threats: APT, Credential theft, Cryptomining, Data theft, Phishing, Payment card theft, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity. ...
Read More


Anomali Enterprise

Enhancing Your SIEM with Retrospective Analysis in Anomali Enterprise

IntroductionA breach is announced, details are released, and everyone wonders: does my organization have, or has it had, activity associated with the people or methods connected to this breach? Many organizations today can’t  answer this question, as they can’t perform efficient historical analysis of...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

The intelligence in this week’s iteration discuss the following threats: APT, Backdoor, Banking trojan, Data leak, Keylogger, Malspam, Malvertising, Misconfigured database, Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to...
Read More


Cyber Threat Intelligence

Data Breach Costs: Scare Tactic No More

We now know more than we’ve ever known about the true cost of a data breach. In addition to survey-based research, costs are discussed openly in quarterly reporting calls, made available via court documents, reported in the news, and apparent in stock values. The available information has taught...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Slack Bug Allows Remote File Hijacking, Malware Injection

The intelligence in this week’s iteration discuss the following threats: Data theft, Banking malware, Magecart, RCE, Threat group, targeted attacks, Website compromise, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Top-Tier Russian Hacking Collective Claims Breaches of Three Major Anti-Virus Companies

The intelligence in this week’s iteration discuss the following threats: FIN7, Gandcrab,Hidden Cobra, Rootkits, and Turla. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending ThreatsTop-Tier Russian Hacking...
Read More


Get the latest threat intelligence news in your email.