<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Is DNS the Key to DGA Protection?

Command and control servers (C2s) are a central part of malware campaigns - almost all malware families communicate with C2 servers to receive orders from the attackers controlling them. Threat actors go to great lengths to keep these servers up and running while law enforcement attempts to shut them down and security vendors strive to protect their customers from them. When C2 addresses were hard coded into malware it wouldn’t take long before the address was found, published and taken down or blocked. Today's reality is much more complex.

Read More

Share this:

6 Cybersecurity Mistakes Every Organization Should Avoid

 

All it takes is one mistake, one wrong click or weak password, one unpatched vulnerability, for a malicious threat actor to infiltrate your network. Once they are inside, the options are endless. Security can never be 100% airtight, but making sure you have strong armor at the frontline will critically minimize the attacks that have a chance of penetrating your network. How is this defense built? Most of the time, our mind jumps right to the tools – which technologies can we use to armor up? But effective security is much more than that – setting in place the right mindset, personnel, processes AND tools is the key to keeping your data secure. In this blog post, we will share critical mistakes that managers, IT teams and employees alike should be aware of in order to make the right choices and keep the company network safe.

Read More

Share this:

ThreatSTOP launches built-in ThreatCONNECT Integration

ThreatSTOP is now a ThreatConnect partner, integrating our DNS and IP threat intelligence directly into ThreatConnect's market-leading Threat Intelligence (TIP) and Security Orchestration, Automation, and Response (SOAR) Platform.

Read More

Share this:

Cyber Criminals Upset by New ThreatSTOP - Bandura Integration

In news that's certain to make cyber criminals depressed, but security practitioners joyous, ThreatSTOP and Bandura have developed an integration that builds on the proactive, block-threats-early mantra shared by the two security companies.

Read More

Share this:

From Russia with Love: Selectel hosting some busy, bad IP addresses

In the past week we saw a massive surge in hits on customer logs coming from the IP 45.146.165[.]11. Our security research team checked it out, and found that it has been the launch pad for abnormally large amounts of traffic trying to reach customer machines. On one customer network alone they got over 2 million hits.

Read More

Share this:

MS EXCHANGE ATTACKS: BLOCK ANONYMOUS VPN SERVICES (AND THESE IOCS)

Until two weeks ago, thousands of Microsoft Exchange servers were under attack unknown to anyone. Since Microsoft and other researchers uncovered this severe cyber offensive against various U.S. institutions, organizations have been scrambling to patch the vulnerabilities used in the attack, understand the extent of potential damage, and ensure protection for next time (and there will be a next time). In this blog post, we'll explain how to do exactly that.

Read More

Share this:

New Gafgyt Botnet TOR Variant Targets D-Link and IoT Devices

The Gafgyt IoT botnet has been around for 7 years already, boasting many different variants over time. Also known as BASHLITE, this botnet has become notorious for launching DDoS attacks, making it almost as well-known as famous botnets such as Mirai in recent years. In 2018, two Gafgyt variants were detected, targeting Apache Struts and SonicWall vulnerabilities. Over the next year, Gafgyt started targeting vulnerable internet of things devices, wreaking havoc on gaming servers all over the world.

Read More

Share this:

ThreatSTOP Managed Rules Now Available for AWS WAF

Good news for AWS customers (which is.... a lot of you!)! 

Read More

Share this:

Mitigating The MS Exchange 0-day attacks

HAFNIUM Exchange attack - detecting and mitigating with ThreatSTOP TI

The Microsoft Exchange attack leveraging multiple zero-days has by some accounts been one of the most wide-spread and potentially damaging hacks in history, orchestrated by a group Microsoft has named HAFNIUM. Malicious network activity related to the attack was first detected in January but the full nature and extent of the attack was publicly disclosed only on March 2nd. Active exploitation started around February 26th, primarily targeting U.S. entities. 

Read More

Share this:

Cybercrime Against Healthcare Soars During COVID-19

Healthcare has been one of the most severely impacted industries by the still-menacing COVID-19 virus. The sudden global pandemic created a surge in demand for clinical care, medical equipment, healthcare technologies and eventually - a solution. All of these and more rely on information technology. From making appointments and delivering healthcare to patients, to using internet-connected medical devices and developing vaccine research, COVID-19 response is vulnerable to cyber attacks on all levels. Being by far the most pressing issue today, it comes as no surprise that attackers are exploiting the difficult situation healthcare institutions are facing to wreak havoc and cash in on their struggle.

Read More

Share this:

ARCHIVES

see all

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter