ThreatSTOP CEO Tom Byrnes to Speak at 2 Events in Washington, D.C.

ThreatSTOP CEO Tom Byrnes has been invited to speak at two events in D.C.

Read More

Share this:

Russian Business Network Penguins

As those who visit our home page may have noticed we have a section where we note the countries with the worst IP reputation. We divide it up between big countries and small ones and determine the relative badness by calculating the proportion of the country's reported IP addresses that are bad.

Read More

Share this:

Come Hear Johannes Ullrich of SANS Institute Talk

Johannes Ullrich, Dean of Faculty and Chief Research Officer at SANS Institute and founder of DShield (full disclosure: also advisor to ThreatSTOP), will give a talk on the ever-changing threat landscape and how to detect existing breaches, protect against botnets and advanced persistent threats, and safeguard your data.  It will be at a lunch and learn event jointly sponsored by ThreatSTOP and the Orange County IT Executive Round Table on April 26, at Newport Beach, CA.  Registration is FREE for qualified IT security professionals.  Come enjoy great food, learn something and connect with your peers.  For more info, go here.

Read More

Share this:

Latest Adobe Zeroday - "Call Home" Blocked by ThreatSTOP

Adobe have just announced yet another Zeroday Flash etc. exploit that has been seen in the wild in emailed Microsoft Word documents. The document installs the usual sort of backdoor trojan.

Read More

Share this:

ThreatSTOP and IPv6

Since the Internet is nearly out of IPv4 addresses, people are finally getting serious about using IPv6. As people start deploying IPv6 we will find new bugs and loopholes that crooks can exploit. Holes like this one that mean that a bot on a network could act as the "man in the middle" for everyone else nearby.

Read More

Share this:

The RSA spearphish attack and IP reputation

There is a very interesting blog post by Uri Rivner of RSA where he gives details of the recent attack on RSA's SecureID system. Near the bottom of it he mentions that three domains were identified as being connected with the attack:

Read More

Share this:

Blocking the LizaMoon ips

One thing we often note is that many bad IP addresses are recidivists. One day they are seen doing one bad thing, a week later they do something different. A good example are the various IP addresses implicated in the current LizaMoon SQL injection attack. Almost all the addresses were already known to us - in the 'Russian Business Network' feed at least - and some had quite a considerable history. Hence ThreatSTOP subscribers could have been protected against this attack, however not every ThreatSTOP subscriber will be using a block list with the RBN feed in it so we have also added the addresses to Emergency Feed which is downloaded by all our subscribers.

Read More

Share this: