<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Author Archives:threatstop

Recent Posts

Breaking News Webcast: With Indictments, John Bambenek Talks How Authorities Can Protect Democracy Against Foreign Threats

Photo Credit: Alex Wong, Getty Images

Breaking News Webcast: With Recent Indictments, John Bambenek Talks How Election Authorities Can Protect Democracy Against Foreign Threats

Read More

Share this:

Who Can You Trust? The Danger of False Positives in Threat Intelligence

Everyone knows you need to block the bad stuff from getting onto your network and calling home to its masters. However, what happens when something good gets incorrectly flagged as malicious? You’ve been hit with a false positive, and in some cases, this can be just as bad as letting something truly dangerous get through.

Read More

Share this:

How BYOD are Targets for Malware

With the ever-presence of hand-held devices, smart phones and other mobile devices, it’s easy to forget that such items are simply small computers and therefore susceptible to the same attacks that get headlines on the nightly news.

Read More

Share this:

ThreatSTOP blocking Superfish

At ThreatSTOP we have been reading about the Lenovo/Superfish adware security hole with amazement. Not so much at the enormous gaping hole that has been discovered (sadly that seems to be SOP at too many places) but at the way that the various parties involved have completely failed to understand that they have created such an enormous gaping hole.

Read More

Share this:

Another reason to block China

There have been a number of reports in the last week or two of websites that are apparently being DDoSed from IP addresses in the PRC. This has caused a certain amount of confusion and pain to those affected because there seemed to be no reason for the attack, however the cause has now become clear. As Sucuri explain on their blog, the cause appears to be the so-called "Great Firewall of China":

Read More

Share this:

ThreatSTOP Announces Improvements to Reporting

ThreatSTOP is pleased to announce a new release of its web portal that significantly improves the speed an utility of the logfile analysis and reporting it provides to subscribers. The new reporting UI presents data in a way that is in line with how our customers prefer to analyze the data.

Read More

Share this:

ThreatSTOP announces first IPv6 feed

We are making available our first IP v6 feed – the v6 full bogons – as a technology demonstration. It uses the exact same DNS distribution method as our standard IP v4 lists and thus demonstrates clearly that our mechanism is IP v6 compliant.

Read More

Share this:

New and Improved Botnet Feeds

ThreatSTOP has improved our botnet block list by adding a number of C&C servers and DNS servers for botnets that have been taken down by law enforcement. This includes the conficker C&C sinkhole servers (see http://www.confickerworkinggroup.org/wiki/ ) and the IP addresses that the DNS Changer botnet used as DNS servers when redirecting DNS on infected computers (see http://dcwg.org ). These have been added to both the botnets feed and to respective expert mode feeds - sinkhole and DNS changer. We have added these feeds as a service to our subscribers to help them identify computers on their networks that are still infected by these forms of malware as by blocking these addresses on the NAT device makes it easy to identify the infected internal host from its IP address. The "research" popup for a DNS Changer IP address looks like this:

Read More

Share this:

Don't let your computers talk to countries they aren't allowed to

Many organizations are subject to government regulations such as ITAR or OFAC that prohibit any dealings with certain foreign nations. Many others have countries that they will not do business with for reasons of corporate policy - because of rampant piracy or fraud for example. However with the Internet it isn't always where another computer is located. At least not from the domain name it reports or the place a user fills in as contact address. This means that, wittingly or unwittingly, computers in any organization may be connecting with other computers in locations that they are legally forbidden to have any communication with.

Read More

Share this:

Blocking the LizaMoon ips

One thing we often note is that many bad IP addresses are recidivists. One day they are seen doing one bad thing, a week later they do something different. A good example are the various IP addresses implicated in the current LizaMoon SQL injection attack. Almost all the addresses were already known to us - in the 'Russian Business Network' feed at least - and some had quite a considerable history. Hence ThreatSTOP subscribers could have been protected against this attack, however not every ThreatSTOP subscriber will be using a block list with the RBN feed in it so we have also added the addresses to Emergency Feed which is downloaded by all our subscribers.

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter