<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

ThreatSTOP Free Open Source Analysis Tools Series. Part 1: Why Use IOCs?

Posted on July 17, 2019 by Ofir Ashman Leave a comment

Welcome To Our New Weekly Series, Free Open Source Analysis Tools.

This Week's Topic: Free Open-Source Analysis Tools, Why Use IOCs?

Throughout this series, we'll be talking about a Security Analyst’s IOC analysis journey. From discovering relevant indicators and performing the analysis, to finding enrichments and new IOCs. We will also share recommendations for free open-source analysis tools and use cases completed by ThreatSTOP's Security and Research Team, showing how to utilize the various platforms and tools. Let's get started.

Read More

Share this:

ThreatSTOP Offering More Policy Customization with New Threat Severity Levels

Posted on July 02, 2019 by Steve Wallace Leave a comment

ThreatSTOP will be implementing changes to our severity labels to be consistent and clearer throughout our policies. We are not changing the policies themselves. Some targets, however, will have different severities and that may impact the volume of alerts you see in your portal account. Accordingly, we wanted to communicate those changes and the rationale behind them.

Read More

Share this:

Riltok Mobile Banking Trojan Stealing Credit Card Information with Phishing Ads

Posted on June 28, 2019 by Ofir Ashman Leave a comment

Riltok is a mobile banking Trojan that uses mobile phishing pages to steal credit card information from its victims. Discovered in 2018, Riltok started out solely attacking Russian targets, yet it quickly began attacking victims in other European countries as well. The Trojan is spread via malicious SMS messages, which contain links that direct the victims to a fake website posing as a popular free ad service.

Once on the website, victims are prompted to click and download the Trojan, disguised as the ad service’s mobile app. If downloaded, Riltok connects to its C&C server to exfiltrate device data, and opens a fake Google Play screen or phishing page in a browser, requesting the victim’s bank card details.

Read More

Share this:

Getting Real (SMB) Value From Threat Intelligence

Posted on June 26, 2019 by Joe Dahlquist Leave a comment

You’ve probably heard of Threat Intelligence, it's all the rage and all the cool kids are doing it… where’ve you been? Threat Intelligence, or “TI,” is everywhere and in everything, and it can be cool, but it can also be slippery and confusing and complex and a huge waste of time and resources depending on what you do (or don’t do) with it. In this post, we’re going to make a bunch of snarky statements about Threat Intelligence, and we’re going to spill the tea on how you (as a small or medium sized business) can use it and actually get some security value in return.

Read More

Share this:

US Heightens Online Attacks on Russian Power Grid: How DNS Can Protect Critical US Infrastructure

Posted on June 17, 2019 by John Bambenek Leave a comment

In retaliation for ongoing attacks against US interests and to be a deterrent against future cyberattacks, the United States has been penetrating Russian power and industrial systems according to recent reporting in the New York Times. There have been multiple articles about attacks on critical infrastructure and attempts to penetrate systems in this space. In the US, no breach has been reported to lead to a wide spread outage, but there has been an increasing level of concern.

Read More

Share this:

Upgraded JasperLoader Infecting Machines with New Targets & Functional Improvements: What You Need to Know

Posted on June 05, 2019 by Ofir Ashman Leave a comment

 

A few months ago, JasperLoader (a new malware loader) emerged, infecting systems with various malware payloads, such as the Gootkit Banking Trojan. After a short, initial campaign, the threat actors behind the malware halted their activity and JasperLoader went off the radar for a while. However, since late May, a new and upgraded version of JasperLoader has been spotted infecting machines across Europe.

Read More

Share this:

Quest Diagnostics Breach Exposes Millions: Highlights Importance of Automating Threat Intelligence & Security Layers

Posted on June 04, 2019 by John Bambenek Leave a comment

Quest Diagnostics, a large medical diagnostic and laboratory services provider, has been breached, potentially impacting tens of millions of patient records. In accordance with HIPAA, fines can range from $100 to $50,000, per record lost, if there was non-compliance. This means, at a minimum, Quest could be fined $1.2 billion dollars if they are found to have violated HIPAA. Increasingly, other regulatory regimes are imposing fines for lost records, as well. While we don’t yet know in detail how this happened, there are some important points to consider.

 

Read More

Share this:

How ThreatSTOP's Security Research Team Uses Data to Create Targets & Block Suspicious Traffic

Posted on June 03, 2019 by John Bambenek Leave a comment

One of the challenges in threat intelligence is taking the massive amount of data we have about the threat landscape and distilling it into its most relevant components. A huge part of the reason for growth in data science (and in cyber security specifically) is habitually struggling with too much information. (With some exceptions) With this roadblock, it’s a challenge to focus in on the data that’s truly relevant.

Read More

Share this:

Georgia Tech Data Breach: How to Keep Information Secure in Open University Environments

Posted on May 28, 2019 by John Bambenek Leave a comment

Georgia Tech recently notified almost 1.3 million people about a potential breach of sensitive data, and in some cases, including a social security number. Over a four month period, there was a vulnerable server that allowed people to enumerate records on a back-end database, allowing the exfiltration of sensitive information. While universities are seen as more open environments, they do have sensitive information they have to protect.

Read More

Share this:

How to Mitigate Microsoft Windows Zero-Days Exploiting Enterprises & Giving Attackers Control

Posted on May 24, 2019 by John Bambenek Leave a comment

 

On top of the RDP vulnerability out there, additional Microsoft Windows zero-days are out there, which can exploit enterprises and give attackers full system control. The RDP vulnerability had the potential to be used in a WannaCry like worm. 

Read More

Share this:

Home Page

Partners

Blogroll

ARCHIVES

see all

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter