<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">


Solarwinds, Fireeye, and You

The latest headliner in cybersecurity news is the recently disclosed compromise of FireEye, The US Government, and many others that was brought about by a backdoor discovered in a widely installed set of network tools from Solarwinds.

What we know so far reveals a sophisticated, long term, and well-funded campaign that was likely backed by a nation's resources rather than some run-of-the-mill cyber criminal enterprise.

Read More

Share this:

How to Work Towards Better Whitelisting


One of the key problems in threat intelligence is curating whitelists of infrastructure and domains that should never be blocked. Just recently, a government CERT distributed lists of IoCs that included private IP addresses that just are not useful for analysts and hunt teams. At best, it creates wasted time and effort. At worst, key infrastructure is blocked and there is business impact and/or loss of revenue.

Read More

Share this:

ThreatSTOP Premium Feed Spotlight Series: Level Up Your Protection with ThreatSTOP NOD, Powered By Farsight

One of the chief problems in cybersecurity is the inherent reactivity of most forms of defense. An attack has to be observed, analyzed and reverse-engineered. THEN, protection can be developed. This means attackers are successful, and inside environments, for a period of time before the attack is noticed, before the indicators for that attack can be extracted, and before a policy can be disseminated to stop it.

There has been a wide variety of research in recent years around this problem. How to speed up the cycle to recognize attacks and to potentially get out in front of attackers to block them before the attacks start. Both my own PhD research and other researchers have noticed that one attribute that is overwhelmingly an indicator of maliciousness in DNS is “newness,” that is to say, the newer a domain is, the more likely that it is bad. More importantly, when a domain is new and otherwise benign, it is rarely in meaningful use except by the organization that’s setting up whatever will go there.

Read More

Share this:


see all


  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter