Enterprise-Grade Threat Intelligence APIs, Tools, and Services
Joined on August 13, 2019
Total Post Views: 414,055
About |
Threat Intelligence Platform (TIP) offers easy to use threat intelligence tools, services, and APIs to get detailed information about hosts and the infrastructure behind them. Gathering data from different providers, utilizing our substantial internal databases (compiled for 10+ years), and also real-time host configuration analysis, our threat intelligence solutions provide an in-depth look at target hosts and are an essential addition to any threat detection toolkit.
Except where otherwise noted, all postings by Threat Intelligence Platform (TIP) on CircleID are licensed under a Creative Commons License.
Malwarebytes Labs recently published a report on the latest Nitrogen malware campaign that has been targeting system administrators using fake ads in the guise of Google sponsored search results. According to the security analysts, the victims are currently limited to North America. more
Glupteba, an advanced piece of malware, has been used in several cybercriminal attacks for more than a decade now. But Palo Alto's Unit 42 only brought to light one of the features that made it so effective - its Unified Extensible Firmware Interface (UEFI) bootkit component, which allowed it to intervene and control the operating system (OS) boot process and be extremely difficult to detect and remove, last November 2023. more
In the past, DarkGate attacks were either lumped together with or classified as BattleRoyal remote access Trojan (RAT) attacks. Recent evidence, however, showed the two malware are not one and the same. more
The OilRig cyber espionage group that goes by many names, including APT34, Crambus, Lyceum, and Siamesekitten, launched a long-term intrusion against a Middle Eastern government agency that ran from February to September 2023. more
The Log4Shell zero-day vulnerability, also known as "CVE -- 2021 -- 44228," proved to be one of the worst bugs disclosed in December 2021. And while a patch for it has been made available via the Log4j 2.17.1 release seven days after its discovery, some affected systems could remain vulnerable to date. more
RedLine Stealer seems to have stolen cybercriminals' hearts as its usage has continued despite cybersecurity efforts to thwart it. Researchers have published reports about the stealer in the past, but its operators may have updated their arsenal with new domains and IP addresses to evade detection and consequent mitigation. more
Phishing campaigns almost always require a massive volume of domains in order to succeed. Phishers, after all, need to have readily weaponizable vectors at their disposal in case the ones they're currently employing get detected and consequently blocked. more
Phishers the world over have been patronizing and utilizing the 16shop phishing kit since at least 2018. The kit's users have been known to steal data and money from the customers of some of today's biggest brands, including Amazon, American Express, and PayPal. more
We began our analysis by subjecting the domains identified as IoCs to Threat Intelligence Platform (TIP) lookups. Those allowed us to uncover these WHOIS record findings. more
On 12 June, the DFIR Report published an in-depth analysis of a Truebot intrusion that began with several page redirects via a Traffic Distribution System (TDS) and ended with dropping a Master Boot Record (MBR) killer wiper onto a victim's computer. The result? more
Threat actors are quite adept at changing tactics once the cybersecurity community or law enforcement catches up to them. That is evident in the recent resurgence of malvertising though no longer through users' browsers as in the past. more
Ever wondered where the personally identifiable information (PII) phishers steal from victims end up? More likely than not, they're put up for sale on the ever-growing number of online stolen card shops. more
Ransomware gangs are now a dime a dozen. But in reality, victims rarely engage directly with their members. They are, in fact, more likely communicating with what the cybersecurity community has dubbed "ransomware affiliates" who earn as much as 75% of the ransom payment. more
Security researcher Dancho Danchev discovered a portfolio of domains and IP addresses used by known threat actors in ransomware campaigns. The said portfolio consists of 62,763 domain names and 810 IP addresses. We analyzed a sample of these malicious properties using TIP and found that: more
As a New Year treat, Threat Intelligence Platform (TIP) researchers decided to look back at some of the most newsworthy cybersecurity incidents in 2022 - the Revolut Data Breach, the series of attacks launched by Lapsus$, and a newly detected PayPal phishing tactic. more
Black Friday and Cyber Monday are two of the most-awaited shopping events each year. That said, they have also become favored scammer targets for the most ingenious campaigns designed to part shoppers with their cash or, worse, identities. more
More sophisticated BazarCall campaigns have been circulating and delivering ransomware entry points to victims. While the bait still involves urgent notification emails about nonexistent purchases or subscriptions, the subsequent phase highlights the threat actors' manipulative skills. more
Cracks and keygens have long been a problem for software vendors in that they allow users to install their products without needing to pay for a legitimate license. As the Internet and website development advanced and became more accessible, the number of sites offering software cracking tools grew. more
Just as software and hardware vendors push upgrades and updates for their products and services to stay secure against the latest threats, so do threat actors work as fast as possible to stay abreast of OS and version modifications. That's exactly what the XCSSET malware operators have done for their campaigns targeting macOS users to continue working. more
Threat actors have found a way to make phishing websites appear more legitimate by employing chatbots. The newly discovered tactic starts with an email about a delivery from DHL. more
It is quite natural to get prompts from software manufacturers saying you need to update your installed apps every so often for better security or to fix bugs. But you should know, too, that threat actors often use program update notifications as malware distribution vehicles. more
Actinium/Gamaredon, reported as a Russian advanced persistent threat (APT) group that has been active for almost a decade now, had started trailing their sights on Ukrainian organizations back in February 2022. more
Many countries worldwide celebrate Safer Internet Day every February 8. And while most parents always strive to do their best to keep their children safe while browsing the Web, threat actors still manage to abuse their good intentions. How? more
A Domain Name System (DNS) blackhole is essentially a DNS server that gives false results for domain names. Also known as a "sinkhole server," an "Internet sinkhole," or a "DNS sinkhole," threat actors sometimes use DNS blackholes to redirect users to potentially harmful sites or pages. more
In 2020, reports say 94% of malware were delivered via email. Phishing remains a threat, as it accounts for more than 80% of security incidents that can cost victims almost US$18,000 per minute. more
Organizations that don't have a dedicated pool of cybersecurity experts often hire managed security service providers (MSSPs) to help them ward off attempts and attacks. Yet in today's ever-dangerous cyber threat landscape, even the best service providers may fall for cybercriminals' traps. more
The threat landscape is ever-changing. As time goes by, threat campaigns use new and more sophisticated technologies than seen before. Still, some reuse tried-and-tested methods while adding a few other functionalities, as in the case of FTCODE ransomware operators. more
For 16 months, PayMyTab, a third-party payment provider, leaked the private data of customers who dined in a U.S. restaurant when it failed to follow a simple yet essential security protocol. more
John Paul Revesz (also known as "Armada"), the Canadian behind the Orcus RAT (a software that been used in various malware attacks), has been charged under Section 342.1 of the Criminal Code on November 8. The specific section is for the unauthorized use of a computer, and at its core, this is what Revesz's Orcus software does. more
What was supposed to be an exciting week after the launch of Disney+, a subscription-based video-on-demand (VOD) streaming service of Walt Disney Company, turned into a nightmare for thousands of users. more
Highly publicized ransomware attacks are never short of golden nuggets of wisdom for the cybersecurity industry. They first teach us that attackers control the rules of the game once infiltration is complete. Second, large enterprises that use cloud-based technologies to store sensitive financial information continue to be at risk. more
NordVPN admitted last month that its data center located in Finland was hacked on March 5, 2018. While the virtual private network (VPN) service provider claimed it learned of the incident as early as April 13, 2019, it only confirmed the compromise last month after reports that its expired Transport Layer Security (TLS) certificate and its private key were leaked. more
Major healthcare providers suffer a lot from breaches, both from a legal and financial standpoint. Aside from patient lawsuits, they also face severe penalties imposed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). more
The most common method by which PoS malware infects hosts is through insider threats and phishing. A knowledgeable employee may install the malware on card-reading machines or retrieve higher-ups' access credentials by guessing username-and-password combinations. more
We are currently seeing a trend toward the adoption of security orchestration, automation, and response (SOAR) tools that shouldn't waver in the coming years. Research firm Gartner who coined the term has predicted that by the end of 2022 30% of organizations with security teams larger than five people will make SOAR tools part of their operations. more
Cloud-based technologies are effective means to gain visibility into the IT challenges faced by organizations. Adopting them enabled infrastructure-as-a-service (IaaS) providers to increase client uptime, security, and compliance, all the while giving more flexibility to scale up or down to respond to opportunities and challenges on time. more
More and more businesses contend with rising cybersecurity threats. The mounting numbers are pressuring managed service providers (MSPs) to employ sophisticated tools to secure each of their client's systems, network architectures, and confidential information. more
Businesses today have to deal with cybersecurity issues daily. Recent trends show an ever-increasing number of hacked networks and breached data. Studies also show that those victimized often have weak cybersecurity measures in place, forcing them to spend more on resources to combat oncoming attacks. more
Today's sophisticated threats present enormous risks for any business. The more connected a company is, the more prone it is to cyber attacks. Enterprises need to devise ways to protect the integrity of their data and ensure that their systems are safe from cyberthreats. more
In the first half of 2019 alone, several data breaches have already exposed as many as 4.1 billion personal records. We've seen even industry giants and low-key players alike succumb to all kinds of data compromise. more
Have you ever heard of Lake City Quiet Pills? It refers to a mysterious site that first made waves on Reddit in 2009 and has since resurfaced. What Is Lake City Quiet Pills? more
Outsourcing security monitoring and management has become a practical option for organizations that lack the budget to take care of their own threat detection and incident response needs. As such, small and medium-sized businesses (SMBs) are turning to external security providers. more
There is a misconception that threat intelligence is something that only specialists in the cybersecurity field can analyze and understand. In truth, threat intelligence is a good resource that can be of use in any cybersecurity role. It is something that anyone who cares about or works toward network security will find beneficial. more
Security information and event management (SIEM) solutions are an excellent way to get incident data from an organization's network and put them all in one place. But as a network's complexity grows, so do the problems these SIEM vendors face with regard to providing the right products to clients. more
Two-factor authentication (2FA) is an essential safety measure that stops unauthorized access to an account. It was invented to provide an additional layer of security to the usual log-in procedure of providing one's username and password, which is now considered by many as obsolete and unsecured. more
Security solutions are not made equal. Some are better than others when it comes to providing overall protection, but most will require you to buy an entire suite that's enough to break the bank just so you'd feel safe from cyber attacks. So what are you to do if your budget just isn't big enough to afford all-around protection? more