Threat Intelligence

Sponsored
by

Noteworthy

Domain Research and Monitoring: Keeping an Eye on the Web for You

Reverse WHOIS: A Powerful Process in Cybersecurity

WHOIS History API: Powering Domain Investigations

Threat Intelligence / Industry Updates

Sifting for Digital Breadcrumbs Related to the Latest Zoom Attack

Threat actors have been targeting Zoom and its users since the platform's launch, and it's easy to see why -- the latest stats show it accounts for 3.3 trillion annual meeting minutes worldwide. It's not surprising, therefore, that cyber attackers trailed their sights yet again on the communication app. more

Cloud Atlas May Hide Their Tracks but 1,800+ Unpublicized Artifacts Can Help Orgs Tag Them

Cyber espionage group Cloud Atlas has been trailing its sights on critical infrastructure operators in countries suffering from political conflict since its discovery in 2014. Aptly nicknamed "Inception," the group's tactic of going after nations with bigger problems than cybersecurity seems to be working, as evidenced by successful intrusions over the years. more

Exposing Chat Apps Exploited for Supply Chain Attacks

As far back as September 2022, Trend Micro reported that threat actors began exploiting chat apps Comm100 and LiveHelp100 to launch supply chain attacks. In a bid to help potential targets curb the problem, they publicized nine indicators of compromise (IoCs), specifically command-and-control (C&C) server addresses. more

From Data Breach to Phishing to Lapsus$: Cyber Attacks That Echoed in 2022

As a New Year treat, Threat Intelligence Platform (TIP) researchers decided to look back at some of the most newsworthy cybersecurity incidents in 2022 - the Revolut Data Breach, the series of attacks launched by Lapsus$, and a newly detected PayPal phishing tactic. more

Uncovering Other DarkTortilla Threat Vectors

As an age-old digital threat, phishing just continues to grow in sophistication over time, as DarkTortilla showed. Cyble Research and Intelligence Labs (CRIL) published a technical analysis of the threat specifically targeting Cisco and Grammarly. Are there other potential threat vectors, though? more

RedLine Stealer: IoC Analysis and Expansion

For roughly US$100, threat actors can purchase RedLine Stealer, a malware-as-a-service (MaaS) program first detected in March 2020 that continues to wreak havoc to this day. The malware can steal information from infected devices, including autocomplete and saved information on browsers. more

Own a Facebook Business? Beware of Ducktail

WithSecure recently unveiled a malicious campaign dubbed "Ducktail," which trailed its sights on Facebook business owners and advertisers. Believed to be run by Vietnamese operators, Ducktail uses malware to steal data from victims and hijack vulnerable Facebook business properties. more

Is Aurora as Stealthy as Its Operators Believe?

Stealth is a typical goal for most threat actors when launching malware and other attacks. The better hidden a malware is, the more effective an attack becomes. And that is what fast-rising data stealer Aurora is gaining notoriety for. more

Exposing the New Potential Ways Royal Ransomware Gets Delivered

DEV -- 0569, a threat actor Microsoft has been monitoring, was recently observed deploying Royal ransomware via pages posing as legitimate software download sites and repositories, among other stealthy tactics. He has so far used fake download sites for Adobe Flash Player, AnyDesk, Zoom, and TeamViewer in phishing emails and domains. more

WhoisXML API Launches Regulation-Specific IP Data Feeds

WhoisXML API's IP intelligence now includes Regulatory Compliance IP Data Feeds available as separate IP geolocation and IP netblocks files. These data feeds are filtered to only provide the IP geolocation and ownership data of IP addresses from sanctioned or restricted locations as specified by different regulatory authorities. more