Subscribe to ThreatSTOP feed
Updated: 2 hours 11 min ago

ThreatSTOP at RSA 2017

Thu, 02/16/2017 - 16:38

Hello again, San Francisco! We can’t believe it’s already the third day of RSA, but we’ve had a great time exhibiting and talking to attendees and partners about our newest product, Roaming Endpoint. (And our existing products, DNS and IP Firewall Services)

Bi-weekly Security Update 2/15/2017

Wed, 02/15/2017 - 22:00

Malicious content identified and inserted:

  • IPs – 1318
  • Domains – 323

Target list content updated:

  • TSCritical
  • TSRansomware
  • TSPhishing
  • TSBanking

ThreatSTOP Launches New Roaming DNS Protection Service at RSA

Tue, 02/14/2017 - 19:51

The Cyber Security Start Up’s Answer to Roaming Security

CARLSBAD, CA: Feb 8, 2017:  Cyber security company ThreatSTOP announced today a Cloud-based offering that quickly detects and automatically blocks DNS attacks on laptops outside a secured company network, without using external 3rd party DNS servers or requiring a VPN connection. This new SaaS offering, Roaming Endpoint, is ThreatSTOP’s answer to a growing mobile workforce, protecting devices when they leave the corporate network, anywhere and anytime.

Locky Back in Action

Thu, 02/09/2017 - 17:43

Locky, the infamous ransomware plaguing computers worldwide since it was first seen early last year, has recently made a comeback after a severe drop in activity over the holiday season. The Necurs botnet, which is Locky's primary distributor, was offline for the final weeks of 2016, equating to an 81% decrease in the number of Locky attacks.

CryptXXX Ransomware Spread Through SoakSoak Botnet: Two Big Actors As One

Tue, 01/31/2017 - 20:55

CryptXXX and SoakSoak are huge threats individually.

One Email: Countless Phishing Domains

Mon, 01/30/2017 - 22:42

We often analyze indictors of phishing-related compromise from These lists contain a large number of indicators, usually not all related to one campaign, but to countless ones that have already spread before the lists were updated.

dga updates

Thu, 01/26/2017 - 14:23

In December, we introduced a target list of more than 20 malware family DGAs provided by our friends over at 360 Research Team. Continuing their great work, we are happy to integrate 7 new malware DGAs:

The “TelePort Crew” Evolves from Carbanak

Tue, 01/24/2017 - 17:49

The "Digital Plagiarist" campaign, dubbed by researchers at the tr1adx team, was run by the "TelePort Crew” and appears to be an evolution of the Carbanak cybercrime group. This group is infamous for a large-scale campaign against banks, leading to the 2015 theft of hundreds of millions of dollars and the Carbanak/Anunak malware that targets point of sale machines.

Sure, Just a Threat Feed Works. Like Biden Without Ray-Bans.

Mon, 01/23/2017 - 19:18


Sure, just any old threat feed will do. Like those one-size-fits-all “I Heart NY” shirts in Times Square. Just like Chipotle without guac (if you’re obsessed with both Chipotle and guac, like me) or Caesar salad with no… dressing. Laverne without Shirley, Biden without Ray-Bans, or maybe the internet without a politically topical meme. I’m going somewhere with this…. I promise.

Bi-weekly Security Update

Thu, 01/19/2017 - 18:52

Bi-weekly Security Update

Malicious content identified and inserted:

  • IPs – 960
  • Domains – 1653

How much would you pay in bitcoin to watch that cat video?

Mon, 01/16/2017 - 22:00

Where do security professionals draw the line between protecting their company’s network, and delivering a free-range internet experience for their fellow employees? This quandary came up at ThreatSTOP recently, spurred by a support request we received from a customer who posed this very question to himself, his peers, and to us. It got us thinking, and made us wonder what the consensus is among security professionals who constantly wrestle with balancing the scales of security and user friction.

Switcher Android Malware - The Road From Android App to Hijacking DNS Server

Thu, 01/12/2017 - 19:13

One of the most recent campaigns highlighting the importance of router security is Mirai (The botnet that had large scale attacks by infected IoT devices). Even before this, reports emphasized the importance and vulnerability of these devices. For example, Report by Malware Researcher Kafeine revealed the use of an exploit kit aimed to exploit routers. This method showed Google Chrome users were redirected to a malicious server that loaded code designed to determine router models. (While changing the DNS servers configured to the router)

Crime As a Service: The Gritty Details & How to Prevent It

Thu, 01/12/2017 - 17:52


“Crime as a Service” (CaaS): It’s not just a recently ramped up buzzword, it has actual backing and won't quietly fade into the night anytime soon. It’s a service that has the potential to mature into a larger organizational unit, which is telling of the cyber security issues we’ll be up against in the future.

Paul mockapetris at namescon 2017

Wed, 01/11/2017 - 20:04

Come see the inventor himself, Paul Mockapetris, deliver the keynote presentation at NamesCon 2017:

Why Switch When You Can Keep the Service You Trust? Infoblox ActiveTrust vs. ThreatSTOP DNS Firewall Service

Wed, 01/11/2017 - 17:37


Received a notice from Infoblox lately?

If you’re a DNS Legacy Firewall customer, you’ve probably gotten a warning to migrate to ActiveTrust by end of January….. or else. However, that’s not the case. The Threat Intelligence/RPZ Feed you’ve been utilizing with Infoblox is a ThreatSTOP powered service and it’s still operational. We’ve also been developing and improving our product, now offering our new, Next Generation DNS Firewall Service to active subscribers without any added charges.   

Bi-weekly Security Update 12/21-1/3

Wed, 01/04/2017 - 18:15

Malicious content identified and inserted:

  • IPs – 1625
  • Domains – 4562

Target lists updated:

  • TSCritical (Domains and IPs)
  • TSRansomware (Domains and IPs)
  • TSPhishing (Domains and IPs) – New Targets added!
  • TSBanking (Domains and IPs) – New Targets added!

Operation Emmental\SmsSecurity

Thu, 12/29/2016 - 12:02

The evolving threats targeted at mobile devices and the increasing number of campaigns targeted at financial institutions have joined forces and become a double threat in what have become known as the  The Emmental campaign. 

who can you trust? the danger of false positives in threat intelligence

Wed, 12/28/2016 - 23:31

Everyone knows you need to block the bad stuff from getting onto your network and calling home to its masters. However, what happens when something good gets incorrectly flagged as malicious? You’ve been hit with a false positive, and in some cases, this can be just as bad as letting something truly dangerous get through.

ThreatSTOP security team is proud to present - Banking Malware Targets

Tue, 12/27/2016 - 09:39

Banking Malware steals millions of dollars from both personal and business accounts in the United States every year. Personal accounts are insured by federal banking regulations, but businesses are less protected.