Subscribe to ThreatSTOP feed
Updated: 2 hours 6 min ago

Bi-Weekly Security Update 6/22/2017

Thu, 06/22/2017 - 22:11

Astrum EK: The Star of the AdGholas Campaign

Wed, 06/21/2017 - 23:03

Astrum Exploit Kit, also known as Stegano, was (until recently) exclusively used in the massive AdGholas malvertising campaign, where it distributed several types of malware, including Ursnif and RAMNIT. The AdGholas campaign, discovered in the summer of 2016, was notable for its use of steganography to hide malicious JavaScript code in ads that redirected victims to a cloned version of a legitimate website.

Terror EK Fails to Scare

Tue, 06/20/2017 - 18:14

After the fall of the popular Angler and Neutrino exploit kits, several different exploit kits have been vying for dominance in the resulting power vacuum.

Jaff Ransomware Is Nothing to Laugh About

Thu, 06/15/2017 - 20:42
Jaff ransomware is very similar to other "standard" ransomware in its use of AES encryption to encrypt its victim's files. It’s attributed to the creators of Dridex, Locky and Bart, and has been spreading in high volume through the Necurs botnet.

Steam Stealers Game the System

Wed, 06/14/2017 - 19:54


Bi-Weekly Security Update 6/9/2017

Fri, 06/09/2017 - 17:00

Malicious Content Identified and Inserted:

New Botnet Targets and more

Thu, 06/08/2017 - 14:12


ThreatSTOP's Security team is adding multiple new cybercrime threat trackers to our expert and standard lists. These lists will better help our customers against various sources of cybercrime. 

Darktrack on Track to Success

Wed, 06/07/2017 - 21:26

Darktrack received some publicity in late 2016 for being a free Remote Access Trojan (RAT) that was comparable to some of the top commercially available RATs. Darktrack has the ability to access a victim's webcam, microphone, files, and passwords. It can also execute commands on infected machines, and make infected computers participate in DDoS attacks.

Irena Damsky Speaking About WannaCry at M3AAWG's 40th General Meeting

Wed, 06/07/2017 - 00:04

Come see our Sr. Director of Security Research, Irena Damsky, break down WannaCry's timeline and give an overview of what happened at M3AAWG's 40th General Meeting on Tuesday, June 3rd, 17:30 - 18:30, in Lisbon, Portugal.


The Agile Mole

Mon, 06/05/2017 - 19:40

Ransomware, to this day, is one of the major threats to individual users seen on a daily basis in the form of malspam. Recently, researcher Brad Duncan published to a report on a piece of ransomware called Mole. Distributed by malspam that spoofs United States Postal Service (USPS) status updates, the malware gains privilege escalation and encrypts user data.

OilRig: Another Attack Wave Hits

Tue, 05/30/2017 - 20:58

Another attack wave directed at Israeli Organizations was reported by Morphisec and Palo Alto Networks on April 27th. OilRig was initially discovered in May 2016, after two attack waves targeting financial institutions and technology organizations in Saudi Arabia were detected. OilRig is attributed to an Iranian APT cyber group, its namesake stemming from the Farsi word "Nafti," (Oily) also hardcoded into a number of analyzed malware samples discovered in 2016.

SambaCry Vulnerability Announced, Patches Released

Fri, 05/26/2017 - 22:09

On 26, May 2017 in cooperation with SerNet released a security advisory for all versions of Samba.

Bi-Weekly Security Update 5/25/17

Thu, 05/25/2017 - 20:54

Enhancing Protection Against Tor

Wed, 05/24/2017 - 16:49


In the past week, we decided to enhance the protection we offer via our Anonymous Networks target, and discussed the use of VPN and Tor to bypass network security. Up until today, we primarily only blocked Tor exit nodes. However, we decided that this target should not only block Exit nodes, but also Guard and Middle relays. Here, we explain how TOR works and what changes were made to the target.

Mo EK Domains, Mo Security Mo Better

Tue, 05/23/2017 - 14:11

Our Security team, working diligently to keep your data safe, has added more Exploit Kit (EK) sources to our Driveby Domains target. We are happy to announce the addition of domains from the BlackHole Exploit Kit.

ThreatSTOP Tools & Action For Visibility Fighting Ransomware & WannaCry

Wed, 05/17/2017 - 23:36

Protecting and empowering our valued customers is always a top priority at ThreatSTOP. Today, we're taking additional action to deliver better protection and greater visibility related to the WannaCry ransomware attack.

Operation Cloud Hopper Jumps Into View

Wed, 05/17/2017 - 18:08

Operation Cloud Hopper, uncovered by researchers at BAE Systems and PwC, was a cyberespionage campaign by APT10 (also known as Red Apollo and the menuPass Team) that targeted IT managed service providers (MSPs) in order to steal their clients' corporate data.

This past weekend made all of us WannaCry

Sun, 05/14/2017 - 14:38

On May 12th, an outburst of a new Ransomware named WannaCry (aka WannaCrypt, WCry) took place. This ransomware, spread wildly and in a short amount of time infected over 100K victims in over 99 countries utilizing the MS17-010 Vulnerability. The following image from the live infection map demonstrates how big the impact of this campaign had been over the past 24 hours.