InfoSec Articles (01/07/20 – 01/21/20)
Articles from the last couple of weeks reveal news about cyber threats targeting the electric utility industry and hackers boring into the gas company industry. And with the events in and around Iran, there were concerns on widespread cyber attacks that could happen....Threat Intelligence: Essential For Your Cyber Defenses
Cyber risk is growing while confidence in internal defense resilience declining. According to Microsoft’s 2019 Global Cyber Risk Perception Survey, cyber security is a top 5 business concern for 79% of companies globally (and the top risk for 22% surveyed). Threat...Palo Alto MineMeld Configuration Guide
Palo Alto MineMeld is an extensible Threat Intelligence processing framework and the multi-tool of threat indicator feeds. MineMeld can be used to collect, aggregate, and filter indicators from a variety of sources make them available for consumption to peers or the...Postpassword Security with FIDO2
Welcome to the dawn of the post-password world. Multifactor authentication orbits it and two-factor authentication is just a short ride away. A new adoption campaign has launched, and it’s bound for broad enablement of FIDO2. FIDO2 will be the first stop after...Synergistic Malware Threats
It’s easy to focus on the different kinds of malware threats. Data exfiltration, phishing, ransomware, Trojans, cryptomining and all the other threat vectors present sufficient challenges to cyber security teams. But the reality on the ground is more complicated,...Tips for Establishing Your Security Program
(And How the Cyber Insurance Industry May Help You for Free) I won’t keep you waiting. Before you get too excited about that free assist from the cyber insurance industry, let me be clear: it won’t, directly. But that’s no problem. Resourcefulness benefits any...Command and Control Servers: Fundamentals and a Few Details
Few topics in current cybersecurity generate as much press as command and control servers (C2s). They enable the cybercrime that often affects companies and individuals far outside the IT industry.
Whitelisting for Block Lists
Malware Patrol’s #1 goal is to protect customers from malware and ransomware infections. These days, this can mean blocking mainstream domains. Consequently, our customers report potential false positives for sites like docs(.)google(.)com, drive(.)google(.)com,...Is Online Privacy the Next Phase of Globalization
Google’s first privacy fine post-GDPR sounds substantial. $57 million could certainly buy a first-class infosec infrastructure for a medium-sized company and keep many payrolls rolling out for years to come. But bear in mind that relative to Google’s earnings...Phishing’s Next Wave: AI-Enabled Tactics for Attackers and Cybersecurity Pros
Cybercrime steals an estimated $600 billion from the global economy every year. In the next several years we can expect that number to reach well into the trillions.Phishing and spear phishing open most cybercrime attacks. At this point it’s as old as cybercrime...Phishing: The Tide Is Still Coming In
In cybersecurity the familiar is dangerous. Because of this, we must qualify what we “already know†and refresh our knowledge. Without this attention, cracks in the system grow until huge threats can fit through and shatter that complacency, along with business...Reputation Jacking: Unknown Threats on Well-Known Sites
Threat actors place malicious content on trusted sites to gain access to user’s devices and spread malware. Instead of an outside attack, they wait for the victim to download software from a trusted source or otherwise insinuate themselves into a normal operation.
SpamAssassin Configuration Guide
Malware Patrol provides block lists compatible with SpamAssassin. “Apache SpamAssassin is the #1 Open Source anti-spam platform giving system administrators a filter to classify email and block spam (unsolicited bulk email). It uses a robust scoring...Why choose Malware Patrol over a free DNS protection service?
Customers and prospects have approached us recently with questions similar to this: why should we choose Malware Patrol instead of a free DNS protection service? The question is fair, especially in a market that counts with, at least, 93 different offers of free DNS,...Accessing threat data on AWS S3 buckets
Malware Patrol provides some of its threat data feeds via Amazon / AWS S3 buckets. Among the feeds are the “Malware Samples (Binaries)” and the “Bitcoin Transactions (JSON format)”. Amazon Simple Storage Service has a simple web services...Malware Patrol – Protection Against Crypto Mining Abuse
Cryptocurrency mining as a service is a growing website monetization trend, especially popular on gaming and torrent sites, in which a JavaScript code utilizes the visitor’s CPU for cryptocurrency mining purposes. While promoted as an alternative to online ads,...DNS RPZ Firewall Configuration Guide
BIND is the world’s most used DNS server and can be configured as a DNS Firewall using RPZ files (DNS RPZ). Response Policy Zone (RPZ) enables DNS administrators to selectively block name resolution of Internet resources known to be used by cyber...Cisco ASA FirePOWER Configuration Guide
“With Cisco ASA with FirePOWER Services, you consolidate multiple security layers in a single platform, eliminating the cost of buying and managing multiple solutions. This integrated approach combines best-in-class security technology with multilayer protection...Spoofed DDoS Attacks and BCP 38
The majority of recent DDoS attacks utilize source address spoofing techniques. These spoofed DDos attacks complicate mitigation efforts and hide the IP address of the originating system. It happens with TCP SYN floods as well as UDP amplification and reflection...DDoS: What is a Reflection and Amplification Attack?
 Updated on 06/13/2022 DDoS – What is it? A distributed denial-of-service (DDoS) attack is a type of cyber attack in which a malicious actor seeks to disrupt normal traffic of a targeted server, service, or network by overwhelming it with traffic. Brand...Popular Domains Hosting Malware
Malware Patrol has maintained a database of malicious URLs and IOCs since 2005. We often receive emails from our users about “popular” and “important” domains being present in our block lists and data feeds, and that this must be a mistake....Role of DGAs (Domain Generation Algorithms) in Malware and Ransomware Campaigns
The vast majority of active malware and ransomware families include some sort of communication with command and control systems (C&Cs). This connection allows them to receive instructions, such as which institutions to target, the encryption keys for ransomware,...pfBlockerNG Configuration Guide
Malware Patrol provides block lists compatible with pfBlockerNG, a package for pfSense version 2.x that allows the usage of custom block list, IP filtering, and country block functionalities.InstructionsYou can follow these simple steps to configure your pfBlockerNG...Comparing Protection Mechanisms
In a market full of products and services that promise to solve the most varied security threats, it is important to put solutions into perspective, understand what they really deliver and never forget that no single vendor can protect from all threats.