Budget season is upon us, and everyone in your organization is vying for their slice of the pie. Every year, every department has a pet project that they present as absolutely essential to profitability, business continuity, and quite possibly the future of humanity itself. And no doubt that some of these actually may be mission critical. But as cybersecurity professionals, we understand that
The Hacker News – Read More
Unauthorized activity detected on the Washington courts network, which led to websites and other services becoming unavailable.
The post Cyberattack Blamed for Statewide Washington Courts Outage appeared first on SecurityWeek.
SecurityWeek – Read More
INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation.
Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure.
“Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59
The Hacker News – Read More
South Korea’s privacy watchdog has fined Meta 21.6 billion won ($15 million) for illegally collecting sensitive personal information from Facebook users.
The post South Korea Fines Meta $15 Million for Illegally Collecting Information on Facebook Users appeared first on SecurityWeek.
SecurityWeek – Read More
Georgia Tech researchers have developed PLCHound, an algorithm that uses AI to improve the identification of internet-exposed ICS.
The post PLCHound Aims to Improve Detection of Internet-Exposed ICS appeared first on SecurityWeek.
SecurityWeek – Read More
Welcome to ANY.RUN‘s monthly updates, where we share our latest achievements and improvements.
October has been another productive month here at ANY.RUN, filled with new features to enhance your cybersecurity toolkit. We’ve introduced TI Lookup Notifications for real-time threat updates, rolled out a newly improved Linux sandbox for smoother malware analysis, and added the ability to export STIX reports for seamless data sharing.
In addition, we’ve expanded our detection capabilities with a range of new signatures and YARA rules, empowering you with even stronger threat coverage.
And that’s just the beginning!
Let’s dive into all the exciting updates from ANY.RUN this month.
At ANY.RUN, we’re always working to improve our services, and this time, we’ve focused on making our Linux sandbox even better. This upgrade brings a seamless, stable experience on par with our Windows environment, making it easier than ever to analyze Linux malware in real time.
We’ve fine-tuned the Linux sandbox with new features and enhancements to boost both performance and usability. Here’s a quick overview of what’s new and how these updates benefit you:
See all updates in our blog post.
In October, we enhanced ANY.RUN’s capabilities by introducing the option to export threat analysis data in the Structured Threat Information eXpression (STIX) format. STIX is a standardized language that facilitates consistent and machine-readable sharing of cyber threat intelligence.
Key features of STIX reports:
Discover all types of reports available in the ANY.RUN sandbox.
We have enhanced Threat Intelligence Lookup with Notifications. The new functionality allows users to subscribe to real-time updates on new results related to their specific queries. This includes Indicators of Compromise (IOCs), Indicators of Attack (IOAs), and Indicators of Behavior (IOBs).
After subscribing to specific queries, the new results will appear in the dashboard, highlighted in green. This will make it easier for you to notice the fresh updates.
Why use Lookup Notifications?
See a guide on how to set up notifications in TI Lookup.
We’ve introduced a new feature that allows you to export analysis session lists from your team’s history in a specific JSON format. This export provides a structured list of all sandbox sessions completed by your team.
This feature is designed to help with record-keeping and reporting, making it easier to manage and track your team’s activities over time.
We’ve added the ability to set custom tags for sandbox sessions via the API. Previously, you could assign personalized tags to sessions through the web interface, in addition to the system-generated tags. Now, you can do the same directly through the API, giving you more flexibility in organizing and categorizing your analyses.
We’ve redesigned our Threat Intelligence home screen to give you a clearer and more intuitive view of the threat landscape.
The updated home screen now features a MITRE ATT&CK matrix with refined techniques and tactics, helping you better assess and understand threats.
In October, we’ve significantly expanded our detection capabilities with new and updated signatures and YARA rules.
This month, we’ve added 90 new signatures to improve detection and monitoring across various malware types and tools, including:
We added signatures for actions performed via PowerShell:
We also implemented detection for Pafish, aka Paranoid Fish, execution with cohost.exe as a parent process, and encrypted JSE scripts.
This month, we’ve expanded our YARA rule set with several new and improved detections, enhancing the ability to identify and monitor specific threats.
In total, we’ve added 9 new YARA rules, covering various malware families, programming language-based detections, and refinements for better accuracy.
In October, we worked to enrich our database with phishing IOCs, leveraging advanced data analysis within TI Lookup. This effort led to the identification of nearly 6,000 domains, each generating a dedicated Suricata rule.
Most of the rules are now live, strengthening our phishing detection capabilities.
We also expanded our catalog of detected phishing kits with the addition of Mamba2FA, enhancing our overall threat coverage.
Our external threat intelligence this month focused on proactively detecting phishing campaigns by groups like Storm, allowing us to better track and respond to their evolving tactics.
This month, our phishing detection capabilities have been enhanced with advanced heuristics and proactive signatures. Here are some examples of recent detections:
ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, Yara Search and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.
With ANY.RUN you can:
Request free trial of ANY.RUN’s products →
The post Release Notes: TI Lookup Notifications, Upgraded Linux Sandbox, STIX Reports, <br>and More appeared first on ANY.RUN’s Cybersecurity Blog.
ANY.RUN’s Cybersecurity Blog – Read More
Meta has been fined 21.62 billion won ($15.67 million) by South Korea’s data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent.
The country’s Personal Information Protection Commission (PIPC) said Meta gathered information such as
The Hacker News – Read More
Google’s cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security.
“We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025,” Mayank Upadhyay, vice president of engineering and distinguished engineer at
The Hacker News – Read More
The CRON#TRAP campaign involves a novel technique for executing malicious commands on a compromised system.
darkreading – Read More
The global operation was intended to root out malicious IP addresses used for phishing, ransomware and infostealer malware.
The Record from Recorded Future News – Read More