Palo Alto Networks Unit 42 recently identified a campaign using malicious infrastructure to set up fake online stores called "Penguin Mall" They share more information on GitHub here: https://lnkd.in/gT2MeRCf
DomainTools
Computer and Network Security
Seattle, WA, Washington 20,854 followers
Detect. Investigate. Prevent.
About us
DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know. The world's most advanced security teams use our solutions to identify external risks, investigate threats, and proactively protect their organizations in a constantly evolving threat landscape. DomainTools constantly monitors the Internet and brings together the most comprehensive and trusted domain, website and DNS data to provide immediate context and machine-learning driven risk analytics delivered in near real-time. Visit domaintools.com to experience firsthand why DomainTools is the first stop for advanced security teams when they need to know.
- Website
-
https://www.DomainTools.com
External link for DomainTools
- Industry
- Computer and Network Security
- Company size
- 51-200 employees
- Headquarters
- Seattle, WA, Washington
- Type
- Privately Held
- Founded
- 2004
- Specialties
- Domain Ownership Records, Brand Protection, Whois Records, Threat Investigation, Cybercrime Investigation, Cyber Security Investigation, Whois History, Reverse Whois Lookup, Name Server Monitoring, Online Fraud Detection, and Threat Intelligence
Locations
-
Primary
2101 Fourth Avenue
Suite 1720
Seattle, WA, Washington 98121, US
-
2101 4th Ave
Seattle, WA 98121, US
Employees at DomainTools
Updates
-
While DNS makes the Internet approachable and usable for people, cryptography makes it secure🛡️ Without trustworthy encryption, logging on to remote computers, engaging in online banking and shopping, and exchanging confidential personal communications would be difficult, to say nothing of implications for national security-related systems. In this blog, we are going to stray from our DNS roots as Joe St Sauver discusses important changes happening in cryptography. 📖 Read more here: https://bit.ly/4dPXmWs
-
In this episode of Breaking Badness, we dive deep into the evolving world of Endpoint Detection and Response (EDR) and its critical role in modern cybersecurity. With threats advancing and the sheer volume of endpoint data skyrocketing, AI and deep learning are becoming game changers in threat detection and prevention. Join us as Carl Froggett, CIO at Deep Instinct, and Melissa Bischoping , Senior Director of Security at Tanium, discuss the past, present, and future of EDR, the impact of AI on cybersecurity, and how SOC teams are evolving to stay ahead of bad actors. Learn about how generative AI is influencing attacks, the challenge of SOC burnout, and the innovations shaping the future of endpoint security. 💻 YouTube: https://bit.ly/4h8NHgz 🎧 Apple Podcasts: https://apple.co/3AddnrE 🎧 Spotify: https://spoti.fi/3U7tIVN
-
DomainTools Solutions Engineer Steven Behm demonstrates how he utilized our passive DNS database (DomainTools DNSDB Scout) in a recent investigation to uncover additional domains related to Octo2's Domain Generation Algorithm (DGA). By using DNSDB Scout, he conducted a left-sided search to reveal IP addresses associated with specific domains, enabling us to stay ahead of emerging threats. He also showcases how to search for domains matching specific patterns using Regex, enhancing our investigative capabilities. Our Passive DNS database is valuable when it comes to understanding a domain, seeing its evolution over time, and finding other connected domains, including subdomains. Watch here: https://lnkd.in/gPdwYR5Y #DNS #Octo2 #Malware #CyberSecurity
Utilizing Passive DNS for Octo2 Investigation
https://www.youtube.com/
-
📅 Next week Tanya Janca (Semgrep) is giving the Keynote Speech at LASCON on maturing your application security program! She's a dynamic speaker and we hope if you're attending you can catch it! See the full LASCON schedule here: https://lnkd.in/gN-bKXD
Schedule – LASCON
https://lascon.org
-
📹 DomainTools Solutions Engineer Steven Behm briefly walks through how to use Iris Investigate to investigate domains related to Octo2's DGA (domain generation algorithm). These are domains the malware uses for its command and control server, which is similar to being able to change the address of your evil hideout whenever you want. Iris Investigate allows you to: 1.) Get more context, or data, on a domain 2.) Find other domains that might be connected 🛡️This allows defenders to stay ahead of emerging threats and reduce exposure to risk. Watch here: https://lnkd.in/gywhTeBQ #Octo2 #Malware #CyberSecurity
-
Have you checked out Tracy Z. Maleeff's (aka @InfoSecSherpa's) latest news roundup? It's a baker’s dozen of Information Security & Data Privacy news items that you may have missed! Find it here: https://lnkd.in/gaqtu6Qc
Weekly #InfoSec News Roundup
infosecsherpa.medium.com
-
We found a “watering hole attack” on a US apartment website, delivering malware via a fake browser update. Similarities in malware, delivery methods, and targeting suggest a link to SocGholish. Find IOCs here: https://lnkd.in/gZnXVFb7 #SocGholish #Malware #CyberSecurity
A Website Attacked - DomainTools | Start Here. Know Now.
domaintools.com
-
🗝️ What's the key to startup success? Trusting folks who are smarter than you. Established trust allows founders to dream bigger and think more strategically. Learn how visionary leaders are shaping the future of cyber with strategic insights and expert guidance. Check out the full story from Jennifer Leggio in SecurityWeek here: https://bit.ly/3NpJTdh
-
ThreatFabric found initial samples of Octo2 - a new version of Octo (ExobotCompact) and researchers believe use will quickly spread considering the global adoption of the original Octo. What’s new in the sequel? Octo2’s use of a domain generation algorithm (DGA) to dynamically change its C2 server address, making it harder for security systems to detect and block. What is a DGA and why does it make detection harder? And how can security practitioners mitigate Octo2 infections? Steven Behm explains in this recent blog post: https://lnkd.in/dw2J9bpp