Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
Projects within RiskIQ PassiveTotal make it easy for analysts to gather and share information about current and ongoing threat investigations and known threat infrastructure. PassiveTotal Projects help you organize related threat infrastructure elements such as:
Once organized, you can easily hand off investigations to other analysts or maintain an ongoing workspace for future research. These Projects can be shared publicly with the security community or kept private among the other analysts within your organization.
As of June 2019, there are more than 1,600 public projects from 616 different contributors. Each of these is free to use by the entire security community. RiskIQ’s research team works closely with the analyst community and has published 41 curated public projects as starting points for new investigations. These Projects include recent threats, many of which appear in the news, giving you a head start in your research.
Fancy Bear: https://community.riskiq.com/projects/595028e7-753c-d437-444b-85689817dd8b
Learn more about Projects at https://help.passivetotal.org/ or create a project now.
Keeping track of activity on known malicious infrastructure can provide security operations groups with the needed insight to actively defend their networks. PassiveTotal allows you to view artifacts of interest for changes across data sets, making it easy for you to keep tabs on bad actors proactively.
Leveraging the datasets from RiskIQ, our monitoring framework will inspect for differences in resolutions, WHOIS records, data records, and associations. With the latest release of our monitoring framework, we have added support for the following datasets:
By utilizing Monitors, you can automate a critical portion of your workflow. Instead of constantly checking for changes in infrastructure, or worse, missing them altogether, you’ll now be notified both in email and the PassiveTotal platform. These alerts are also available through our API, allowing you to automate the responses.
PassiveTotal monitors provide you with real-time, in-platform, notifications of alerting entities. Additionally, you can also receive an email digest outlining the specific changes that occur for each artifact you’re monitoring. The digest includes a summary in the email and CSV attachments for each data set with crucial information about what changed.
Learn more about Monitors at https://help.passivetotal.org/infrastructure_monitoring.html OR Add to A Project Now
Have Questions? Open a chat in PassiveTotal!
Millions of Exim Mail Servers Are Currently Being Attacked - by @serghei
People have been actively patching Exim servers the day the CVE-2019-10149 was published. Attackers have begun abusing the vulnerability as seen by @0xAmit (https://t.co/kRdeqbAvsW). Here's @RiskIQ's breakdown of observed Exim service versions for 4.8x and higher. Keep patching!
Today @morphisec published their (good) article on FIN8 activities. However, the "back in business" part which media just jumped on doesn't seem to hold true. Those IOCs are just a continuation of campaigns dating to 2017, they are not "back" they were just spotted :). Thread 1/n
Elevate your investigations with collaboration & organization: PassiveTotal Projects https://t.co/CgyarvA6TN #ThreatHunting
Magecart's 'shotgun approach' to payment card theft is wreaking havoc on e-commerce sites https://t.co/rCBdQAAUqz by @jeffstone500