All news with #threat intelligence tag

🎉 The Cyber Threat Alliance (CTA) marks its ninth anniversary, celebrating a sustained industry shift from guarded threat data to coordinated, high-fidelity intelligence sharing. Founded in 2014 by major vendors, the CTA established governance, legal frameworks and technical platforms to enable secure exchange. The piece highlights how leadership, deliberate design and cross-company commitment transformed a bold experiment into lasting, global cybersecurity infrastructure and urges continued engagement to meet evolving threats.

🔍 Cisco Talos stresses the simple but essential advice: know your environment, and pay attention to reconnaissance rather than dismissing it as noise. Researchers disclosed patched vulnerabilities in Foxit PDF Editor, Epic Games Store, and MedDream PACS, including privilege escalation, use‑after‑free, and XSS that could enable code execution or unauthorized access. The newsletter also covers active phishing and ransomware activity and provides telemetry on prevalent malware. Organizations should patch affected products, enhance detection for recon patterns, and apply layered defenses.

🔍 The near-total internet blackout Iran imposed on January 8 may offer SOC teams a rare chance to observe and digitally fingerprint government-controlled traffic. Vendors argue that with residential and business noise silenced, remaining connections likely originate from state assets, making them high-confidence signals for threat modeling and short-term intelligence collection. Analysts caution, however, that sophisticated state actors can deceive attribution, legitimate government traffic may be benign, and routing artifacts often disappear once services are restored, so captured data should be treated as contextual input, not definitive proof.

🧠 Across dark web forums, Telegram channels, and underground marketplaces, criminals are framing AI as a shortcut to profit rather than a technical revolution. The rise of "vibe hacking" — an intuition-driven, AI-guided approach — and branded tools like FraudGPT, PhishGPT, and WormGPT lower the skill barrier and package familiar scams as turnkey services. AI jailbreaking, prompt-injection techniques, and "Hacking-GPT" offerings are openly bought and sold, amplifying volume over sophistication. Flare monitors those signals to give defenders earlier visibility.

🔐 Cisco Talos is the threat intelligence and security research arm that underpins Cisco's defensive products. Its telemetry-driven intelligence feeds reputation and detection services across the portfolio, including SNORT and SnortML for deep packet inspection and zero-day detection. Talos also powers web and DNS filtering, email threat prevention, layered malware protection, and investigative tooling such as Orbital and Talos IR.

🚗 Google Cloud has joined the Automotive Information Sharing and Analysis Center as an Innovator Partner, pledging experts and resources to bolster vehicle and supply-chain cybersecurity. The partnership will bring threat intelligence and incident response expertise — including insights from Mandiant — to help members anticipate, mitigate, and respond to attacks against cloud-connected, software‑defined vehicles and Industry 4.0 environments. Google cites a $10 billion cybersecurity investment over five years as part of its broader commitment.

🔍 Modern SOCs frequently operate in a reactive mode, discovering threats only after incidents escalate. ANY.RUN's Threat Intelligence Lookup augments alerts with behavioral insight, infrastructure links, and sandbox observations so analysts can prioritize high-risk findings. Paired with continuous TI Feeds and industry/geographic attribution, teams reduce noise, speed triage, and tune detections to protect the business proactively.

⚠️ Deutsche Telekom has introduced Call Check, an automated warning feature that flags incoming calls listed in a database as suspicious or fraudulent. When a call from a domestic or foreign number is identified, the recipient's smartphone displays a Caution, possible fraud! message to warn the user. The system is applied automatically to customers on the Telekom network and joins similar protections already deployed by competitors such as Vodafone, while O2 has yet to implement an equivalent service.

🔐 Check Point argues that modern AI's effectiveness hinges on the volume, variety, and freshness of data, and that its three decades of aggregated threat intelligence provide a practical advantage in applying AI to cybersecurity. The post highlights data density — the combination of scale, diversity, and timeliness of telemetry — as the primary driver of model accuracy and detection efficacy. It contrasts five years of explosive AI data growth with Check Point's 30-year corpus and explains how rich telemetry enables better prediction, prevention, and operationalization of AI-driven defenses.

🔗 The article argues that traditional threat feeds no longer suffice in modern, interconnected environments and proposes a Unified Linkage Model (ULM) to transform static indicators into dynamic threat flows. ULM defines three core linkage types — adjacency, inheritance and trustworthiness — to map how risk propagates across systems. It outlines practical steps to ingest and normalize feeds, establish and score linkages, integrate with MITRE ATT&CK and risk frameworks, and visualize attack pathways for prioritized response and compliance.

🔒 The UK's National Cyber Security Agency (NCSC) reports its Share and Defend service has blocked almost one billion attempts to access malicious websites in under a year. Launched in May 2024, the service aggregates threat intelligence and indicators of compromise (IOCs) from partners and data sources, then shares them with ISPs such as BT, Vodafone, and TalkTalk for DNS filtering. When users try to follow phishing links, fraudulent texts or scam adverts, connections to known malicious domains are stopped automatically. The initiative supports the government's Stop! Think Fraud campaign and aims to reduce online fraud for consumers and businesses.

🛡 GreyNoise Labs provides a free online IP-check tool that helps users determine whether their home or family public IP has been observed performing malicious scanning or appears in GreyNoise's dataset. The GreyNoise IP Check returns one of three outcomes: clean, suspicious/malicious activity, or traffic consistent with VPN, corporate, or cloud environments, and shows a 90-day activity history when correlations exist. For advanced users, an unauthenticated, rate‑limit‑free JSON API accessible via curl supplies structured data for integration into MDMs, VPN scripts, or network onboarding.

🛡️ Modern SOCs drown in threat feeds; the problem is not data but converting it into repeatable decisions. The article lays out an operating model that makes CTI a business capability by centring work on Priority Intelligence Requirements (PIRs), engineering a single pipeline for collection, normalization and automated enrichment, and prioritizing behaviour‑first detections mapped to MITRE ATT&CK. It prescribes SOAR orchestration with human checkpoints, de‑duplication and scoring by relevance and visibility, and integration of intel into incident response and threat hunting. The result: measurable loss avoidance, reclaimed analyst capacity and executive reporting that drives concrete decisions.

🔎 An Amazon Integrated Security report describes Iran-linked actors conducting digital reconnaissance to enable real-world attacks, a phenomenon the company terms cyber-enabled kinetic targeting. Researchers attribute AIS and CCTV intrusions to Imperial Kitten (aka Tortoiseshell) between December 2021 and January 2024 that preceded a missile attempt on a commercial vessel. Amazon also links MuddyWater activity in mid-2025 to live camera access in Jerusalem and notes the use of anonymizing VPNs to complicate attribution and refine target selection.

🎯 Amazon’s threat intelligence linked Iran-associated APT activity to missile strikes in the Red Sea and Israel, concluding cyber espionage provided direct targeting intelligence. The group known as Imperial Kitten queried AIS ship-tracking data days before a Houthi missile attempt, while MuddyWater gained access to compromised CCTV streams ahead of strikes on Jerusalem. Amazon terms this trend cyber-enabled kinetic targeting and urges maritime, surveillance, and critical infrastructure operators to expand threat models and harden systems that could be repurposed for physical attacks.

🔎 Amazon Threat Intelligence reports a rising trend in which nation-state actors use cyber operations to collect real-time intelligence that directly supports physical attacks. The team calls this behavior cyber-enabled kinetic targeting, documenting campaigns that compromised AIS platforms, CCTV feeds, and enterprise systems. Amazon highlights multi-source telemetry and partner collaboration, urging defenders to expand threat models to address digital activities that enable kinetic outcomes.

🛡️ CISA, with NSA, DoD CyCC, FBI and international partners, released Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help ISPs and network defenders disrupt abuse by bulletproof hosting (BPH) providers. The guide defines BPH as providers who knowingly lease infrastructure to cybercriminals and outlines practical measures — including curated malicious resource lists, targeted filters, traffic analysis, ASN/IP logging, and intelligence sharing — to reduce malicious activity while minimizing disruption to legitimate users.

🛡️ The US Cybersecurity Information Sharing Act (CISA 2015) received a three-month extension in a Senate continuing resolution, preserving liability protections for voluntary threat sharing through the Automated Indicator Sharing (AIS) program until January 30, 2026. Cyber professionals broadly welcomed the move but called it a "temporary patch" and urged a longer-term renewal. Industry sources reported the lapse since September reduced federal-to-private sharing, while a Binalyze survey highlighted operational strains, estimating an average cost of $114,000 per hour of delayed incident response.

🛡️ Fortinet and Crime Stoppers International (CSI) have launched the Cybercrime Bounty program, a global initiative enabling secure, anonymous reporting of cybercriminal activity. Validated reports will feed Fortinet’s threat intelligence to support law enforcement investigations and potential prosecutions. The program scales deterrence by combining community-sourced tips with expert analysis, building on decades of Fortinet collaboration with INTERPOL and other public-private partners.

🔍 This November VirusTotal is offering uncapped GUI searches for all Enterprise customers, allowing manual queries through the web interface without consuming quota. Take this opportunity to experiment with VirusTotal Intelligence search modifiers to pivot across hashes, domains, IPs, and URLs, hunt for related samples, and uncover campaign infrastructure. API interactions will continue to consume quota, while daily shared queries and community tips — tagged #MonthOfVTSearch — will help users explore advanced search techniques.