JSLOGO.png
  • All Posts
  • Getting Started
  • Your Community
  • Security
  • Government
  • Defense
Search
Ryuk being pushed from Azure... The question is why?
Jigsaw Development Team
  • Jan 29, 2020
  • 1 min

Ryuk being pushed from Azure... The question is why?

Looking at the latest Ryuk activity today shows that an IP address 52[.]158[.]209[.]219 is consistently showing up and pushing the payloads associated with the Ransomware. The only question is why? With the vast resources at Microsoft it is making us wonder if they have the data needed to keep web users safe from attack. We know that many attackers utilize Azure and AWS and similar hosting providers because it's difficult if not impossible to block activity from these environ
7 views0 comments
Capesand Campaign being watched closely
Security Operations Team
  • Nov 8, 2019
  • 2 min

Capesand Campaign being watched closely

The team at Jigsaw Security is watching closely a campaign known as Capesand. It appears as though the exploit kit is in active development and we have been tracking activity associated with the threat actor. The exploits observed are not all new but newer vulnerabilities are being leveraged to gain a foothold on victims computers. Observed Vulnerabilities Some of the observed vulnerabilities include CVE-2019-0752 aimed at targeting Internet Explorer users and CVE-2018-4878 a
28 views0 comments
Cloudflare now hurting just as much as it is helping
Jigsaw Security
  • Sep 10, 2019
  • 2 min

Cloudflare now hurting just as much as it is helping

During a recent review of threat intelligence data, our team outlined something we have known for quite awhile. In short Cloudflare the provider the protects companies from DDOS attacks is also propagating malicious content and caching it even after it has been taken down elsewhere. We previously reported on some issues with Verizon in which we observed caching and CDN's hosting thousands of unique malware samples that updated daily so we suspected this same issue would also
21 views0 comments
DASH Cryptocurrency Mining Campaign
Security Operations Team
  • Jul 18, 2018
  • 1 min

DASH Cryptocurrency Mining Campaign

We have been watching a campaign that appears to be generating quite a bit of revenue for the threat actors. We started seeing this a few weeks back but the level of activity is increasing so we thought we would share some information with our readers. A known accomplice The domain associated with this activity www.pvtntwk[.]com is known to the Jigsaw Security team as well as VirusVault. We started seeing reports of malware being pushed from this domain starting a few weeks b
11 views0 comments
Fileless Malware and the Demise of Anti-Virus
Security Operations Team
  • Jun 23, 2018
  • 5 min

Fileless Malware and the Demise of Anti-Virus

One of the most common questions we get at Jigsaw Security is routinely the question as to whether or not Anti-Virus protection is enough. When we tell our customers that we don't run Anti-Virus, some ask why and other tell us were crazy. In fact we have not run persistent Anti-Virus products since 2012. The reason being is that Anti-Virus will not detect several types of malware and is in our opinion wholly outdated. This is why vendors such as Symantec and OpenText use endp
19 views0 comments
APT28 Ramping Up and Fast...
Anonymous Contributor
  • Jan 22, 2018
  • 4 min

APT28 Ramping Up and Fast...

Jigsaw Security is aware of a highly successful campaign to target Government and security industry professionals the world over. On 18 January, 2018 Jigsaw Security detected highly suspicious traffic on Windows, Linux, Android and Mac devices. We have seen similar information published from Lookout Security and at first we thought that it was just another campaign. What is troubling is that the indicators being shared are now outdated and the threat actors have moved on to a
151 views0 comments
Elasticsearch, MISP and Maltrail Integration
Development Team
  • Oct 31, 2017
  • 2 min

Elasticsearch, MISP and Maltrail Integration

The Security Development Team is pleased to announce that we are in final testing of an Elasticsearch, MISP (Malware Information Sharing Platform) and Maltrail sensor integration our EMM solution. We expect to release the EMM VM on November 1st, 2017. The VM will only be available as open source but those customers wanting to use Jigsaw Threat Intelligence must subscribe to get an API key for our malware feed. Maltrail: Maltrail is a malicious traffic detection system that is
1,858 views0 comments
Shifts in Antivirus - From our perspective
Jigsaw Security Enterprise Intelligence Team
  • Aug 25, 2017
  • 3 min

Shifts in Antivirus - From our perspective

One of the things we have noted is there is a shift away from Anti-Virus products and a move toward better technologies such as network traffic string detection. As we reported earlier this year we are seeing very specific attacks on Anti-Virus technology itself. In fact we have seen some actors targeting the Anti-Virus eco-system by exploiting the fact that Anti-Virus has to run as a privileged process to actually be effective. Because of this hackers are starting to target
14 views0 comments
WCRY Killswitch Engaged, Killswitch Removed
Security Operations Team
  • May 14, 2017
  • 1 min

WCRY Killswitch Engaged, Killswitch Removed

In case you haven't been following the recent news a new variant of malware known as WCRY has been causing havoc in several countries with limited exposure so far in the US. What is interesting is that the author of the malware included a killswitch that was activated by a security researcher as soon as he identified it. This slowed the initial infection but has since been removed with additional samples being spotted that do not require the domain that was sinkholed to infec
17 views0 comments