• Threat Intel

    • Enterprise Site License
  • Portfolio

    • Training Portfolio
    • Product Portfolio
  • Training

  • Blog

  • Support Files

  • Plans & Pricing

  • About

    • Careers
    • Why Jigsaw?
    • Privacy Policy
    • Partners and Programs
    • VAR Program
    • Disaster Plan
    • Data Disclosure
    • Industry Expertise
    • Compliance
    • Terms of Service
  • More...

    • All Posts
    • Your Community
    • Getting Started
    • Government
    • Security
    • Defense
    Search
    Ryuk being pushed from Azure... The question is why?
    Jigsaw Development Team
    • Jan 29, 2020
    • 1 min

    Ryuk being pushed from Azure... The question is why?

    Looking at the latest Ryuk activity today shows that an IP address 52[.]158[.]209[.]219 is consistently showing up and pushing the payloads associated with the Ransomware. The only question is why? With the vast resources at Microsoft it is making us wonder if they have the data needed to keep web users safe from attack. We know that many attackers utilize Azure and AWS and similar hosting providers because it's difficult if not impossible to block activity from these environ
    5 views0 comments
    Capesand Campaign being watched closely
    Security Operations Team
    • Nov 8, 2019
    • 2 min

    Capesand Campaign being watched closely

    The team at Jigsaw Security is watching closely a campaign known as Capesand. It appears as though the exploit kit is in active development and we have been tracking activity associated with the threat actor. The exploits observed are not all new but newer vulnerabilities are being leveraged to gain a foothold on victims computers. Observed Vulnerabilities Some of the observed vulnerabilities include CVE-2019-0752 aimed at targeting Internet Explorer users and CVE-2018-4878 a
    27 views0 comments
    Cloudflare now hurting just as much as it is helping
    Jigsaw Security
    • Sep 10, 2019
    • 2 min

    Cloudflare now hurting just as much as it is helping

    During a recent review of threat intelligence data, our team outlined something we have known for quite awhile. In short Cloudflare the provider the protects companies from DDOS attacks is also propagating malicious content and caching it even after it has been taken down elsewhere. We previously reported on some issues with Verizon in which we observed caching and CDN's hosting thousands of unique malware samples that updated daily so we suspected this same issue would also
    18 views0 comments
    DASH Cryptocurrency Mining Campaign
    Security Operations Team
    • Jul 18, 2018
    • 1 min

    DASH Cryptocurrency Mining Campaign

    We have been watching a campaign that appears to be generating quite a bit of revenue for the threat actors. We started seeing this a few weeks back but the level of activity is increasing so we thought we would share some information with our readers. A known accomplice The domain associated with this activity www.pvtntwk[.]com is known to the Jigsaw Security team as well as VirusVault. We started seeing reports of malware being pushed from this domain starting a few weeks b
    10 views0 comments
    Fileless Malware and the Demise of Anti-Virus
    Security Operations Team
    • Jun 23, 2018
    • 5 min

    Fileless Malware and the Demise of Anti-Virus

    One of the most common questions we get at Jigsaw Security is routinely the question as to whether or not Anti-Virus protection is enough. When we tell our customers that we don't run Anti-Virus, some ask why and other tell us were crazy. In fact we have not run persistent Anti-Virus products since 2012. The reason being is that Anti-Virus will not detect several types of malware and is in our opinion wholly outdated. This is why vendors such as Symantec and OpenText use endp
    18 views0 comments
    APT28 Ramping Up and Fast...
    Anonymous Contributor
    • Jan 22, 2018
    • 4 min

    APT28 Ramping Up and Fast...

    Jigsaw Security is aware of a highly successful campaign to target Government and security industry professionals the world over. On 18 January, 2018 Jigsaw Security detected highly suspicious traffic on Windows, Linux, Android and Mac devices. We have seen similar information published from Lookout Security and at first we thought that it was just another campaign. What is troubling is that the indicators being shared are now outdated and the threat actors have moved on to a
    150 views0 comments
    Elasticsearch, MISP and Maltrail Integration
    Development Team
    • Oct 31, 2017
    • 2 min

    Elasticsearch, MISP and Maltrail Integration

    The Security Development Team is pleased to announce that we are in final testing of an Elasticsearch, MISP (Malware Information Sharing Platform) and Maltrail sensor integration our EMM solution. We expect to release the EMM VM on November 1st, 2017. The VM will only be available as open source but those customers wanting to use Jigsaw Threat Intelligence must subscribe to get an API key for our malware feed. Maltrail: Maltrail is a malicious traffic detection system that is
    1,571 views0 comments
    Shifts in Antivirus - From our perspective
    Jigsaw Security Enterprise Intelligence Team
    • Aug 25, 2017
    • 3 min

    Shifts in Antivirus - From our perspective

    One of the things we have noted is there is a shift away from Anti-Virus products and a move toward better technologies such as network traffic string detection. As we reported earlier this year we are seeing very specific attacks on Anti-Virus technology itself. In fact we have seen some actors targeting the Anti-Virus eco-system by exploiting the fact that Anti-Virus has to run as a privileged process to actually be effective. Because of this hackers are starting to target
    14 views0 comments
    WCRY Killswitch Engaged, Killswitch Removed
    Security Operations Team
    • May 14, 2017
    • 1 min

    WCRY Killswitch Engaged, Killswitch Removed

    In case you haven't been following the recent news a new variant of malware known as WCRY has been causing havoc in several countries with limited exposure so far in the US. What is interesting is that the author of the malware included a killswitch that was activated by a security researcher as soon as he identified it. This slowed the initial infection but has since been removed with additional samples being spotted that do not require the domain that was sinkholed to infec
    17 views0 comments
    {"items":["5e4ca551f928750018619e63","5e4ca5511bf5dc0017c7277b","5e4ca5519e14e70017925080","5e4ca55368b7c900174f2566","5e4ca55473d69f0017fafd71","5e4ca55675380f0017ded4b0","5e4ca55613388c0017b3f3d6","5e4ca5577592c700175df522","5e4ca55775380f0017ded4b4"],"styles":{"galleryType":"Columns","groupSize":1,"showArrows":true,"cubeImages":true,"cubeType":"fill","cubeRatio":1.3333333333333333,"isVertical":true,"gallerySize":30,"collageAmount":0,"collageDensity":0,"groupTypes":"1","oneRow":false,"imageMargin":32,"galleryMargin":0,"scatter":0,"rotatingScatter":"","chooseBestGroup":true,"smartCrop":false,"hasThumbnails":false,"enableScroll":true,"isGrid":true,"isSlider":false,"isColumns":false,"isSlideshow":false,"cropOnlyFill":false,"fixedColumns":1,"enableInfiniteScroll":true,"isRTL":false,"minItemSize":50,"rotatingGroupTypes":"","rotatingCropRatios":"","columnWidths":"","gallerySliderImageRatio":1.7777777777777777,"numberOfImagesPerRow":1,"numberOfImagesPerCol":1,"groupsPerStrip":0,"borderRadius":0,"boxShadow":0,"gridStyle":1,"mobilePanorama":false,"placeGroupsLtr":true,"viewMode":"preview","thumbnailSpacings":4,"galleryThumbnailsAlignment":"bottom","isMasonry":false,"isAutoSlideshow":false,"slideshowLoop":false,"autoSlideshowInterval":4,"bottomInfoHeight":0,"titlePlacement":"SHOW_ON_THE_RIGHT","galleryTextAlign":"center","scrollSnap":false,"itemClick":"nothing","fullscreen":true,"videoPlay":"hover","scrollAnimation":"NO_EFFECT","slideAnimation":"SCROLL","scrollDirection":0,"scrollDuration":400,"overlayAnimation":"FADE_IN","arrowsPosition":0,"arrowsSize":23,"watermarkOpacity":40,"watermarkSize":40,"useWatermark":true,"watermarkDock":{"top":"auto","left":"auto","right":0,"bottom":0,"transform":"translate3d(0,0,0)"},"loadMoreAmount":"all","defaultShowInfoExpand":1,"allowLinkExpand":true,"expandInfoPosition":0,"allowFullscreenExpand":true,"fullscreenLoop":false,"galleryAlignExpand":"left","addToCartBorderWidth":1,"addToCartButtonText":"","slideshowInfoSize":200,"playButtonForAutoSlideShow":false,"allowSlideshowCounter":false,"hoveringBehaviour":"NEVER_SHOW","thumbnailSize":120,"magicLayoutSeed":1,"imageHoverAnimation":"NO_EFFECT","imagePlacementAnimation":"NO_EFFECT","calculateTextBoxWidthMode":"PERCENT","textBoxHeight":0,"textBoxWidth":200,"textBoxWidthPercent":50,"textImageSpace":10,"textBoxBorderRadius":0,"textBoxBorderWidth":0,"loadMoreButtonText":"","loadMoreButtonBorderWidth":1,"loadMoreButtonBorderRadius":0,"imageInfoType":"ATTACHED_BACKGROUND","itemBorderWidth":1,"itemBorderRadius":0,"itemEnableShadow":false,"itemShadowBlur":20,"itemShadowDirection":135,"itemShadowSize":10,"imageLoadingMode":"BLUR","expandAnimation":"NO_EFFECT","imageQuality":90,"usmToggle":false,"usm_a":0,"usm_r":0,"usm_t":0,"videoSound":false,"videoSpeed":"1","videoLoop":true,"jsonStyleParams":"","gallerySizeType":"px","gallerySizePx":940,"allowTitle":true,"allowContextMenu":true,"textsHorizontalPadding":-30,"itemBorderColor":{"themeName":"color_12","value":"rgba(204,204,204,0.75)"},"showVideoPlayButton":true,"galleryLayout":2,"targetItemSize":940,"selectedLayout":"2|bottom|1|fill|true|0|true","layoutsVersion":2,"selectedLayoutV2":2,"isSlideshowFont":false,"externalInfoHeight":0,"externalInfoWidth":0.5},"container":{"width":940,"galleryWidth":972,"galleryHeight":0,"scrollBase":0,"height":null}}

    Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

    • Facebook - Black Circle
    • Twitter - Black Circle

    © 2017-2020 Jigsaw Security Enterprise Inc.

    Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business