#Onpatrol4malware Blog
Malware Patrol Updates & Cybersecurity News
InfoSec Articles (10/17/23 – 10/24/23)
Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself...
InfoSec Articles (10/10/23 – 10/17/23)
Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself...
Malware Patrol + Palo Alto Networks NGFW (PAN-OS)
Malware Patrol offers five Enterprise feeds formatted for use with Palo Alto Networks NGFW (PAN-OS). Customers choose the feed(s) that meet their needs: 1) DNS-over-HTTPS (DoH) Servers: This feed gives security teams control over the use of DoH in...
Honeypots: Simple Tools that Supercharge Cybersecurity
Staying ahead of malicious actors is a constant challenge. As threats continue to increase in complexity and sophistication, organizations must adopt innovative approaches to safeguard their digital assets and sensitive information. One...
Finding the Best Threat Intelligence Vendor
Everyone in our line of business wants to be considered the best threat intelligence vendor. The task of gathering and producing top-notch cyber threat intelligence (CTI) is harder than you might think, however. Here are a few reasons...
New OSINT Feeds: High Risk IPs – Risk Indicators – Tor Exit Nodes
Sharing is Caring To our industry's credit, there are many good OSINT feeds and data sharing platforms. Even better, they are relatively easy to find. A simple Google search for open source intelligence (OSINT) threat feeds or open...
Malware Hashes and Hash Functions
An Introduction to Malware Hashes and Hash Functions Malware hashes are found everywhere in our industry. And for a good reason. They very efficiently help identify malware samples and standardize the exchange of information among...
MISP Project – A free & robust open source threat intelligence platform
The MISP project is a free open source threat intelligence platform (TIP) that stores, analyzes, and shares information about malware.It is co-financed by the European Union and a wide variety of organizations, including law enforcement...
Threat Intelligence Providers vs Threat Intelligence Platforms
In information security, the ability to predict and adapt to the behaviors of criminals can help organizations improve defense strategies against cyber threats.We can do this through the use of threat intelligence where data comprised of past and...
FortiSIEM Configuration Guide
Malware Patrol + FortiSIEMMalware Patrol offers (5) Enterprise* feeds formatted for integration into FortiSIEM. This allows users to combine the quality of Fortinet's SIEM security platform with the protection from our threat intelligence....
pfSense Configuration guide
pfSense The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and it also includes third-party free software packages for additional functionality. pfSense software, with the help of...
DNS Sinkholes Detect and Protect
Bots don't sleep, ransomware finds new ways to infiltrate systems and yesterday's defenses may be ineffective tomorrow. Cybersecurity requires vigilance. But vigilance alone won't suffice. That's why threat researchers and enterprise...
Avoiding Black Friday Phishing Scams
Black Friday is coming and threat actors are already surfing this wave of retail insanity. Not surprisingly, phishing remains an effective way to lure users into handing over their bank credentials and credit card data. Popular brands...
MISP Configuration Guide
MISP is a threat intelligence platform for gathering, sharing, storing, and correlating indicators of compromise of targeted attacks, threat intelligence, financial fraud information, and vulnerability information.It can be configured...
Fortinet Configuration Guide
FortiGate NGFWs deliver industry-leading enterprise security for any edge at any scale with full visibility and threat protection. Organizations can weave security deep into the hybrid IT architecture and build security-driven networks to...
Mikrotik Router Configuration
Malware Patrol provides a Mikrotik-compatible version of our Malicious Domains and the Tor Exit Nodes data feeds. In this Mikrotik router configuration guide, you will find all the steps necessary. However, feel free to contact our...
What is Ransomware?
Malware Patrol's CEO Andre Correa was recently interviewed by Dana Mantilia from Identity Protection Planning. They discussed the basics - and more - about ransomware:What is Ransomware?What should a company do in the case of an attack?Why is...
Best Practices to Protect Against Ransomware
Everyone wants to know how to protect against ransomware - 2021 is the year of ransomware! The Colonial Pipeline attack shutdown a major oil distribution line and held it for ransom. Kaseya, a software vendor, was targeted with a $70 million ransom...
Malware Patrol Data Offered in ThreatBlockr Marketplace
Updated on 2022.03.22 - Bandura Cyber now is ThreatBlockr.Press Release  St. Petersburg, FL, July 28, 2021 -- Malware Patrol, the veteran threat intelligence company, announced today that they now offer data feeds through the...
DoH! Not so great to the Enterprise
DoH, or DNS over HTTPS (RFC 8484), is a relatively new protocol that provides increased privacy and security. It does this by encrypting DNS queries and responses, which prevents eavesdropping and man-in-the-middle attacks. Instead of using a...
Newly Registered Domains Related to COVID-19
The current outbreak of the COVID-19 created a perfect scenario for all sorts of scammers to monetize through fear, false promises and fraud. Since the beginning of March, tens of thousands of new domains have been registered using the...
Threat Intelligence: Essential For Your Cyber Defenses
Cyber risk is growing while confidence in internal defense resilience declining. According to Microsoft’s 2019 Global Cyber Risk Perception Survey, cyber security is a top 5 business concern for 79% of companies globally (and the top risk for 22%...
Palo Alto MineMeld Configuration Guide
Palo Alto MineMeld is an extensible Threat Intelligence processing framework and the multi-tool of threat indicator feeds. MineMeld can be used to collect, aggregate, and filter indicators from a variety of sources make them available...
Tips for Establishing Your Security Program
(And How the Cyber Insurance Industry May Help You for Free) I won’t keep you waiting. Before you get too excited about that free assist from the cyber insurance industry, let me be clear: it won’t, directly. But that’s no problem....
Command and Control Servers: Fundamentals
Command and Control Servers (C2s) are the brains of the malware operation. Learn more about how they work in our blog.
Phishing’s Next Wave: AI-Enabled Tactics for Attackers and Cybersecurity Pros
Cybercrime steals an estimated $600 billion from the global economy every year. In the next several years we can expect that number to reach well into the trillions.Phishing and spear phishing open most cybercrime attacks. At this point it's as old...
Phishing: The Tide Is Still Coming In
In cybersecurity the familiar is dangerous. Because of this, we must qualify what we “already know†and refresh our knowledge. Without this attention, cracks in the system grow until huge threats can fit through and shatter that complacency,...
Reputation Jacking: Unknown Threats on Well-Known Sites
Threat actors place malicious content on trusted sites to gain access to user’s devices and spread malware. Instead of an outside attack, they wait for the victim to download software from a trusted source or otherwise insinuate themselves into a normal operation.
SpamAssassin Configuration Guide
Malware Patrol provides block lists compatible with SpamAssassin. "Apache SpamAssassin is the #1 Open Source anti-spam platform giving system administrators a filter to classify email and block spam (unsolicited bulk email). It...
Why choose Malware Patrol over a free DNS protection service?
Customers and prospects have approached us recently with questions similar to this: why should we choose Malware Patrol instead of a free DNS protection service? The question is fair, especially in a market that counts with, at least, 93 different...
Accessing threat data on AWS S3 buckets
Malware Patrol provides some of its threat data feeds via Amazon / AWS S3 buckets. Among the feeds are the "Malware Samples (Binaries)" and the "Bitcoin Transactions (JSON format)". Amazon Simple Storage Service has a simple web...
Malware Patrol – Protection Against Crypto Mining Abuse
Cryptocurrency mining as a service is a growing website monetization trend, especially popular on gaming and torrent sites, in which a JavaScript code utilizes the visitor's CPU for cryptocurrency mining purposes. While promoted as an...
DNS RPZ Firewall Configuration Guide
BIND is the world's most used DNS server and can be configured as a DNS Firewall using RPZ files (DNS RPZ). Response Policy Zone (RPZ) enables DNS administrators to selectively block name resolution of Internet resources known to be...
Cisco ASA FirePOWER Configuration Guide
“With Cisco ASA with FirePOWER Services, you consolidate multiple security layers in a single platform, eliminating the cost of buying and managing multiple solutions. This integrated approach combines best-in-class security technology with...
Spoofed DDoS Attacks and BCP 38
The majority of recent DDoS attacks utilize source address spoofing techniques. These spoofed DDos attacks complicate mitigation efforts and hide the IP address of the originating system. It happens with TCP SYN floods as well as UDP...
DDoS: What is a Reflection and Amplification Attack?
 Updated on 06/13/2022 DDoS - What is it? A distributed denial-of-service (DDoS) attack is a type of cyber attack in which a malicious actor seeks to disrupt normal traffic of a targeted server, service, or network by overwhelming it with...
Popular Domains Hosting Malware
Malware Patrol has maintained a database of malicious URLs and IOCs since 2005. We often receive emails from our users about "popular" and "important" domains being present in our block lists and data feeds, and that this must be a...
Role of DGAs (Domain Generation Algorithms) in Malware and Ransomware Campaigns
The vast majority of active malware and ransomware families include some sort of communication with command and control servers (C&Cs). This connection allows them to receive instructions, such as which institutions to target, the...
pfBlockerNG Configuration Guide
Malware Patrol provides block lists compatible with pfBlockerNG, a package for pfSense version 2.x that allows the usage of custom block list, IP filtering, and country block functionalities.InstructionsYou can follow these simple steps...
Comparing Protection Mechanisms
In a market full of products and services that promise to solve the most varied security threats, it is important to put solutions into perspective, understand what they really deliver and never forget that no single vendor can protect from all threats.
ClamAV Configuration Guide
ClamAV is an open source ant-virus engine for detecting trojans, viruses, malware & other malicious threats. Malware Patrol provides signatures that are compatible with ClamAV software. You can follow these simple steps to configure your ClamAV...
Squid3 Web Proxy Configuration Guide
Squid is a proxy for the web that provides extensive access control lists, reduces bandwidth consumption and improves response times by caching and reusing frequently requested web pages. It runs on most available operating systems, including Linux...