Petah Tikva, Israel
Jun 19, 2022   |  By Shmuel Gihon
BlackGuard is a fairly new info stealer from the end of January 2022 with a business model of Malware-as-a-Service (MaaS). The malware is sold in underground forums and a dedicated Telegram channel of the operators’ named blackteam007.
Jun 6, 2022   |  By Shmuel Gihon
Over the past weekend, on June 2, Atlassian published a security advisory regarding a zero-day vulnerability in all versions of the Confluence Server and Data Center that is already being exploited in the wild. The critical severity vulnerability has received the ID of CVE-2022-26134 and a threat actor can exploit this vulnerability in order to perform unauthenticated remote code execution (RCE).
Jun 2, 2022   |  By Doron Kapah
Emotet, one of the first Malware-as-a-Service (MaaS), an ever-evolving botnet and banking trojan active since 2014, recently added new techniques to its arsenal. Initially intended to extract sensitive banking information from a victim’s computer and operate using other malware trojans, this notorious malware continues evolving by implementing new techniques in the malware delivery stage. This document is an update to the technical report on Emotet from December 2021.
May 31, 2022   |  By Shmuel Gihon
Over the past month a new ransomware group, named Black Basta, has emerged and has quickly gained popularity. As 29 victims have already been added to Black Basta’s victim list, the group is drawing the attention of security researchers and hunters in the cybersecurity community worldwide. In the era of post-ContiLeaks ransomware groups are looking to utilize and base their product on the fairly successful Conti code.
May 23, 2022   |  By Shmuel Gihon
As new ransomware groups emerge by the day, most of them operate the same business model and same techniques. And as we all know, one of the main techniques of ransomware groups is to encrypt valuable assets belonging to the victim. Over the past weeks, a new and slightly odd ransomware group has emerged named RansomHouse. At glance, it looks like any other ransomware group, but claims to be something other than what we are used to seeing.
May 3, 2022   |  By Doron Kapah
In recent weeks, Cyberint has been monitoring a new marketplace that appeared in the TOR network, an insiders network called Industrial Spy. This new platform was established in around mid-March this year and is currently being promoted on known Darknet forums and Telegram channels. The platform’s main goal is to become the ultimate repository containing victims’ data, which is mainly gathered by threat actors and insiders.
Apr 26, 2022   |  By Shmuel Gihon
For the past five years the notorious RaidForums had been one, if not the main pillar of the cybercriminals industry, serving many purposes, while the main purview of this forum was exclusive leaked databases. Towards the end of February, RaidForums was seized by the authorities and officially closed on April 12 by the FBI and its main owner was arrested.
Apr 19, 2022   |  By Shmuel Gihon
Info Stealers are one of the most popular malware types being used in the wild today.
Apr 14, 2022   |  By Shmuel Gihon
One thing that we’ve learned from the Russia-Ukraine conflict is that the cybersecurity and the cyber-warfare world is going to change, if it hasn’t already. While Anonymous, the TI Army of Ukraine, and more hacktivist groups are actively participating in the conflict, a relatively new group brings something new to the table.
Apr 4, 2022   |  By Yuval Shapira, Shmuel Gihon
The first quarter of 2022 will be remembered as one of the most interesting quarters of the past years. A historical war changed cyber warfare rules entirely, New lethal groups made their debuts, causing major damage. Conti Group Leaks and Lockbit2.0 taking over provided us with many insights and paved the way to a new era.
May 3, 2022   |  By Cyberint
The Russia-Ukraine conflict has introduced us to a new era in which anyone can pick up a keyboard and join a cause they see fit. Groups like BlueHornet emerged as a result and caused havoc to anyone they saw as responsible. This reality raises many questions - will wars rise and fall in the decision of hacktivists instead of governments? Are we as a society legitimized this phenomenon, and where do we draw the line?
Apr 12, 2022   |  By Cyberint
In this webinar we take a look at the deep and dark web.
Mar 28, 2022   |  By Cyberint
Dr. Guy Almog was invited by the Knowledge Group to talk about how to prepare against attacks from the deep and dark web.
Mar 13, 2022   |  By Cyberint
See this session to understand how the dark web works, who are the individuals who go there and how they conduct business. You will also see how Cyberint conducts complex HUMIT (human intelligence) operations in order to get valuable and actionable information. Presented by Jacob Silutin - Sales Engineer, Cyberint, at Cyber Security Digital Summit - Threat Detection and Response on 22nd February 2022.
Mar 7, 2022   |  By Cyberint
What are the most common ways that threat actors breach organizations? How can Threat Intelligence help with Compliance? What does it take to get an effective and up-to-date threat intelligence? Watch this interview with Yochai Corem, CEO, Cyberint, from the Cybertech Israel tradeshow.
Feb 14, 2022   |  By Cyberint
Webinar on demand: "Threat Landscape for the Philippines Financial Industry" , hosted by Cyberint for the Bankers Association of the Philippines.
Feb 9, 2022   |  By Cyberint
In this webinar we learn about 2021's worst ransomware groups, their TTPs, and Cyberint Research's predictions for 2022.
Feb 3, 2022   |  By Cyberint
Webinar recording on "Threat Landscape for the Philippines Financial Industry" topic, hosted by Cyberint for the Bankers Association of the Philippines.
Dec 16, 2021   |  By Cyberint
In response to Apache Log4Shell vulnerability gaining worldwide attention, Cyberint's Research team shares the latest insights and recommendations on how to stay protected.
Nov 22, 2021   |  By Cyberint
Session for the Infosec World 2021 by Yochai Corem, CEO at Cyberint

Best-in-class managed intelligence suite. We help you identify emerging threats, verify your security posture, and respond effectively to reduce their impact.

CyberInt's Managed Detection and Response services span globally and include some of the top finance, retail and telecommunication organizations. Allowing our customers to combat and respond to advanced cyber threats that would normally go unnoticed by standard security controls, while protecting their brand, digital assets and customers.


  • Threat Intelligence: Real-time monitoring of threats in the deep, dark and open web such as phishing and malware campaigns, brute-force and credential stuffing threats, data leakage, including personal identifiable information (PII), and fraudulent activity.
  • Digital Risk: Digital footprint discovery and ongoing monitoring of organizations’ cloud and external facing assets. Ensuring visibility into assets with severity-based prioritization of issues to address, highlighting related threats, vulnerabilities, and weaknesses.
  • Threat Hunting: Driven by Cyberint proprietary intelligence and custom detections service provides continuous hunt for threats across the IT and infrastructure. Leveraging 3rd party EDR-agnostic technology and SOAR, we deploy proprietary automated playbooks to contain and mitigate threats within minutes.
  • Cybersecurity Assessment: Testing applications and infrastructure’s resilience to cyberattacks, to identify weaknesses and loopholes in your security posture.

Intelligence-driven Detection & Response. Leveraging threat intelligence suite, threat hunting and threat mitigation and response services.