Talion Threat Set Radio is your weekly cyber threat intelligence bulletin. We cut through the noise to give you our honest opinion on the threat news that matters.
…
continue reading
In this week news: Check Point Zero-day vulnerability. Okta Credential Stuffing. Operation Endgame Targets Botnets.By Talion Threat Intelligence Team
…
continue reading
In this weeks episode, LockBit Ransomware group have had nothing but setbacks since “Operation Chronos”, GitHub alerts users to 2 high severity vulnerabilities and a significant uptick in Docusign phishing emails has been observed in May.By Talion Threat Intelligence Team
…
continue reading
LockBit ransomware admin is named and sanctioned. North Korean actors exploiting weak DMARC policies for spearphishing. Ivanti flaws chained together to drop Mirai botnet.By Talion Threat Intelligence Team
…
continue reading
Developers targeted with Python backdoor during false job interviews. New UK law now in effect limits default passwords on smart devices. New malware emerges targeting small office and home routers.By Talion Threat Intelligence Team
…
continue reading
MITRE breached using two Ivanti zero days. CrushFTP victim of targeted zero day exploitation. ArcaneDoor campaign targets vulnerable Cisco devices.By Talion Threat Intelligence Team
…
continue reading
Large scale exploitation of Palo Alto CVE following PoC disclosures. Atlassian vulnerability leveraged to deploy Cerber ransomware. PuTTY flaw can be used to obtain private cryptographic keys.By Talion Threat Intelligence Team
…
continue reading
Warnings issued regarding 10/10 CVSS score Rust vulnerability. Researchers speculate LLM wrote Powershell for malware strain. Change Healthcare hit by ransom demand again following AlphV exit scam.By Talion Threat Intelligence Team
…
continue reading
Sophisticated supply chain attack attempted against multiple Linux distros. Linux false Sudo prompt flaw has persisted for over a decade. DinodasRAT now targeting Linux servers with new variant.By Talion Threat Intelligence Team
…
continue reading
Huge darknet marketplace seized by German takedown effort. Muddywater group using legitimate RM tools for access. APT31 members sanctioned following US infrastructure attacks.By Talion Threat Intelligence Team
…
continue reading
Fujitsu discover malware compromised systems. Russian actors may be targeting Ukrainian telecoms with new wiper malware. New DoS technique discovered able to create infinite feedback loop.By Talion Threat Intelligence Team
…
continue reading
Russian groups accesses Microsoft source code in follow up from January attack. StopCrypt, the ransomware still targeting individuals over business has been upgraded. DarkGate leverage recent SmartScreen vulnerability in attacks.By Talion Threat Intelligence Team
…
continue reading
The Blackcat / AlphV ransomware operation fakes law enforcement takedown to steal from their own affiliate.By Talion Threat Intelligence Team
…
continue reading
LockBit claims swift recovery from takedown operation, downplaying severity and threatening leaks. Lazarus exploit Windows zero day flaw with new improved Rootkit.By Talion Threat Intelligence Team
…
continue reading
DoJ takes down botnet used by Russian state group. LockBit ransomware operation gutted by the NCA. ScreenConnect under active attack, Lockbit utilised.By Talion Threat Intelligence Team
…
continue reading
Anydesk confirms cyberattack that allowed hackers to gain access to the company's production systems, Cloudflare publicly disclose its internal Atlassian server was breached by a suspected nation-state attacker and the FBI disrupt and neutralize KV-botnet.By Talion Threat Intelligence Team
…
continue reading
Microsoft confirms details of recent Russian compromise. Kasseika joins ransomware groups performing BYOVD attacks. Trickbot browser injection developer jailed.By Talion Threat Intelligence Team
…
continue reading
VMware critical flaw under active exploitation. Critical vulnerability discovered in Juniper firewalls and switches. Ivanti bypass flaw exploited in the wild.By Talion Threat Intelligence Team
…
continue reading
Evasive Async RAT has targeted infrastructure for almost a year. New FBot toolkit targets SaaS and cloud platforms. Turkish group uses Mimic ransomware to target MSSQL servers.By Talion Threat Intelligence Team
…
continue reading
Critical Invanti flaw allows compromise of enrolled devices. Multiple malware strains use Google feature for persistence. Microsoft disables MSIX after it is abused by malware again.By Talion Threat Intelligence Team
…
continue reading
Rhadamanthys infostealer gains popularity with new features. MongoDB confirms breach and theft of customer data. FBI confirms it breached the Blackcat ransomware group.By Talion Threat Intelligence Team
…
continue reading
AlphV ransomware outage rumored to be caused by FBI. New "Pool Party" injection technique evades 5 leading EDR solutions. Lazarus continues to abuse Log4J with 3 new malware strains.By Talion Threat Intelligence Team
…
continue reading
NCSC warns of Russian state group social engineering activity. Okta customers affected by recent attack revised from 1% to 100%. Researchers discover Linux rootkit RAT undetected since 2021.By Talion Threat Intelligence Team
…
continue reading
Ransomware group arrested in Ukraine following attacks against 71 countries. Method discovered to passively extract RSA keys from SSH connections. Chrome fixes its 6th zero day exploited in the wild this year.By Talion Threat Intelligence Team
…
continue reading
Russian state USB malware spreads to unintended targets. Qbot moves to Darkgate and Pikabot following takedown. Criminals claim ability to reuse expired Google auth cookies.By Talion Threat Intelligence Team
…
continue reading
CISA adds three flaws to its KEV Google Workspace and Cloud highlighted as attack vector. VMWare warns of critical VCD flaw.By Talion Threat Intelligence Team
…
continue reading
Microsoft will soon begin moving towards mandatory full MFA adoption. GootLoader variant moves to stealthier self developed bot. BlazeStealer targets developers with malicious code repos.By Talion Threat Intelligence Team
…
continue reading
Recent F5 Big IP flaws exploited in stealthy attacks. Citrix bleed flaw leveraged against government targets. Mozi dismantled by mysterious killswitch command.By Talion Threat Intelligence Team
…
continue reading
Fake Corsair job offers pushing Darkgate malware strain. Ragnar Locker operation dealt heavy blow by Europol. Okta support system compromised, customers breached.By Talion Threat Intelligence Team
…
continue reading
Another Citrix Netscaler flaw exploited as a zero day since August. Microsoft will phase out NTLM with Windows 11, in favour of Kerberos. Multiple nation state groups are exploiting a recent critical WinRAR flaw.By Talion Threat Intelligence Team
…
continue reading
Genetic information stolen by credential stuffing attack. New “rapid reset” zero day enables record breaking DDoS. Microsoft will kill of VBScript in the near future.By Talion Threat Intelligence Team
…
continue reading
New BunnyLoader MaaS becomes popular due to features and pricing. Atlassian Confluence under active exploitation from new 0-day. Looney Tunables vulnerability enables root on popular Linux distros.By Talion Threat Intelligence Team
…
continue reading
Maximum severity CVE assigned to libwebp following Google error New ShadowSyndicate group tied to several ransomware opsBy Talion Threat Intelligence Team
…
continue reading
VenomRAT dropped by fake PoC exploit for WinRAR flaw. Newly observed Sandman group targets Telecoms. BlackCat ransomware operation targets Azure storage.By Talion Threat Intelligence Team
…
continue reading
Teams phishing techniques ignored by Microsoft used by ransomware enablers. A new chain of Kubernetes vulnerabilities can lead to code execution. Operators of the Redline and Vidar malware pivot to ransomware.By Talion Threat Intelligence Team
…
continue reading
Cisco acknowledge VPN zero day exploited by ransomware actors. North Korean threat actors target cyber security researchers. New Blister malware updates drive quiet network infiltration.By Talion Threat Intelligence Team
…
continue reading
PoC Exploit chain enables RCE attacks against Juniper firewalls. Attacks against Citrix Netscaler devices linked to FIN8. Qakbot botnet dismantled in aptly named “Operation Duck Hunt”By Talion Threat Intelligence Team
…
continue reading
WinRAR flaw enables command execution by simply opening an archive. Malware strain maps victims location in real time via Wi-Fi triangulation. PoC exploit released for Ivanti vulnerability recently used in attacks.By Talion Threat Intelligence Team
…
continue reading
Nearly 2000 Citrix NetScaler servers compromised in new campaign. NoFilter, new stealthy privilege escalation technique discovered. Raccoon returns with version 2.3 after 6 month hiatus.By Talion Threat Intelligence Team
…
continue reading
AWS system manager can be leveraged as a remote access trojan. CISA highlights the SUBMARINE backdoor used in Barracuda ESG attacks. Google AMP links abused for stealthy phishing campaigns.By Talion Threat Intelligence Team
…
continue reading
Compromised IIS servers used as malware delivery mechanism by Lazarus Critical zero days in Atera platform could allow for privilege escalation. Decoy Dog toolkit appears highly targeted and largely undetected.By Talion Threat Intelligence Team
…
continue reading
Lazarus targets developers with malicious GitHub projects. USB malware strains SOGU and SNOWYDRIVE drive huge infection vector increase. Gamaredon campaign exfiltrating files mere 30 minutes after initial infection.By Talion Threat Intelligence Team
…
continue reading
WormGPT, an AI tool which could make BEC attacks trivial. Chinese hackers exploit flaw in Windows policy to load malicious kernel drivers.By Talion Threat Intelligence Team
…
continue reading
BlackCat ransomware group uses WinSCP SEO poisoning to push cobalt strike. New “StackRot” Linux vulnerability enables privilege escalation.By Talion Threat Intelligence Team
…
continue reading
New EarlyRAT malware attributed to Lazarus offshoot. Microsoft issues warning on increased widespread credential theft activity. New Mockingjay process injection technique could bypass EDR detection.By Talion Threat Intelligence Team
…
continue reading
US Government offers $10m bounty for info on the Clop ransomware group following MOVEit attacks. New “Mystic Stealer” malware as a service gaining traction in underground groups. APT37 deploying new “Fadestealer” espionage malware.By Talion Threat Intelligence Team
…
continue reading
Batcloak malware obfuscation engine tied to various successful malware strains. Hackers impersonate cybersecurity experts and peddle poisoned PoC code.By Talion Threat Intelligence Team
…
continue reading
PoC released for Win32K flaw actively exploited in attacks Chinese group Camaro Dragon use new TinyNote backdoor for intel gathering. The Clop threat actor claims responsibility for the MOVEit data theft attacks.By Talion Threat Intelligence Team
…
continue reading
Gigabyte firmware vulnerability potentially affects 7 million devices. Phishing toolkits develop new ticks using new .ZIP TLD. New malware used to target and disrupt power grids discovered.By Talion Threat Intelligence Team
…
continue reading
Tool which allows extraction of KeePass master password publicly available. Geacon, an open source Cobalt Strike port usable on MacOS, sees spike in use. Report outlines Microsoft Teams functions which can enable phishing and more.By Talion Threat Intelligence Team
…
continue reading
ViperSoftX infostealer expands to target specific password managers. DLL sideloading is so effective, attackers begin doubling up the technique. North Korean Kimsuky group employing new Reconshark recon tool.By Talion Threat Intelligence Team
…
continue reading