Talion Threat Set Radio is your weekly cyber threat intelligence bulletin. We cut through the noise to give you our honest opinion on the threat news that matters.
Talion Threat Intelligence Team
Multiple UK retailers hit by cyber attacks.Microsoft make strides towards passwordless future.Hacker who stole Disney data pleads guilty.Shameless Plug.
Founder of the Silk Road illegal dark web marketplace given full pardon.Trump administration fires review board investigating Chinese APT group.
Multiple faulty Tenable updates over holiday period cause global Nessus agent failure.Telegram policy shift on law enforcement requests causes cybercrime exodus.
Chinese state actor breaches U.S department responsible for foreign sanctions following BeyondTrust compromise.Quick fire topics.
New wave of file transfer platform attacks perpetrated by Clop.Apache Struts exploited in the wild using publicly available PoC code.
Termite ransomware claims attack on Blue Yonder SaaS giant.Ivanti suffers sixth CSA security vulnerability in 4 months.
New phishing technique abuses office document recovery feature to evade detection.Quick fire topics.
First UEFI Bootkit targeting Linux discovered.Russian RomCom group utilises chain vulnerability in widespread attack.
Akira claims record breaking 30 victims in one day.Ransomware operation abandons file encryption for extortion tactics.Quick fire topics.
Multiple new phishing techniques, ZIP file concatenation, and Docusign API abuse on the rise.Quick fire topics.
VEILDrive campaign uses a number of Microsoft services for stealthy compromise.Quick fire topics.
Arrested members of the REvil ransomware operation tried and charged in Russian court.Operation Magnus collaborative effort brings down Redline and Meta infostealer malware.
New Fortinet 0 day exploit highlights history of bad disclosure and transparency practices Quick fire topics.
Tool which disrupts EDR solutions from sending alerts to defenders used in attacks. Quick fire topics.
31 million records stolen from the Wayback Machine service.Ivanti hit by even more zero day exploitation in active attacks.Quick fire topics.
Evil Corp and LockBit members the target of global sanctions and arrests.Quick fire topics.
Telegram in the spotlight, founder arrested, banned in Ukraine, and will now share user data on legal request. Quick fire topics.
Explosions were a supply chain compromise, not a cyber attack.Another Ivanti critical flaw exploited in the wild with public exploit.
Security giant Fortinet suffers data breach as 440GB of files stolen.Quick fire lightning round.
Uncommon technique from 2017 resurrected to drop Cobalt StrikeVersa Director vulnerability leveraged by Volt TyphoonNew persistence technique allowed Linux malware to hide for years.
SolarWinds flaw exploited in the wild & hardcoded credentials.Report indicates ransom payments will break last years record.Lazarus exploit driver present on every Windows system.
In this weeks episode: - Over 2 Billion Records of Personal Information Leaked. - Critical TCP/IP remote code execution vulnerability patched by Microsoft. - Ringleader of Ransom Cartel extradited to the US to face charges.
The legal challenges against CrowdStrike begin following update incident.CISA re-issues seven year old warning over exploited Cisco install flaw.Chinese group compromises ISP to push poisoned infostealer updates.
Microsoft vows less reliance on kernel drivers following CrowdStrike incident.Cloudflare trial product increasingly abused for criminal obfuscation.Black Basta sees success with in house tools following QBot takedown.
Repair documentation used to push malware after CrowdStrike incident.New Linux variant of the prolific Play ransomware discovered.New ICS malware FrostyGoop responsible for Ukraine attack.
Report highlights alarming speed PoC exploits are weaponized.Kaspersky offers 6 months free service as farewell to US market.Fin7 offers sophisticated evasion tool on underground markets.CrowdStrike botched update causes global havoc.
Eldorado ransomware claims 16 victims in short timeframe.Free decryptor released by Avast for DoNex ransomware strain.Blast Radius attacks leverage MD5 collisions to gain admin.
"regreSSHion" SSH flaw leads to root on Linux servers.GootLoader continues to deploy updated versions in new attacks.
Kaspersky software banned in US due to national security concerns.LockBit misleadingly claims to hit US federal reserve.TeamViewer compromised by Russian state sponsored APT group.
PoC exploit code available for heavily targeted Veeam backup solution.New loader dubbed PhantomLoader delivers MaaS payloads.Black Basta may have exploited flaw 3 months before fix issued, as 0 day.
Attackers target GitHub repos once again in Ransom-lite extortion.Windows will finally depreciate NTLM, providing transition advice.PoC chaining two flaws for Telerik report released.
In this week news: Check Point Zero-day vulnerability.Okta Credential Stuffing.Operation Endgame Targets Botnets.
In this weeks episode, LockBit Ransomware group have had nothing but setbacks since “Operation Chronos”, GitHub alerts users to 2 high severity vulnerabilities and a significant uptick in Docusign phishing emails has been observed in May.
LockBit ransomware admin is named and sanctioned.North Korean actors exploiting weak DMARC policies for spearphishing.Ivanti flaws chained together to drop Mirai botnet.
Developers targeted with Python backdoor during false job interviews.New UK law now in effect limits default passwords on smart devices.New malware emerges targeting small office and home routers.
MITRE breached using two Ivanti zero days.CrushFTP victim of targeted zero day exploitation.ArcaneDoor campaign targets vulnerable Cisco devices.
Large scale exploitation of Palo Alto CVE following PoC disclosures.Atlassian vulnerability leveraged to deploy Cerber ransomware.PuTTY flaw can be used to obtain private cryptographic keys.
Warnings issued regarding 10/10 CVSS score Rust vulnerability.Researchers speculate LLM wrote Powershell for malware strain.Change Healthcare hit by ransom demand again following AlphV exit scam.
Sophisticated supply chain attack attempted against multiple Linux distros.Linux false Sudo prompt flaw has persisted for over a decade.DinodasRAT now targeting Linux servers with new variant.
Huge darknet marketplace seized by German takedown effort.Muddywater group using legitimate RM tools for access.APT31 members sanctioned following US infrastructure attacks.
Fujitsu discover malware compromised systems.Russian actors may be targeting Ukrainian telecoms with new wiper malware.New DoS technique discovered able to create infinite feedback loop.
Russian groups accesses Microsoft source code in follow up from January attack.StopCrypt, the ransomware still targeting individuals over business has been upgraded.DarkGate leverage recent SmartScreen vulnerability in attacks.
The Blackcat / AlphV ransomware operation fakes law enforcement takedown to steal from their own affiliate.
LockBit claims swift recovery from takedown operation, downplaying severity and threatening leaks.Lazarus exploit Windows zero day flaw with new improved Rootkit.
DoJ takes down botnet used by Russian state group.LockBit ransomware operation gutted by the NCA.ScreenConnect under active attack, Lockbit utilised.
Anydesk confirms cyberattack that allowed hackers to gain access to the company's production systems, Cloudflare publicly disclose its internal Atlassian server was breached by a suspected nation-state attacker and the FBI disrupt and neutralize KV-botnet.
Microsoft confirms details of recent Russian compromise.Kasseika joins ransomware groups performing BYOVD attacks.Trickbot browser injection developer jailed.
VMware critical flaw under active exploitation.Critical vulnerability discovered in Juniper firewalls and switches.Ivanti bypass flaw exploited in the wild.
Evasive Async RAT has targeted infrastructure for almost a year.New FBot toolkit targets SaaS and cloud platforms.Turkish group uses Mimic ransomware to target MSSQL servers.
Critical Invanti flaw allows compromise of enrolled devices.Multiple malware strains use Google feature for persistence.Microsoft disables MSIX after it is abused by malware again.
Rhadamanthys infostealer gains popularity with new features.MongoDB confirms breach and theft of customer data.FBI confirms it breached the Blackcat ransomware group.