Talion Threat Set Radio
172 episodes - English - Latest episode: 7 days ago -Talion Threat Set Radio is your weekly cyber threat intelligence bulletin. We cut through the noise to give you our honest opinion on the threat news that matters.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Threat Bulletin #263
April 19, 2024 19:00 - 6 minutes - 4.36 MBLarge scale exploitation of Palo Alto CVE following PoC disclosures. Atlassian vulnerability leveraged to deploy Cerber ransomware. PuTTY flaw can be used to obtain private cryptographic keys.
Threat Bulletin #262
April 12, 2024 17:00 - 7 minutes - 4.84 MBWarnings issued regarding 10/10 CVSS score Rust vulnerability. Researchers speculate LLM wrote Powershell for malware strain. Change Healthcare hit by ransom demand again following AlphV exit scam.
Threat Bulletin #261
April 05, 2024 20:00 - 6 minutes - 4.42 MBSophisticated supply chain attack attempted against multiple Linux distros. Linux false Sudo prompt flaw has persisted for over a decade. DinodasRAT now targeting Linux servers with new variant.
Threat Bulletin #260
March 28, 2024 20:00 - 4 minutes - 3.3 MBHuge darknet marketplace seized by German takedown effort. Muddywater group using legitimate RM tools for access. APT31 members sanctioned following US infrastructure attacks.
Threat Bulletin #259
March 22, 2024 21:00 - 5 minutes - 3.73 MBFujitsu discover malware compromised systems. Russian actors may be targeting Ukrainian telecoms with new wiper malware. New DoS technique discovered able to create infinite feedback loop.
Threat Bulletin #258
March 15, 2024 20:00 - 5 minutes - 3.49 MBRussian groups accesses Microsoft source code in follow up from January attack. StopCrypt, the ransomware still targeting individuals over business has been upgraded. DarkGate leverage recent SmartScreen vulnerability in attacks.
Threat Bulletin #257
March 08, 2024 22:00 - 6 minutes - 4.63 MBThe Blackcat / AlphV ransomware operation fakes law enforcement takedown to steal from their own affiliate.
Threat Bulletin #256
March 01, 2024 20:00 - 6 minutes - 4.52 MBLockBit claims swift recovery from takedown operation, downplaying severity and threatening leaks. Lazarus exploit Windows zero day flaw with new improved Rootkit.
Threat Bulletin #255
February 23, 2024 19:00 - 6 minutes - 4.64 MBDoJ takes down botnet used by Russian state group. LockBit ransomware operation gutted by the NCA. ScreenConnect under active attack, Lockbit utilised.
Threat Bulletin #254
February 09, 2024 12:00 - 6 minutes - 4.72 MBAnydesk confirms cyberattack that allowed hackers to gain access to the company's production systems, Cloudflare publicly disclose its internal Atlassian server was breached by a suspected nation-state attacker and the FBI disrupt and neutralize KV-botnet.
Threat Bulletin #253
January 26, 2024 20:00 - 6 minutes - 4.35 MBMicrosoft confirms details of recent Russian compromise. Kasseika joins ransomware groups performing BYOVD attacks. Trickbot browser injection developer jailed.
Threat Bulletin #252
January 19, 2024 20:00 - 5 minutes - 4 MBVMware critical flaw under active exploitation. Critical vulnerability discovered in Juniper firewalls and switches. Ivanti bypass flaw exploited in the wild.
Threat Bulletin #251
January 12, 2024 20:00 - 5 minutes - 4.07 MBEvasive Async RAT has targeted infrastructure for almost a year. New FBot toolkit targets SaaS and cloud platforms. Turkish group uses Mimic ransomware to target MSSQL servers.
Threat Bulletin #250
January 05, 2024 19:00 - 6 minutes - 4.32 MBCritical Invanti flaw allows compromise of enrolled devices. Multiple malware strains use Google feature for persistence. Microsoft disables MSIX after it is abused by malware again.
Threat Bulletin #249
December 22, 2023 18:00 - 5 minutes - 3.89 MBRhadamanthys infostealer gains popularity with new features. MongoDB confirms breach and theft of customer data. FBI confirms it breached the Blackcat ransomware group.
Threat Bulletin #248
December 15, 2023 23:00 - 6 minutes - 4.81 MBAlphV ransomware outage rumored to be caused by FBI. New "Pool Party" injection technique evades 5 leading EDR solutions. Lazarus continues to abuse Log4J with 3 new malware strains.
Threat Bulletin #247
December 08, 2023 20:00 - 5 minutes - 4.01 MBNCSC warns of Russian state group social engineering activity. Okta customers affected by recent attack revised from 1% to 100%. Researchers discover Linux rootkit RAT undetected since 2021.
Threat Bulletin #246
December 01, 2023 21:00 - 6 minutes - 4.22 MBRansomware group arrested in Ukraine following attacks against 71 countries. Method discovered to passively extract RSA keys from SSH connections. Chrome fixes its 6th zero day exploited in the wild this year.
Threat Bulletin #245
November 27, 2023 14:00 - 6 minutes - 4.67 MBRussian state USB malware spreads to unintended targets. Qbot moves to Darkgate and Pikabot following takedown. Criminals claim ability to reuse expired Google auth cookies.
Threat Bulletin #244
November 20, 2023 19:00 - 5 minutes - 3.74 MBCISA adds three flaws to its KEV Google Workspace and Cloud highlighted as attack vector. VMWare warns of critical VCD flaw.
Threat Bulletin #243
November 13, 2023 09:00 - 5 minutes - 3.82 MBMicrosoft will soon begin moving towards mandatory full MFA adoption. GootLoader variant moves to stealthier self developed bot. BlazeStealer targets developers with malicious code repos.
Threat Bulletin #242
November 03, 2023 18:00 - 6 minutes - 4.33 MBRecent F5 Big IP flaws exploited in stealthy attacks. Citrix bleed flaw leveraged against government targets. Mozi dismantled by mysterious killswitch command.
Threat Bulletin #241
October 27, 2023 18:00 - 6 minutes - 4.42 MBFake Corsair job offers pushing Darkgate malware strain. Ragnar Locker operation dealt heavy blow by Europol. Okta support system compromised, customers breached.
Threat Bulletin #240
October 20, 2023 13:00 - 6 minutes - 4.78 MBAnother Citrix Netscaler flaw exploited as a zero day since August. Microsoft will phase out NTLM with Windows 11, in favour of Kerberos. Multiple nation state groups are exploiting a recent critical WinRAR flaw.
Threat Bulletin #239
October 13, 2023 19:00 - 7 minutes - 5.44 MBGenetic information stolen by credential stuffing attack. New “rapid reset” zero day enables record breaking DDoS. Microsoft will kill of VBScript in the near future.
Threat Bulletin #238
October 06, 2023 19:00 - 6 minutes - 4.36 MBNew BunnyLoader MaaS becomes popular due to features and pricing. Atlassian Confluence under active exploitation from new 0-day. Looney Tunables vulnerability enables root on popular Linux distros.
Threat Bulletin #237
September 29, 2023 20:00 - 5 minutes - 3.68 MBMaximum severity CVE assigned to libwebp following Google error New ShadowSyndicate group tied to several ransomware ops
Threat Bulletin #236
September 22, 2023 19:00 - 7 minutes - 4.86 MBVenomRAT dropped by fake PoC exploit for WinRAR flaw. Newly observed Sandman group targets Telecoms. BlackCat ransomware operation targets Azure storage.
Threat Bulletin #235
September 15, 2023 18:00 - 5 minutes - 4.12 MBTeams phishing techniques ignored by Microsoft used by ransomware enablers. A new chain of Kubernetes vulnerabilities can lead to code execution. Operators of the Redline and Vidar malware pivot to ransomware.
Threat Bulletin #234
September 08, 2023 20:00 - 5 minutes - 3.91 MBCisco acknowledge VPN zero day exploited by ransomware actors. North Korean threat actors target cyber security researchers. New Blister malware updates drive quiet network infiltration.
Threat Bulletin #233
September 01, 2023 19:00 - 6 minutes - 4.36 MBPoC Exploit chain enables RCE attacks against Juniper firewalls. Attacks against Citrix Netscaler devices linked to FIN8. Qakbot botnet dismantled in aptly named “Operation Duck Hunt”
Threat Bulletin #232
August 25, 2023 18:00 - 6 minutes - 4.51 MBWinRAR flaw enables command execution by simply opening an archive. Malware strain maps victims location in real time via Wi-Fi triangulation. PoC exploit released for Ivanti vulnerability recently used in attacks.
Threat Bulletin #231
August 18, 2023 19:00 - 7 minutes - 4.85 MBNearly 2000 Citrix NetScaler servers compromised in new campaign. NoFilter, new stealthy privilege escalation technique discovered. Raccoon returns with version 2.3 after 6 month hiatus.
Threat Bulletin #230
August 04, 2023 18:00 - 6 minutes - 4.52 MBAWS system manager can be leveraged as a remote access trojan. CISA highlights the SUBMARINE backdoor used in Barracuda ESG attacks. Google AMP links abused for stealthy phishing campaigns.
Threat Bulletin #229
July 28, 2023 17:00 - 6 minutes - 4.78 MBCompromised IIS servers used as malware delivery mechanism by Lazarus Critical zero days in Atera platform could allow for privilege escalation. Decoy Dog toolkit appears highly targeted and largely undetected.
Threat Bulletin #228
July 21, 2023 19:00 - 6 minutes - 4.22 MBLazarus targets developers with malicious GitHub projects. USB malware strains SOGU and SNOWYDRIVE drive huge infection vector increase. Gamaredon campaign exfiltrating files mere 30 minutes after initial infection.
Threat Bulletin #227
July 14, 2023 20:00 - 5 minutes - 3.58 MBWormGPT, an AI tool which could make BEC attacks trivial. Chinese hackers exploit flaw in Windows policy to load malicious kernel drivers.
Threat Bulletin #226
July 07, 2023 18:00 - 5 minutes - 4.05 MBBlackCat ransomware group uses WinSCP SEO poisoning to push cobalt strike. New “StackRot” Linux vulnerability enables privilege escalation.
Threat Bulletin #225
June 30, 2023 20:00 - 5 minutes - 3.89 MBNew EarlyRAT malware attributed to Lazarus offshoot. Microsoft issues warning on increased widespread credential theft activity. New Mockingjay process injection technique could bypass EDR detection.
Threat Bulletin #224
June 23, 2023 18:00 - 6 minutes - 4.6 MBUS Government offers $10m bounty for info on the Clop ransomware group following MOVEit attacks. New “Mystic Stealer” malware as a service gaining traction in underground groups. APT37 deploying new “Fadestealer” espionage malware.
Threat Bulletin #223
June 16, 2023 18:00 - 5 minutes - 3.97 MBBatcloak malware obfuscation engine tied to various successful malware strains. Hackers impersonate cybersecurity experts and peddle poisoned PoC code.
Threat Bulletin #222
June 09, 2023 17:00 - 7 minutes - 5.38 MBPoC released for Win32K flaw actively exploited in attacks Chinese group Camaro Dragon use new TinyNote backdoor for intel gathering. The Clop threat actor claims responsibility for the MOVEit data theft attacks.
Threat Bulletin #221
June 02, 2023 17:00 - 7 minutes - 5.35 MBGigabyte firmware vulnerability potentially affects 7 million devices. Phishing toolkits develop new ticks using new .ZIP TLD. New malware used to target and disrupt power grids discovered.
Threat Bulletin #220
May 19, 2023 16:00 - 6 minutes - 4.26 MBTool which allows extraction of KeePass master password publicly available. Geacon, an open source Cobalt Strike port usable on MacOS, sees spike in use. Report outlines Microsoft Teams functions which can enable phishing and more.
Threat Bulletin #219
May 05, 2023 20:00 - 7 minutes - 5.35 MBViperSoftX infostealer expands to target specific password managers. DLL sideloading is so effective, attackers begin doubling up the technique. North Korean Kimsuky group employing new Reconshark recon tool.
Threat Bulletin #218
April 28, 2023 17:00 - 7 minutes - 4.92 MBGhostToken flaw, which allowed invisible persistence, patched and visible. AuKill tool used in attack pipeline to kill EDR processes. PoC exploit code available for Papercut flaw, which allows server takeover.
Threat Bulletin #217
April 21, 2023 19:00 - 7 minutes - 5.32 MBLazarus moves to distribute Linux malware via faux job offers. Aurora distributed via YouTube, resulting in evasive loader payload. Tangle of attackers as multiple groups collaborate with Domino malware.
Threat Bulletin #216
April 14, 2023 18:00 - 7 minutes - 5.31 MBLazarus evolve their tactics and targeted industries. Zero day from recent patch Tuesday under active Ransomware exploitation. MuddyWater pairing with new splinter group to perform destructive attacks.
Threat Bulletin #215
April 11, 2023 10:00 - 6 minutes - 4.45 MBWordpress plugin with over 11 million install base under active exploitation. Western Digital hit by cyber attack, services impacted, cause unclear. SFX archives can be used to run stealthy Powershell backdoors.
Threat Bulletin #214
March 31, 2023 16:00 - 7 minutes - 4.86 MBMalicious Python package avoids detection through use of Unicode Homoglyphs. The well established IcedID malware shifts from banking to ransomware delivery. Supply chain attack hits customers of 3CX VOIP application, including the NHS.