Talion Threat Set Radio
174 episodes - English - Latest episode: 5 days ago -Talion Threat Set Radio is your weekly cyber threat intelligence bulletin. We cut through the noise to give you our honest opinion on the threat news that matters.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Threat Bulletin #166
April 22, 2022 07:00 - 7 minutes - 5.43 MBNo 10 suspected of being target of NSO spyware attack, U.S. offers $5 million for info on North Korean cyber operators & notorious cybercrime gang’s botnet ZLoader disrupted
Threat Bulletin #165
April 14, 2022 16:00 - 7 minutes - 5.35 MBRaidforums seized, owner and operator arrested after running the site since the age of 14. Microsoft works with US government to dismantle operations targeting Ukraine. In an act of poetic justice, Conti source code is repurposed to attack Russian targets.
Threat Bulletin #164
April 08, 2022 16:00 - 6 minutes - 4.6 MBIntel completely shuts down business in Russia, exacerbating component shortage fears. German investigators shut down Hydra, the largest illegal Darkweb marketplace. Borat remote access trojan, with ransomware and other capabilities, offered for sale.
Threat Bulletin #163
April 01, 2022 16:00 - 7 minutes - 5.28 MBChinese security researcher accidentally releases spring framework PoC exploit. Raccoon stealer malware operation suspended after key developer killed in Ukraine invasion. Kaspersky pose “unacceptable risk” as the Russian security giant is removed from bug bounty programs. Lapsus$ return from vacation, and take arrests in stride releasing 70gb of data stolen from Globant.
Threat Bulletin #162
March 25, 2022 17:00 - 8 minutes - 6.17 MBOpen source software poisoned and turned into supply chain attack as anti war protest. Much newer functional version of Conti leaked online as revenge by Ukrainian member. Lapsus$ members arrested in London after more high profile hits over the last week.
Threat Bulletin #161
March 18, 2022 11:00 - 7 minutes - 5 MBIn this weeks episode, the arrest and extradition of a NetWalker ransomware affiliate, the exploitation of unskilled Ukrainian hackers and finally, a campaign which suggests China may be helping Russia in their cyber efforts towards the conflict.
Threat Set Radio - Education Podcast
March 15, 2022 14:00 - 7 minutes - 5.32 MBHosted by Talion's in-house Threat Intelligence team, this special Threat Set Radio podcast episode covers some of the specific threats Higher Education is facing: · BotNet targeting Higher Education · Log4Shell exploit · Recent Ransomware attacks on Higher Education
Threat Bulletin #160
March 11, 2022 17:00 - 6 minutes - 4.8 MBCybersecurity news regarding the ongoing Russian invasion of Ukraine rundown. Certificates obtained from Nvidia leak used to sign malware. Lapsus$ breaches Samsung shortly after the Nvidia attack.
Threat Bulletin #159
March 04, 2022 17:00 - 7 minutes - 5.18 MBData wiper pointed at Ukraine appears to have been in development for months. Ukranian researcher leaks Conti comms after they announce support for Russian invasion. Trickbot developers appear to fold into Conti operation in act of cybercrime consolidation. Nvidia hacked and employee data stolen, only to promptly hack the attackers back.
Threat Bulletin #158
February 25, 2022 10:00 - 8 minutes - 5.8 MBThis week’s topics- Analysis of the DDoS Attacks against Ukrainian Websites, New Sandworm malware #Cyclops Blink replaces VPNFilter & a jammer used to stop kids going online, wipes out a town's internet by mistake.
Threat Bulletin #157
February 18, 2022 16:00 - 7 minutes - 4.87 MBMicrosoft Defender to gain ability to block credential theft via Mimikatz and similar methods. Kraken botnet spread using Smokeloader, and is observed dropping Redline. Hackers using Microsoft Teams to perform extremely blatant internal attacks.
Threat Bulletin #156
February 11, 2022 17:00 - 6 minutes - 4.7 MBRussia performs third major cybercrime arrest as apparent crackdown continues. Ransomware gangs adapt in effort to draw less attention and retaliation. Smokeloader spearheads long list of malware strains using pay per install service to expand
Threat Bulletin #155
February 04, 2022 17:00 - 7 minutes - 5.18 MBMalicious CSV files used as Bazar malware infection vector. Research compiled from 2021 shows most ransomware infections are self installed. New publicly available Windows privilege escalation vulnerability as admins skip January patch.
Threat Bulletin #154
January 28, 2022 16:00 - 6 minutes - 4.76 MBWindows Update used by Lazarus as a living off the land tool to deploy malware. Firmware level rootkits becoming more popular as 3rd to hide in SPI flash discovered. Microsoft finally disables Excel XML macros by default in effort to block malware.
Threat Bulletin #153
January 21, 2022 16:00 - 7 minutes - 5.09 MBRussian authorities claim to dismantle the entire REvil ransomware operation, and seize assets. Dark web card fraud platform shuts up shop after 8 years citing age of operators. New ransomware strain dubbed White Rabbit linked to Fin8 group.
Threat Bulletin #152
January 14, 2022 15:00 - 7 minutes - 5.21 MBGoogle doc comments leveraged as highly convincing phishing lures. Carbanak authors attempt ransomware infection by mailing disguised USBs to victims. 8 year old Microsoft Defender flaw highlighted by security researchers.
Threat Bulletin #151
January 07, 2022 16:00 - 7 minutes - 5.44 MBMicrosoft sees in the new year with exchange server flaw dubbed Y22K, halting emails for affected organisations. Purple Fox rootkit seeing increased distribution through trojanised versions of Telegram messenger. Compromised version of Atera tools used to compromise organisations using decade old code signing oversight.
Threat Bulletin #150
December 31, 2021 15:00 - 6 minutes - 4.64 MBRook, a new ransomware strain which appears to be created from the Babuk source code leak appears in the wild. Researchers say Log4J flaw will take years to fully address owing to the sheer number of nested dependencies. The ransomware gang which breached Gigabyte provides a free decryptor after realising they hit the US police.
Threat Bulletin #149
December 24, 2021 14:00 - 6 minutes - 4.32 MBNew lightweight malware strain hides in the registry among other stealth techniques. Two active directory bugs from November patch Tuesday abused in tandem by PoC to allow takeover. Pysa ransomware strain experiences huge surge to become a top player as the year closes.
Threat Bulletin #148
December 17, 2021 12:00 - 6 minutes - 4.6 MBIn this weeks episode the fallout from the Log4j discovery, new developments on the resurrection of Emotet & an accidental uncovering of Hello Kitty ransomware.
Threat Bulletin #147
December 10, 2021 16:00 - 7 minutes - 5.47 MBNew Cerber ransomware impersonator targets Confluence and Gitlab servers. Direct Cobalt Strike installation further suggests new Emotet infrastructure gearing up for Ransomware campaign. Solarwinds attackers deploy new stealthy malware strain and search for new supply chain attack opportunities.
Threat Bulletin #146
December 03, 2021 16:00 - 7 minutes - 5.2 MBIn this weeks episode, Trickbot adopt new evasion methods to avoid sandbox environments, nation state actors employ simple yet effective technique to perform post phishing exploitation, and an RCE vulnerability affecting over 150 distinct HP printer models has existed for over 8 years.
Threat Bulletin #145
November 26, 2021 16:00 - 7 minutes - 4.89 MBIn this weeks episode proof of concept weaponised with alarming speed as windows installer zero day spotted in the wild, GoDaddy suffers breach affecting 1.2 million sites, ongoing since September and new strain of Linux malware hides in cron jobs scheduled for dates that don't exist.
Threat Bulletin #144
November 22, 2021 09:00 - 7 minutes - 5.04 MBThis week’s Threat Intel news: Emotet rises from the dead, uses its old payload Trickbot to rebuild itself. North Korea state actors target security researchers with compromised analysis software. Research highlights the TLDs favoured by attackers for different types of malicious activity.
Threat Bulletin #143
November 11, 2021 16:00 - 7 minutes - 5.39 MBThis week’s Threat Intel news: US charges 2 suspected major REvil ransomware operators Conti ransomware gang make grovelling apology to Arab Royals over data leak TeamTNT hackers target your poorly configured Docker server
Threat Bulletin #142
November 08, 2021 09:00 - 7 minutes - 5.06 MBThis week’s Threat Intel news: Darkside hit with a $10m bounty as fallout of Colonial Pipeline attack continues. Critical Linux kernel vulnerability disclosed. FBI releases advisory stating ransomware gangs specifically target victims in financially sensitive negotiations.
Threat Bulletin #141
October 29, 2021 14:00 - 7 minutes - 5.22 MBThis week’s Threat Intel news: Avoslocker reportedly hits Gigabyte, possibly obtains files enabling supply chain attacks. Conti begins selling access to non compliant victims networks. Rootkit discovered bearing a valid Microsoft signature after evading vetting process.
Threat Bulletin #140
October 22, 2021 14:00 - 9 minutes - 6.25 MBThis week’s Threat Intel news: Macaw Locker is Evilcorps latest ransomware strain rebrand to evade sanctions. Trickbot uses new tricks for distribution. FIN7 creates fake English cybersecurity firm to hire pen-testers to perform criminal attacks.
Threat Bulletin #139
October 15, 2021 14:00 - 7 minutes - 5.1 MBThis week’s Threat Intel news: New EU legislation could ban anonymous domain registration, in an effort to curb cyber crime FINN12 becomes the first ransomware affiliate to be elevated to threat actor level, targets healthcare SnapMC skips the traditionally most important part of ransomware, and just plain extorts victims
Threat Bulletin #138
October 08, 2021 15:00 - 6 minutes - 4.82 MBThis week's Threat Intel news: Ransomware operators arrested and ill gotten gains seized in Ukraine Atom Silo ransomware strain targets Confluence servers and employs novel evasive measures Apache Airflow vulnerability morphs into remote code execution as POC is released
Threat Bulletin #137
October 01, 2021 14:00 - 6 minutes - 4.82 MBThis week's Threat Intel news: Microsoft scrambles to register autodiscover domains exploited in flaw it was warned of years ago. The Conti ransomware gang target new recruits with specific backup destruction experience. FoggyWeb malware attributed to the group behind the infamous Solarwinds attack.
Threat Bulletin #136
September 24, 2021 09:00 - 5 minutes - 4.04 MBIn this week's episode: OS compatibility features abused to stealthily deliver malware. VMware notifies customers of particularly concerning vulnerability prior to disclosure US government poised to sanction Crypto exchanges which have dealt with cyber criminals
Threat Bulletin #136
September 24, 2021 09:00 - 5 minutes - 4.04 MBIn this week's episode: OS compatibility features abused to stealthily deliver malware. VMware notifies customers of particularly concerning vulnerability prior to disclosure US government poised to sanction Crypto exchanges which have dealt with cyber criminals
Threat Bulletin #135
September 17, 2021 08:00 - 7 minutes - 4.96 MBThis week's Threat Intel news in just 7 minutes: The recent Apple hack Dark web forum Marketo making a name for themselves Update on recent ransomware activity
Threat Bulletin #134
September 10, 2021 14:00 - 5 minutes - 3.79 MBThis week's Threat Intel news in 6 minutes: New malware technique observed using CLFS log files to evade detection. REvil returns after 2 months of hiding, attacks UK based ITSP with DDoS attacks. Babuk source code leaked by ransomware developer dying due to stage 4 lung cancer.
Threat Bulletin #133
September 03, 2021 13:00 - 7 minutes - 5.08 MBThis week's Threat Intel news in 7 minutes: Lockfile ransomware utilises intermittent file encryption to bypass defences. Microsoft exchange flaw can enable remote theft of entire mailbox. BazaLoader uses fake DMCA takedown and DDoS notices as lures to deliver malware.
Threat Bulletin #132
August 27, 2021 19:00 - 7 minutes - 5.28 MBThis week's Threat Intel news in 7 minutes: Details emerge on Fin8’s newly developed backdoor Razer products allow alarmingly easy local privilege escalation Proxyshell attacks on the rise despite patch issued months ago
Threat Bulletin #131
August 20, 2021 18:00 - 7 minutes - 5.46 MBSome showstoppers this week, get the low down on: Blackbaud in court battle over downplaying the severity of its 2020 ransomware attack Almost half of US hospitals have shut down networks due to ransomware, new report shows Possible terrorist suspect and no fly list exposed on Elasticsearch cluster with no password
Threat Bulletin #130
August 13, 2021 19:00 - 8 minutes - 5.84 MBThis week we're discussing: Gigabyte, and American Megatrends GIT breached by RansomEXX Accenture hit by Lockbit RaaS operation in the wake of REvil and Darkside winding down Vulnerability disclosed in Arcadyan router firmware present for over a decade
Threat Bulletin #129
August 06, 2021 15:00 - 7 minutes - 5.25 MBIn this week's episode: Darkside returns, rebranding as Blackmatter following the Colonial Pipeline attack, disgruntled Conti ransomware affiliate leaks the groups playbook and training materials. Also, ENISA concludes current defences will fold to supply chain based attacks based on recent examples.
Threat Bulletin #128
July 30, 2021 16:00 - 7 minutes - 4.98 MBIn this weeks episode: Doppelpaymer looks to be performing a fairy obvious rebrand, The Babuk groups new ransomware forum ironically held to ransom, the no more ransom initiative saves over a billion in payments after 5 years in operation.
Threat Bulletin #127
July 23, 2021 15:00 - 6 minutes - 4.57 MBIn this weeks episode, Kaseya obtains decryption master key, remaining quiet about its origin, the printer vulnerability nearly old enough to drive affects millions of machines, and Windows zero-day privilege escalation vulnerability affects even unreleased Windows 11.
Threat Bulletin #127
July 23, 2021 14:00 - 6 minutes - 4.57 MBThis week we're discussing: •Kaseya obtains decryption master key, but is remaining quiet about its origin •Printer vulnerability nearly old enough to drive affects millions of machines •Windows zero day privilege escalation vulnerability affects even unreleased Windows 11
Threat Bulletin #126
July 16, 2021 19:00 - 7 minutes - 5.45 MBThis week we're discussing: New Solarwinds vulnerability under active exploitation REvil disappears from the face of the earth following Kaseya attack fallout Trickbot resurgence with new capabilities
Threat Bulletin #125
July 09, 2021 16:00 - 8 minutes - 5.62 MBKaseya made headings this week with a supply chain attack claiming approximately 1500 victims, and the largest ever ransom demand of $70m. Also, After OOB patch addressing PrintNightmare released by Microsoft, researchers discover a complete bypass.
Threat Bulletin #124
July 02, 2021 21:00 - 8 minutes - 5.84 MBIn this week's bulletin we're discussing: Criminal VPN service taken down by law enforcement, who claim to have seized customer logs. Code to exploit windows print spooler service accidentally released, disable ASAP. Babuk ransomware building tool leaked to VT and immediately used by copycats.
Threat Bulletin #123
June 25, 2021 15:00 - 8 minutes - 5.72 MBRansomware is dominating the headlines again this week, we'll be discussing: Clop ransomware chugs onward despite arrests of multiple members and equipment seizures. 700GB of ADATA files publicly released following refusal to pay ransom. Data leak marketplace attempts to entice competitors into buying rivals compromised data.
Threat Bulletin #122
June 18, 2021 14:00 - 9 minutes - 6.22 MBAvaddon, responsible for almost a quarter of all ransomware attacks in 2021, calls it quits. EA reportedly breached via slack channel used to obtain MFA login token. SITA, IT provider for 90% of the airline industry, hit by longform supply chain attack.
Threat Bulletin #122
June 18, 2021 14:00 - 9 minutes - 6.22 MBAvaddon, responsible for almost a quarter of all ransomware attacks in 2021, calls it quits. EA reportedly breached via slack channel used to obtain MFA login token. SITA, IT provider for 90% of the airline industry, hit by longform supply chain attack.
Threat Bulletin #121
June 11, 2021 15:00 - 6 minutes - 4.49 MBIn this week's episode we're discussing: Evilcorp attempts to imitate other criminal group to evade sanctions Attackers are actively looking to leverage new VMware vulnerability with working PoC code Colonial ransomware incident attributed to old VPN password found in previous breaches Largest stolen credentials market taken down by joint operation