Talion is a finalist for Best SIEM Solution

Talion is a finalist for Best SIEM Solution

Contact

Resources

Blog

Get our latest insights, information and advice on the threat landscape, technology trends and challenges facing the cyber security community.

Filter by category
  • All
  • Blog
  • Case Study
  • Knowledge
  • Pen Testing
  • Podcast
  • Report
  • Webinars
  • All
  • All
  • Blog
  • Case Study
  • Knowledge
  • Pen Testing
  • Podcast
  • Report
  • Webinars
Threat Set Radio #294 - Talion
Threat Set Radio #294
In this weeks episode: Termite ransomware claims attack on Blue Yonder SaaS giant. Ivanti suffers sixth CSA security vulnerability in 4 months.
Threat Set Radio #293 - Talion
Threat Set Radio #293
In this weeks episode: New phishing technique abuses office document recovery feature to evade detection. Quick fire topics.
Threat Set Radio #292 - Talion
Threat Set Radio #292
In this weeks episode: First UEFI Bootkit targeting Linux discovered. Russian RomCom group utilises chain vulnerability in widespread attack.
Threat Set Radio #291 - Talion
Threat Set Radio #291
In this weeks episode: Akira claims record breaking 30 victims in one day. Ransomware operation abandons file encryption for extortion tactics. Quick fire topics.
Threat Set Radio #290 - Talion
Threat Set Radio #290
In this weeks episode: Multiple new phishing techniques, ZIP file concatenation, and Docusign API abuse on the rise. Quick fire topics.
Threat Set Radio #289 - Talion
Threat Set Radio #289
In this weeks episode: VEILDrive campaign uses a number of Microsoft services for stealthy compromise. Quick fire topics.
Threat Set Radio #288 - Talion
Threat Set Radio #288
In this weeks episode: Arrested members of the REvil ransomware operation tried and charged in Russian court. Operation Magnus collaborative effort brings down Redline and Meta infostealer malware.
Threat Set Radio #287 - Talion
Threat Set Radio #287
In this weeks episode: New Fortinet 0 day exploit highlights history of bad disclosure and transparency practices Quick fire topics.
Threat Set Radio #286 - Talion
Threat Set Radio #286
In this weeks episode: Tool which disrupts EDR solutions from sending alerts to defenders used in attacks. Quick fire topics.
Threat Set Radio #285 - Talion
Threat Set Radio #285
In this weeks episode: 31 million records stolen from the Wayback Machine service. Ivanti hit by even more zero day exploitation in active attacks. Quick fire topics.
Threat Set Radio #284 - Talion
Threat Set Radio #284
In this weeks episode: Evil Corp and LockBit members the target of global sanctions and arrests. Quick fire topics.
Threat Set Radio #283 - Talion
Threat Set Radio #283
In this weeks episode: Telegram in the spotlight, founder arrested, banned in Ukraine, and will now share user data on legal request. Quick fire topics.
Threat Set Radio #282 - Talion
Threat Set Radio #282
In this weeks episode: Explosions were a supply chain compromise, not a cyber attack. Another Ivanti critical flaw exploited in the wild with public exploit.
Threat Set Radio #281 - Talion
Threat Set Radio #281
In this weeks episode: Security giant Fortinet suffers data breach as 440GB of files stolen. Quick fire lightning round.
Threat Set Radio #280 - Talion
Threat Set Radio #280
In this weeks episode: Uncommon technique from 2017 resurrected to drop Cobalt Strike Versa Director vulnerability leveraged by Volt Typhoon New persistence technique allowed Linux malware to hide for years.
Navigating Remote Work Challenges: Enhance Security with Managed SIEM and MDR - Talion
Navigating Remote Work Challenges: Enhance Security with Managed SIEM
Threat Set Radio #279 - Talion
Threat Set Radio #279
In this weeks episode: SolarWinds flaw exploited in the wild & hardcoded credentials. Report indicates ransom payments will break last years record. Lazarus exploit driver present on every Windows system.
Threat Set Radio #278 - Talion
Threat Set Radio #278
In this weeks episode:  - Over 2 Billion Records of Personal Information Leaked. - Critical TCP/IP remote code execution vulnerability patched by Microsoft. - Ringleader of Ransom Cartel extradited to the US to face charges.
Threat Set Radio #277 - Talion
Threat Set Radio #277
In this week’s episode we report on: The legal challenges against CrowdStrike begin following update incident. CISA re-issues seven year old warning over exploited Cisco install flaw. Chinese group compromises ISP to push poisoned infostealer updates.
Threat Set Radio #276 - Talion
Threat Set Radio #276
In this week’s episode we report on: Microsoft vows less reliance on kernel drivers following CrowdStrike incident. Cloudflare trial product increasingly abused for criminal obfuscation. Black Basta sees success with in house tools following QBot takedown.
Board-Level Cybersecurity Reporting Tips for CISOs - Talion
Board-Level Cybersecurity Reporting Tips for CISOs
Threat Set Radio #275 - Talion
Threat Set Radio #275
In this week’s episode we report on: Repair documentation used to push malware after CrowdStrike incident. New Linux variant of the prolific Play ransomware discovered. New ICS malware FrostyGoop responsible for Ukraine attack.
Threat Set Radio #274 - Talion
Threat Set Radio #274
In this week’s episode we report on: Report highlights alarming speed PoC exploits are weaponized. Kaspersky offers 6 months free service as farewell to US market. Fin7 offers sophisticated evasion tool on underground markets. CrowdStrike botched update causes global havoc.
Top 10 Cyber Security Threats: Essential Statistics and Proactive Measures for Cybersecurity Leaders - Talion
Top 10 Cyber Security Threats: Essential Statistics and Proactive Meas
Threat Set Radio #273 - Talion
Threat Set Radio #273
In this week’s episode we report on: Eldorado ransomware claims 16 victims in short timeframe. Free decryption tool released by Avast for DoNex ransomware strain. Blast Radius attacks leverage MD5 collisions to gain admin.
Top 10 Challenges for Cybersecurity Leaders Today - Talion
Top 10 Challenges for Cybersecurity Leaders Today
Threat Set Radio #272 - Talion
Threat Set Radio #272
In this week’s episode we report on: "regreSSHion" SSH flaw leads to root on Linux servers. GootLoader continues to deploy updated versions in new attacks.
4 Ways Agile Cybersecurity Providers Outpace the Big Ones - Talion
4 Ways Agile Cybersecurity Providers Outpace the Big Ones
Threat Set Radio #271 - Talion
Threat Set Radio #271
In this week’s episode we report on: Kaspersky software banned in US due to national security concerns. LockBit misleadingly claims to hit US federal reserve. TeamViewer compromised by Russian state sponsored APT group.
Threat Set Radio #270 - Talion
Threat Set Radio #270
In this week’s episode we report on: PoC exploit code available for heavily targeted Veeam backup solution. New loader dubbed PhantomLoader delivers MaaS payloads. Black Basta may have exploited flaw 3 months before fix issued, as 0 day.
Threat Set Radio #269 - Talion
Threat Set Radio #269
In this week’s episode we report on: Attackers target GitHub repos once again in Ransom-lite extortion. Windows will finally depreciate NTLM, providing transition advice. PoC chaining two flaws for Telerik report released.
Threat Set Radio #268 - Talion
Threat Set Radio #268
In this week’s episode we report on:
  • Check Point Zero-day vulnerability.
  • Okta Credential Stuffing.
  • Operation Endgame Targets Botnets.
Pros and Cons of AI in Cybersecurity - Talion
Pros and Cons of AI in Cybersecurity
Threat Set Radio #267 - Talion
Threat Set Radio #267
In this week’s episode we report on: LockBit Ransomware group have had nothing but setbacks since  “Operation Chronos”. GitHub alerts users to 2 high severity vulnerabilities. A significant uptick in Docusign phishing emails has been observed in May.
Threat Set Radio #266 - Talion
Threat Set Radio #266
In this week’s episode we report on: LockBit ransomware admin is named and sanctioned. North Korean actors exploiting weak DMARC policies for spearphishing. Ivanti flaws chained together to drop Mirai botnet.
6 Ways to Strengthen Your Application Security - Talion
6 Ways to Strengthen Your Application Security
Threat Set Radio #265 - Talion
Threat Set Radio #265
In this week’s episode we report on: Developers targeted with Python backdoor during false job interviews. New UK law now in effect limits default passwords on smart devices. New malware emerges targeting small office and home routers.
Threat Set Radio #264 - Talion
Threat Set Radio #264
In this week’s episode we report on: MITRE breached using two Ivanti zero days. CrushFTP victim of targeted zero day exploitation. ArcaneDoor campaign targets vulnerable Cisco devices.
Threat Set Radio #263 - Talion
Threat Set Radio #263
In this week’s episode we report on: Large scale exploitation of Palo Alto CVE following PoC disclosures. Atlassian vulnerability leveraged to deploy Cerber ransomware. PuTTY flaw can be used to obtain private cryptographic keys.
Threat Set Radio #262 - Talion
Threat Set Radio #262
In this week’s episode we report on: Warnings issued regarding 10/10 CVSS score Rust vulnerability. Researchers speculate LLM wrote Powershell for malware strain. Change Healthcare hit by ransom demand again following AlphV exit scam.
Threat Set Radio #261 - Talion
Threat Set Radio #261
In this week’s episode we report on: Sophisticated supply chain attack attempted against multiple Linux distros. Linux false Sudo prompt flaw has persisted for over a decade. DinodasRAT now targeting Linux servers with new variant.
Threat Set Radio #260 - Talion
Threat Set Radio #260
In this week’s episode we report on: Huge darknet marketplace seized by German takedown effort. Muddywater group using legitimate RM tools for access. APT31 members sanctioned following US infrastructure attacks.
Threat Set Radio #259 - Talion
Threat Set Radio #259
In this week’s episode we report on: Fujitsu discover malware compromised systems. Russian actors may be targeting Ukrainian telecoms with new wiper malware. New DoS technique discovered able to create infinite feedback loop.
Threat Set Radio #258 - Talion
Threat Set Radio #258
In this week’s episode we report on: Russian groups accesses Microsoft source code in follow up from January attack. StopCrypt, the ransomware still targeting individuals over business has been upgraded. DarkGate leverage recent SmartScreen vulnerability in attacks.
Threat Set Radio #257 - Talion
Threat Set Radio #257
In this week’s episode we report on: The Blackcat / AlphV ransomware operation fakes law enforcement takedown to steal from their own affiliate.
Threat Set Radio #256 - Talion
Threat Set Radio #256
In this week’s episode we report on: LockBit claims swift recovery from takedown operation, downplaying severity and threatening leaks. Lazarus exploit Windows zero day flaw with new improved Rootkit.
Threat Set Radio #255 - Talion
Threat Set Radio #255
In this week’s episode we report on: DoJ takes down botnet used by Russian state group. LockBit ransomware operation gutted by the NCA. ScreenConnect under active attack, Lockbit used.
Threat Set Radio #254 - Talion
Threat Set Radio #254
Anydesk confirms cyberattack that allowed hackers to gain access to the company's production systems, Cloudflare publicly disclose its internal Atlassian server was breached by a suspected nation-state attacker and the FBI disrupt and neutralize KV-botnet.
Threat Set Radio #253 - Talion
Threat Set Radio #253
In this week’s episode we report on: Microsoft confirms details of recent Russian compromise. Kasseika joins ransomware groups performing BYOVD attacks. Trickbot browser injection developer jailed.
Threat Set Radio #252 - Talion
Threat Set Radio #252
In this week’s episode we report on: VMware critical flaw under active exploitation. Critical vulnerability discovered in Juniper firewalls and switches. Ivanti bypass flaw exploited in the wild.
Threat Set Radio #251 - Talion
Threat Set Radio #251
In this week’s episode we report on: Evasive Async RAT has targeted infrastructure for almost a year. New FBot toolkit targets SaaS and cloud platforms. Turkish group uses Mimic ransomware to target MSSQL servers.
GoodWill Ransomware Forces Kindness – Is It Ethical? - Talion
GoodWill Ransomware Forces Kindness – Is It Ethical?
Threat Set Radio #250 - Talion
Threat Set Radio #250
In this week’s episode we report on: Critical Invanti flaw allows compromise of enrolled devices. Multiple malware strains use Google feature for persistence. Microsoft disables MSIX after it is abused by malware again.
Cyber Criminals Take Advantage Of ChatGPT: Phishing Emails & More - Talion
Cyber Criminals Take Advantage Of ChatGPT: Phishing Emails & More
Threat Intelligence Update: Dangerous Trends to Monitor in 2024 - Talion
Threat Intelligence Update: Dangerous Trends to Monitor in 2024
Balancing Security and Agility: The Advantages of Hybrid SOC Solutions for Cybersecurity - Talion
Balancing Security and Agility: The Advantages of Hybrid SOC Solutions
Threat Set Radio #249 - Talion
Threat Set Radio #249
In this week’s episode we report on: Rhadamanthys infostealer gains popularity with new features. MongoDB confirms breach and theft of customer data. FBI confirms it breached the Blackcat ransomware group.
Threat Set Radio #248 - Talion
Threat Set Radio #248
In this week’s episode we report on: AlphV ransomware  outage rumored to be caused by FBI. New "Pool Party" injection technique evades 5 leading EDR solutions. Lazarus continues to abuse Log4J with 3 new malware strains.
12 Days of Cyber Christmas: 2023 Trends & 2024 Outlook - Talion
12 Days of Cyber Christmas: 2023 Trends & 2024 Outlook
Threat Set Radio #247 - Talion
Threat Set Radio #247
In this week’s episode we report on: NCSC warns of Russian state group social engineering activity. Okta customers affected by recent attack revised from 1% to 100%. Researchers discover Linux rootkit RAT undetected since 2021.
Threat Set Radio #246 - Talion
Threat Set Radio #246
In this week’s episode we report on: Ransomware group arrested in Ukraine following attacks against 71 countries. Method discovered to passively extract RSA keys from SSH connections. Chrome fixes its 6th zero day exploited in the wild this year.
Threat Set Radio #245 - Talion
Threat Set Radio #245
In this week’s episode we report on: Russian state USB malware spreads to unintended targets. Qbot moves to Darkgate and Pikabot following takedown. Criminals claim ability to reuse expired Google auth cookies.
Going Hybrid: Why Hybrid SOC is the Next Big Thing - Talion
Going Hybrid: Why Hybrid SOC is the Next Big Thing
How Do University CISO’s Share Threat Intelligence? – Research Paper - Talion
How Do University CISO’s Share Threat Intelligence? – Rese
Threat Set Radio #244 - Talion
Threat Set Radio #244
In this week’s episode we report on: CISA adds three flaws to its KEV Google Workspace and Cloud highlighted as attack vector. VMWare warns of critical VCD flaw.
Cyber Security At Board Level: A Strategic Business Risk - Talion
Cyber Security At Board Level: A Strategic Business Risk
Threat Set Radio #243 - Talion
Threat Set Radio #243
In this week’s episode we report on: Microsoft will soon begin moving towards mandatory full MFA adoption. GootLoader variant moves to stealthier self developed bot. BlazeStealer targets developers with malicious code repos.
Threat Set Radio #242 - Talion
Threat Set Radio #242
In this week’s episode we report on: Recent F5 Big IP flaws exploited in stealthy attacks. Citrix bleed flaw leveraged against government targets. Mozi dismantled by mysterious killswitch command.
Threat Set Radio #241 - Talion
Threat Set Radio #241
In this week’s episode we report on: Fake Corsair job offers pushing Darkgate malware strain. Ragnar Locker operation dealt heavy blow by Europol. Okta support system compromised, customers breached.
CISO Cyber Dinner Oct 2023 – Recap - Talion
CISO Cyber Dinner Oct 2023 – Recap
Threat Set Radio #240 - Talion
Threat Set Radio #240
In this week’s episode we report on: Another Citrix Netscaler flaw exploited as a zero day since August. Microsoft will phase out NTLM with Windows 11, in support of Kerberos. Multiple nation state groups are exploiting a recent critical WinRAR flaw.
Threat Set Radio #239 - Talion
Threat Set Radio #239
In this week’s episode we report on: Genetic information stolen by credential stuffing attack. New “rapid reset” zero day enables record breaking DDoS. Microsoft will kill of VBScript in the near future.
Threat Set Radio #238 - Talion
Threat Set Radio #238
In this week’s episode we report on: New BunnyLoader MaaS becomes popular due to features and pricing. Atlassian Confluence under active exploitation from new 0-day. Looney Tunables vulnerability enables root on popular Linux distros.
Threat Set Radio #237 - Talion
Threat Set Radio #237
In this week’s episode we report on: Maximum severity CVE assigned to libwebp following Google error New ShadowSyndicate group tied to several ransomware ops
Threat Set Radio #236 - Talion
Threat Set Radio #236
In this week’s episode we report on: VenomRAT dropped by fake PoC exploit for WinRAR flaw. Newly observed Sandman group targets Telecoms. BlackCat ransomware operation targets Azure storage.
SEC Cyber Security Rules: A Game-Changer For CFOs - Talion
SEC Cyber Security Rules: A Game-Changer For CFOs
Threat Set Radio #235 - Talion
Threat Set Radio #235
In this week’s episode we report on: Teams phishing techniques ignored by Microsoft used by ransomware enablers. A new chain of Kubernetes vulnerabilities can lead to code execution. Operators of the Redline and Vidar malware pivot to ransomware.
Threat Set Radio #234 - Talion
Threat Set Radio #234
In this week’s episode we report on: Cisco acknowledge VPN zero day exploited by ransomware actors. North Korean threat actors target cyber security researchers. New Blister malware updates drive quiet network infiltration.
Threat Set Radio #233 - Talion
Threat Set Radio #233
In this week’s episode we report on: PoC Exploit chain enables RCE attacks against Juniper firewalls. Attacks against Citrix Netscaler devices linked to FIN8. Qakbot botnet dismantled in aptly named “Operation Duck Hunt”
Threat Set Radio #232 - Talion
Threat Set Radio #232
In this week’s episode we report on: WinRAR flaw enables command execution by simply opening an archive. Malware strain maps victims location in real time via Wi-Fi triangulation. PoC exploit released for Ivanti vulnerability recently used in attacks.
Threat Set Radio #231 - Talion
Threat Set Radio #231
In this week’s episode we report on: Nearly 2000 Citrix NetScaler servers compromised in new campaign. NoFilter, new stealthy privilege escalation technique discovered. Raccoon returns with version 2.3 after 6 month hiatus.
Threat Set Radio #230 - Talion
Threat Set Radio #230
In this week’s episode we report on: AWS system manager can be leveraged as a remote access trojan. CISA highlights the SUBMARINE backdoor used in Barracuda ESG attacks. Google AMP links abused for stealthy phishing campaigns.
Threat Set Radio #229 - Talion
Threat Set Radio #229
In this week’s episode we report on: Compromised IIS servers used as malware delivery mechanism by Lazarus Critical zero days in Atera platform could allow for privilege escalation. Decoy Dog toolkit appears highly targeted and largely undetected.
Threat Set Radio #228 - Talion
Threat Set Radio #228
In this week’s episode we report on: Lazarus targets developers with malicious GitHub projects. USB malware strains SOGU and SNOWYDRIVE drive huge infection vector increase. Gamaredon campaign exfiltrating files mere 30 minutes after initial infection.
Talion Cyber Summit 2023 – Recap Of The Day! - Talion
Talion Cyber Summit 2023 – Recap Of The Day!
Threat Set Radio #227 - Talion
Threat Set Radio #227
In this week’s episode we report on: WormGPT, an AI tool which could make BEC attacks trivial. Chinese hackers exploit flaw in Windows policy to load malicious kernel drivers.
Threat Set Radio #226 - Talion
Threat Set Radio #226
In this week’s episode we report on: BlackCat ransomware group uses WinSCP SEO poisoning to push cobalt strike. New “StackRot” Linux vulnerability enables privilege escalation.
Threat Set Radio #225 - Talion
Threat Set Radio #225
In this week’s episode we report on: New EarlyRAT malware attributed to Lazarus offshoot. Microsoft issues warning on increased widespread credential theft activity. New Mockingjay process injection technique could bypass EDR detection.
Threat Set Radio #224 - Talion
Threat Set Radio #224
In this week’s episode we report on: US Government offers $10m bounty for info on the Clop ransomware group following MOVEit attacks. New “Mystic Stealer” malware as a service gaining traction in underground groups. APT37 deploying new “Fadestealer” espionage malware.
Threat Set Radio #223 - Talion
Threat Set Radio #223
In this week’s episode we report on: Batcloak malware obfuscation engine tied to various successful malware strains. Hackers impersonate cybersecurity experts and peddle poisoned PoC code.
Threat Set Radio #222 - Talion
Threat Set Radio #222
In this week’s episode we report on: PoC released for Win32K flaw actively exploited in attacks Chinese group Camaro Dragon use new TinyNote backdoor for intel gathering. The Clop threat actor claims responsibility for the MOVEit data theft attacks.
Threat Set Radio #221 - Talion
Threat Set Radio #221
In this week’s episode we report on: Gigabyte firmware vulnerability potentially affects 7 million devices. Phishing toolkits develop new ticks using new .ZIP TLD. New malware used to target and disrupt power grids discovered.
Threat Set Radio #220 - Talion
Threat Set Radio #220
In this week’s episode we report on: Tool which allows extraction of KeePass master password publicly available. Geacon, an open source Cobalt Strike port usable on MacOS, sees spike in use. Report outlines Microsoft Teams functions which can enable phishing and more.
Threat Set Radio #219 - Talion
Threat Set Radio #219
In this week’s episode we report on: ViperSoftX infostealer expands to target specific password managers. DLL installing is so effective, attackers begin doubling up the technique. North Korean Kimsuky group employing new Reconshark recon tool.
Threat Set Radio #218 - Talion
Threat Set Radio #218
In this week’s episode we report on: GhostToken flaw, which allowed invisible persistence, patched and visible. AuKill tool used in attack pipeline to kill EDR processes. PoC exploit code available for Papercut flaw, which allows server takeover.
Threat Set Radio #217 - Talion
Threat Set Radio #217
In this week’s episode we report on: Lazarus moves to distribute Linux malware via faux job offers. Aurora distributed via YouTube, resulting in evasive loader payload. Tangle of attackers as multiple groups collaborate with Domino malware.
4 Key Takeaways From Cofense’s Email Security Report 2023 - Talion
4 Key Takeaways From Cofense’s Email Security Report 2023
Threat Set Radio #216 - Talion
Threat Set Radio #216
In this week’s episode we report on: Lazarus evolve their tactics and targeted industries. Zero day from recent patch Tuesday under active Ransomware exploitation. MuddyWater pairing with new splinter group to perform destructive attacks.
Lost Your Appetite? Yum Brands Admits to Compromised PII - Talion
Lost Your Appetite? Yum Brands Admits to Compromised PII
Threat Set Radio #215 - Talion
Threat Set Radio #215
In this week’s episode we report on: Wordpress plugin with over 11 million install base under active exploitation. Western Digital hit by cyber attack, services impacted, cause unclear. SFX archives can be used to run stealthy Powershell backdoors.
Threat Set Radio #214 - Talion
Threat Set Radio #214
In this week’s episode we report on: Malicious Python package avoids detection through use of Unicode Homoglyphs. The well established IcedID malware shifts from banking to ransomware delivery. Supply chain attack hits customers of 3CX VOIP application, including the NHS.
Threat Set Radio #213 - Talion
Threat Set Radio #213
In this week’s episode we report on: Fortinet zero-day vulnerability CVE-2022-42475 being exploited by a Chinese hacking group UNC3886, recent tactics from Russian state backed group Nobelium & Hitachi Energy confirmed as latest victim of Cl0ps exploitation of Fortra’s GoAnywhere MFT vulnerability.
Threat Set Radio #212 - Talion
Threat Set Radio #212
This week’s topics- New GoBruteforcer botnet in active development according to report. AI videos are being used as an effective lure to drop malware. Document signing services abused to deliver Redline stealer.
Emotet Returns & Exploits Passages From “Moby Dick” - Talion
Emotet Returns & Exploits Passages From “Moby Dick”
Threat Set Radio #211 - Talion
Threat Set Radio #211
This week’s topics- Emotet returns following 3 month break. CISA issues advisory regarding new Royal ransomware capabilities. Old UAC bypass technique used to drop Remcos.
Threat Set Radio #210 - Talion
Threat Set Radio #210
This week’s topics- Rig exploit kit going strong despite focusing on IE vulnerabilities. PlugX seeing success posing as legitimate windows debug utility. New advanced post exploitation framework linked to Lockbit affiliates.
Let’s Empower Women In Cyber Security – #IWD2023 - Talion
Let’s Empower Women In Cyber Security – #IWD2023
Threat Set Radio #209 - Talion
Threat Set Radio #209
This week’s topics- North Korean trojan targets residents of specific cities. GoDaddy reveals multi-year security breach. New malware as a service circulated on the dark web.
Threat Set Radio #208 - Talion
Threat Set Radio #208
This week’s topics- Updates on Clop’s claims it breached 130 orgs using GoAnywhere zero-day ESXiArgs Ransomware Hits Over 500 New Targets in European Countries The Killnet DDoS Blocklist Russia’s Ransomware Gangs Are Being Named and Shamed by UK & US Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw
Threat Set Radio #207 - Talion
Threat Set Radio #207
This week’s topics- New actor spotted using “screenshotter” in targeted attacks. Gootkit continues to push SEO to target Healthcare and Finance Lockbit claims responsibility for the Royal Mail ransomware attack.
Calling All CISOs – Let’s Talk About The Recession - Talion
Calling All CISOs – Let’s Talk About The Recession
Threat Set Radio #206 - Talion
Threat Set Radio #206
This week’s topics- Packer operation uncovered used in major attacks since 2016. Lockbit green offers familiarity for displaced Conti affiliates. Microsoft OneNote is the latest infiltration vector pivot.
Threat Set Radio #205 - Talion
Threat Set Radio #205
This week’s topics- Emotet tricks victims into moving malicious files to trusted locations. Vice ransomware operation disrupted by international effort. Invisible PlugX variant spreads across USB drives, steals documents.
Threat Set Radio #204 - Talion
Threat Set Radio #204
This week’s topics- More than 1 in 20 internet facing Sophos firewalls still vulnerable to RCE vulnerability. CircleCI breach leads to the platform rotating many customer tokens due to severity. Ransomware generates 40% less profit than previous 2 years, as victims refuse to pay.
Royal Mail Cyber Attack – Where’s My Mail Gone? - Talion
Royal Mail Cyber Attack – Where’s My Mail Gone?
Threat Set Radio #203 - Talion
Threat Set Radio #203
This week’s topics- Turla leverages decade old defunct Gamarue infrastructure to attack Ukraine JWT security flaw could potentially lead to Remote Code Execution Gootkit abusing VLC through SEO poisoning campaign targeting healthcare
Threat Set Radio #202 - Talion
Threat Set Radio #202
This week’s topics- Slack suffers theft of internal GitHub code repositories over the holidays. Play confirmed as the ransomware operation behind the Rackspace breach.
4 Cyber Security Trends In 2023 – Prepare Now - Talion
4 Cyber Security Trends In 2023 – Prepare Now
Threat Set Radio #201 - Talion
Threat Set Radio #201
This week’s topics- Google Ads increasingly used to installed malware alongside legitimate software. APTs turn to XLL files following office macros being disabled by default.
Threat Set Radio #200 - Talion
Threat Set Radio #200
This week’s topics- Okta source code stolen following GitHub repo breach. LastPass confirms customer password vaults stolen in earlier breach.
Threat Set Radio #199 - Talion
Threat Set Radio #199
This week’s topics- Fortinet SSL critical vulnerability exploited in attacks. Citrix ADC & Gateway critical vulnerability exploited in attacks. SVG image files used as infiltration vector by QBot malware.
Threat Set Radio #198 - Talion
Threat Set Radio #198
This week’s topics- MuddyWater leverage compromised accounts to drop legitimate admin tools. Open source ransomware strain acts as a wiper due to poor coding. Rackspace confirm outage is ransomware related, no attribution yet.
What Impact Does Christmas Have On Cyber Security Teams? - Talion
What Impact Does Christmas Have On Cyber Security Teams?
Threat Set Radio #197 - Talion
Threat Set Radio #197
This week’s topics- Acer laptops possess flaw which allows secure boot to be disabled. NPM package naming quirk can bypass security checks. LastPass suffers second security breach in 3 months as direct result of the first.
Threat Set Radio #196 - Talion
Threat Set Radio #196
This week’s topics- Another ransomware variant switches to the Rust programming language. Several threat actors observed switching to new Go based Aurora infostealer. Report suggests Nighthawk may soon be adopted as another Cobalt Strike alternative.
Hear From The CEO: Is Covering Up A Data Breach Ethical? - Talion
Hear From The CEO: Is Covering Up A Data Breach Ethical?
Threat Set Radio #195 - Talion
Threat Set Radio #195
This week’s topics- Chinese groups increasingly using Google drive and similar applications as infiltration vectors. QBot leverages Control Panel to launch malware after previously abusing Calc.exe. Lazarus employ updated version of DTrack as part of new wave of attacks.
LockBit Ransomware Mastermind Is Arrested - Talion
LockBit Ransomware Mastermind Is Arrested
Threat Set Radio #194 - Talion
Threat Set Radio #194
This week’s topics- Lockbit affiliate includes Amadey bot as part of new infection chain. Experts warn URLscan integrations are leaking sensitive data. 15,000 sites, primarily WordPress, compromised as part of SEO campaign.
Threat Set Radio #193 - Talion
Threat Set Radio #193
This week’s topics- RAT campaign impersonates legitimate password and backup software as delivery method. Chinese group using new quiet infection chain to drop LODEINFO. Media company compromised and used to push SocGholish through US news sites.
Threat Set Radio #192 - Talion
Threat Set Radio #192
This week’s topics- Emotet becomes prime distributor of self extracting malicious archives GitHub repositories claiming to be PoC code actually contain various malware. Two flaws which directly target Windows event logs could result in DoS.
Threat Set Radio #191 - Talion
Threat Set Radio #191
This week’s topics- Microsoft sensitive data breach linked to over 65,000 entities. Ursnif mirrors its peers, evolving from banking trojan to platform. New Powershell backdoor bypasses AV detection, hits 60+ victims.
Threat Set Radio #190 - Talion
Threat Set Radio #190
This week’s topics- POC available for critical Forinet vulnerability ProxyNotShell patches conspicuously missing from patch Tuesday Microsoft Defender to add automatic C2 detection to its capabilities
The Impact Of Cyberattacks On IT Security Professionals’ Mental Health - Talion
The Impact Of Cyberattacks On IT Security Professionals’ Mental
That “Bl00dy” New Ransomware Strain! - Talion
That “Bl00dy” New Ransomware Strain!
Threat Set Radio #189 - Talion
Threat Set Radio #189
This week’s topics- BlackByte group abuses “bring your own driver” flaw in attacks. Lazarus exploit existing Dell drivers to gut detection capabilities. Updated mitigation actions for ProxyNotShell issued after original actions bypassed.
Threat Set Radio #188 - Talion
Threat Set Radio #188
This week’s topics- New zero day “similar to proxylogon” used in exchange attacks. Brute Ratel has been cracked, and will likely replace Cobalt Strike imminently. A new dropper unloads a dozen infections, some of which are droppers themselves.
Threat Set Radio #187 - Talion
Threat Set Radio #187
This week’s topics- Lockbit 3.0 toolkit leaked online by one or more angry developers. 15 year old unpatched Python flaw present in over 350,000 projects. Emotet post Conti, now distributes Quantum and BlackCat.
Threat Set Radio #186 - Talion
Threat Set Radio #186
This week’s topics- Iranian group leverages data encryption to perform encryption. Intermittent encryption gains popularity among ransomware operators. Bumblebee gains new post exploitation and stealth capabilities.
Cisco Data Breach Shakes The Tech World - Talion
Cisco Data Breach Shakes The Tech World
Threat Set Radio #185 - Talion
Threat Set Radio #185
This week’s topics- Twilio breach allowed attackers access to Okta single use sign on codes. Raspberry Robin USB malware linked to EvilCorp via Dridex similarities. Ransomware written in more obscure languages trend continues with Golang based “Agenda”
Threat Set Radio #184 - Talion
Threat Set Radio #184
This week’s topics- LastPass suffers breach, unknown amount of source code stolen. APT29 and others leveraging dormant accounts to bypass MFA. Lockbit victim Entrust appears to DDoS the ransomware operation in retaliation.
Threat Set Radio #183 - Talion
Threat Set Radio #183
This week’s topics- Electron, the backbone of Teams and Discord, has a one click RCE vulnerability uncovered. POC for a 9.8 vulnerability targeting Realtek routers released online. Callback phishing as an attack vector sees an alarming 625% spike from last quarter.
Blurred Lines: Phishing Catches Ransomware Bait - Talion
Blurred Lines: Phishing Catches Ransomware Bait
Threat Set Radio #182 - Talion
Threat Set Radio #182
This week’s topics- Twitter discloses a breach affecting 5.4 million accounts that could enable smishing, phishing and sim swapping attempts. A suspected nation state cyberattack on NHS’s 111 service points speculation towards a Russian retaliation attack. Killnet announced its operations shall soon turn lethal.
Threat Set Radio #181 - Talion
Threat Set Radio #181
This week’s topics- Lockbit switches to abusing Windows Defender as Cobalt Strike loader. Raspberry Robin possibly linked to EvilCorp. Gootkit reappears with new infection vectors. Suspected Darkside rebrand BlackCat learns nothing, attacks gas pipeline.
Threat Set Radio #180 - Talion
Threat Set Radio #180
This week’s topics- UEFI malware in development since 2016 discovered in Gigabyte and ASUS motherboards. As Microsoft finally disables macros by default, container files emerge as replacement delivery mechanism. QBot uses old version of Windows Calculator to facilitate DLL hijacking.
Threat Set Radio #179 - Talion
Threat Set Radio #179
This week’s topics- Atlassian issues fix for critical credentials vulnerability Two new ransomware strains are cross platform in nature New modular “Lightning Framework” adds to fears of Linux malware surge
Threat Set Radio #178 - Talion
Threat Set Radio #178
This week’s topics- Impersonation of cybersecurity firms by threat actors as part of callback phishing attacks. Luna Moth becomes the latest attack group to perform Ransomware style extortion without encryption. Searchable data leak sites gain traction among threat actors as new leverage tool.
What Is XDR, Really? Let’s Face The Confusion - Talion
What Is XDR, Really? Let’s Face The Confusion
Phish For Threats: The Emerging Need For MPDR - Talion
Phish For Threats: The Emerging Need For MPDR
Threat Set Radio #177 - Talion
Threat Set Radio #177
This week’s topics- Ransomware affiliates spoof US companies to obtain new red team tools as they pivot away from Cobalt Strike. Hive ransomware strain is completely re-written in Rust, gaining faster encryption among other benefits. Microsoft reverses change popular among InfoSec community, no longer disabling document macros by default.
Phishing – What’s The Problem? - Talion
Phishing – What’s The Problem?
5 Tips To Fight Phishing - Talion
5 Tips To Fight Phishing
The Ultimate Phishing Guide (e-Book) - Talion
The Ultimate Phishing Guide (e-Book)
Threat Set Radio #176 - Talion
Threat Set Radio #176
This week’s topics- Mitel phone bug exploited to perform ransomware attack. Lockbit 3.0 introduces first ransomware bug bounty program. AMD reportedly suffers attack and data is currently held for ransom.
Stop! Which Data Is Most At Risk From Ransomware? - Talion
Stop! Which Data Is Most At Risk From Ransomware?
Threat Set Radio #175 - Talion
Threat Set Radio #175
This week’s topics- New variation of PetiPtoam flaw dubbed DFSCoerce can allow windows domain takeover. Okta discusses Lapsus$ breach and how zero trust helped secure network from worse effects. A collection of 56 flaws dubbed Icefall degrades security posture of thousands of OT devices.
Black Basta Ransomware Is On The Rise - Talion
Black Basta Ransomware Is On The Rise
Threat Set Radio #174 - Talion
Threat Set Radio #174
This week’s topics- New Symbiote Linux malware has several concerning stealth, obfuscation, and rootkit style techniques. Emotet returns, featuring a similar codebase, but a host of new tricks. Report highlights how non admin 0365 access could be used to sabotage/encrypt cloud files.
Ransomware Dominates The Healthcare Industry With 650% Increase In Attacks - Talion
Ransomware Dominates The Healthcare Industry With 650% Increase In Att
Threat Intelligence: Do You Know What Threats You Actually Face? - Talion
Threat Intelligence: Do You Know What Threats You Actually Face?
Threat Set Radio #173 - Talion
Threat Set Radio #173
This week’s topics- Two recent flaws can be combined to create very sophisticated phishing attacks. Dridex authors EvilCorp become a LockBit affiliate, likely in another effort to evade sanctions. POC code released for “trivial” to exploit Atlassian Confluence vulnerability.
Threat Set Radio #172 - Talion
Threat Set Radio #172
This week’s topics- New Chromeloader malware employs stealthy installation and persistence methods. New MS Office zero day allows “no click” powershell exploitation even with macros disabled.
Threat Set Radio #171 - Talion
Threat Set Radio #171
This week’s topics- Information on a Russian botnet designed to manipulate social media trends and spread disinformation, facial recognition technology Clearview AI is fined by the UK government and an Iranian threat group target the port of London authority.
MDR Security: Putting Your Organisation First - Talion
MDR Security: Putting Your Organisation First
CEO Misconceptions About Paying Ransom: Is It Really A Good Idea? - Talion
CEO Misconceptions About Paying Ransom: Is It Really A Good Idea?
Lockbit 2.0 and Conti Overshadow with the Highest Ransomware Activity - Talion
Lockbit 2.0 and Conti Overshadow with the Highest Ransomware Activity
Threat Set Radio #170 - Talion
Threat Set Radio #170
This week’s topics- New modular Eternity malware being offered via Telegram Conti appears to encourage overthrowing the Costa Rican government Conti reportedly shuts down, splintering into smaller cells and operations.
REvil Ransomware Returns: Who’s At Stake? - Talion
REvil Ransomware Returns: Who’s At Stake?
Threat Set Radio #169 - Talion
Threat Set Radio #169
This week’s topics- US sanctions crypto laundering service used by the North Korean Lazarus group. Full featured Russian RAT DarkCrystal is selling perpetual licences for a mere $40. US offers a $15,000,000 bounty for information leading to the Conti overlords.
Threat Set Radio #168 - Talion
Threat Set Radio #168
This week’s topics- Confirmation of REvils return as new sample is obtained and evaluated. New technique discovered involving hiding payload in Windows Event Logs. Ukraine affiliated hacktivists target Russian alcohol production pipeline.
Is Antivirus Enough To Prevent Ransomware? - Talion
Is Antivirus Enough To Prevent Ransomware?
5 Key Findings From The Cyber Security Breaches Survey 2022 - Talion
5 Key Findings From The Cyber Security Breaches Survey 2022
Threat Set Radio #167 - Talion
Threat Set Radio #167
This week’s topics- Bumblebee appears to replace BazarLoader as Conti’s delivery vector of choice. Emotet returns to full operation, more than a year after coordinated takedown. FBI circulates warning regarding new BlackCat ransomware strain.
Small Businesses Are Also At Risk of Ransomware Attacks – Here’s Why - Talion
Small Businesses Are Also At Risk of Ransomware Attacks – Here’s W
Spies at No.10, a $540 Million Crypto Heist & a Botnet Takedown - Talion
Spies at No.10, a $540 Million Crypto Heist & a Botnet Takedown
Ransomware Costs: Beyond The Cash - Talion
Ransomware Costs: Beyond The Cash
Threat Set Radio #166 - Talion
Threat Set Radio #166
This week’s topics- No 10 suspected of being target of NSO spyware attack U.S. offers $5 million for info on North Korean cyber operators Notorious cybercrime gang’s botnet ZLoader disrupted
Ransomware Predictions for 2022 - Talion
Ransomware Predictions for 2022
Threat Set Radio #165 - Talion
Threat Set Radio #165
This week’s topics- Raidforums seized, owner and operator arrested after running the site since the age of 14. Microsoft works with US government to dismantle operations targeting Ukraine. In an act of poetic justice, Conti source code is repurposed to attack Russian targets.
FIN7 Cyber Tactics – The Return of USB’s, Fake Companies & Teddy Bears - Talion
FIN7 Cyber Tactics – The Return of USB’s, Fake Companies &
Threat Set Radio #164 - Talion
Threat Set Radio #164
This week’s topics- Intel completely shuts down business in Russia, exacerbating component shortage fears. German investigators shut down Hydra, the largest illegal Darkweb marketplace. Borat remote access trojan, with ransomware and other capabilities, offered for sale.
Cyber-Attacks: Is China Giving Russia a Helping Hand? - Talion
Cyber-Attacks: Is China Giving Russia a Helping Hand?
Threat Set Radio #163 - Talion
Threat Set Radio #163
This week’s topics- Chinese security researcher accidentally releases spring framework PoC exploit. Raccoon stealer malware operation suspended after key developer killed in Ukraine invasion. Kaspersky pose “unacceptable risk” as the Russian security giant is removed from bug bounty programs. Lapsus$ return from vacation, and take arrests in stride releasing 70gb of data stolen from Globant.
New US Cybersecurity Laws – Everything You Should Know - Talion
New US Cybersecurity Laws – Everything You Should Know
New US Cybersecurity Laws – Will UK Follow Suit? - Talion
New US Cybersecurity Laws – Will UK Follow Suit?
Threat Set Radio #162 - Talion
Threat Set Radio #162
This week’s topics- Open source software poisoned and turned into supply chain attack as anti war protest. Much newer functional version of Conti leaked online as revenge by Ukrainian member. Lapsus$ members arrested in London after more high profile hits over the last week.
LAPSUS$ Cyber Attack - Talion
LAPSUS$ Cyber Attack
Will Cyber Operations Ever Replace Conventional Conflict Tactics? - Talion
Will Cyber Operations Ever Replace Conventional Conflict Tactics?
6 Unique Cyber Security Challenges in Higher Education - Talion
6 Unique Cyber Security Challenges in Higher Education
Threat Set Radio #161 - Talion
Threat Set Radio #161
This week’s topics- The arrest and extradition of a NetWalker ransomware affiliate The exploitation of unskilled Ukrainian hackers A campaign which suggests China may be helping Russia in their cyber efforts towards the conflict
Do Economic Sanctions Increase The Risk Of Cyber Attacks? - Talion
Do Economic Sanctions Increase The Risk Of Cyber Attacks?
Threat Set Radio – Higher Education - Talion
Threat Set Radio – Higher Education
Hosted by Talion's in-house Threat Intelligence team, this special Threat Set Radio podcast episode covers some of the specific threats Higher Education is facing: ·         BotNet targeting Higher Education ·         Log4Shell exploit ·         Recent Ransomware attacks on Higher Education
Threat Set Radio #160 - Talion
Threat Set Radio #160
This week’s topics- Cybersecurity news regarding the ongoing Russian invasion of Ukraine rundown. Certificates obtained from Nvidia leak used to sign malware. Lapsus$ breaches Samsung shortly after the Nvidia attack.
Threat Set Radio #159 - Talion
Threat Set Radio #159
This week’s topics- Data wiper pointed at Ukraine appears to have been in development for months. Ukranian researcher leaks Conti comms after they announce support for Russian invasion. Trickbot developers appear to fold into Conti operation in act of cybercrime consolidation. Nvidia hacked and employee data stolen, only to promptly hack the attackers back.
Man vs Skill: Russia’s Increased Volume Of Cyber Attacks - Talion
Man vs Skill: Russia’s Increased Volume Of Cyber Attacks
DDoS Attacks & Malware: Remediation Guidance Is Critical - Talion
DDoS Attacks & Malware: Remediation Guidance Is Critical
Threat Set Radio #158 - Talion
Threat Set Radio #158
This week, we discuss the Russia/Ukraine conflict and its threat to spill over the Ukrainian boarders within the cyber space. Our thoughts here at Talion are with everyone affected by this conflict. We shall continue to update and support the public on developments regarding the cyber threats this conflict imposes to organisation's across the globe. This week’s topics- Analysis of the #DDoS Attacks against Ukrainian Websites New #Sandworm malware #Cyclops Blink replaces #VPNFilter Jammer used to stop kids going online, wipes out a town's internet by mistake
Threat Set Radio #157 - Talion
Threat Set Radio #157
In this week's episode: Microsoft Defender to gain ability to block credential theft via Mimikatz and similar methods. Kraken botnet spread using Smokeloader, and is observed dropping Redline. Hackers using Microsoft Teams to perform extremely blatant internal attacks.
Threat Set Radio #156 - Talion
Threat Set Radio #156
In this week's episode: Russia performs third major cybercrime arrest as apparent crackdown continues. Ransomware gangs adapt in effort to draw less attention and retaliation. Smokeloader spearheads long list of malware strains using pay per install service to expand
Threat Set Radio #155 - Talion
Threat Set Radio #155
In this week's episode: Malicious CSV files used as Bazar malware infection vector. Research compiled from 2021 shows most ransomware infections are self installed. New publicly available Windows privilege escalation vulnerability as admins skip January patch.
Snack Attack! - Talion
Snack Attack!
Threat Intelligence Insight: Why Russia’s Cyber Threat To The UK Matters - Talion
Threat Intelligence Insight: Why Russia’s Cyber Threat To The UK Mat
Threat Set Radio #154 - Talion
Threat Set Radio #154
In this week's episode: Windows Update used by Lazarus as a living off the land tool to deploy malware. Firmware level rootkits becoming more popular as 3rd to hide in SPI flash discovered. Microsoft finally disables Excel XML macros by default in effort to block malware.
Threat Set Radio #153 - Talion
Threat Set Radio #153
In this week's episode: Russian authorities claim to dismantle the entire REvil ransomware operation, and seize assets. Dark web card fraud platform shuts up shop after 8 years citing age of operators. New ransomware strain dubbed White Rabbit linked to Fin8 group.
Threat Set Radio #152 - Talion
Threat Set Radio #152
In this week's episode: Google doc comments leveraged as highly convincing phishing lures. Carbanak authors attempt ransomware infection by mailing disguised USBs to victims. 8 year old Microsoft Defender flaw highlighted by security researchers.
Threat Set Radio #151 - Talion
Threat Set Radio #151
In this week's episode: Microsoft sees in the new year with exchange server flaw dubbed Y22K, halting emails for affected organisations. Purple Fox rootkit seeing increased distribution through trojanised versions of Telegram messenger. Compromised version of Atera tools used to compromise organisations using decade old code signing oversight.
Threat Set Radio #150 - Talion
Threat Set Radio #150
In this week's episode: Rook, a new ransomware strain which appears to be created from the Babuk source code leak appears in the wild. Researchers say Log4J flaw will take years to fully address owing to the sheer number of nested dependencies. The ransomware gang which breached Gigabyte provides a free decryption tool after understanding they hit the US police.
Threat Set Radio #149 - Talion
Threat Set Radio #149
In this week's episode: New lightweight malware strain hides in the registry among other stealth techniques. Two active directory bugs from November patch Tuesday abused in tandem by PoC to allow takeover. Pysa ransomware strain experiences huge surge to become a top player as the year closes.
Threat Set Radio #148 - Talion
Threat Set Radio #148
In this week's episode the fallout from the Log4j discovery, new developments on the resurrection of Emotet & an accidental uncovering of Hello Kitty ransomware.
Threat Set Radio #147 - Talion
Threat Set Radio #147
In this weeks episode, New Cerber ransomware impersonator targets Confluence and Gitlab servers. Direct Cobalt Strike installation further suggests new Emotet infrastructure gearing up for Ransomware campaign. Solarwinds attackers deploy new stealthy malware strain and search for new supply chain attack opportunities.
Threat Set Radio #146 - Talion
Threat Set Radio #146
In this weeks episode, Trickbot adopt new evasion methods to avoid sandbox environments, nation state actors employ simple yet effective technique to perform post phishing exploitation, and an RCE vulnerability affecting over 150 distinct HP printer models has existed for over 8 years.
Threat Set Radio #145 - Talion
Threat Set Radio #145
In this weeks episode proof of concept activated with alarming speed as windows installer zero day spotted in the wild, GoDaddy suffers breach affecting 1.2 million sites, ongoing since September and new strain of Linux malware hides in cron jobs scheduled for dates that don't exist.
Threat Set Radio #144 - Talion
Threat Set Radio #144
This week’s Threat Intel news:
  • Emotet rises from the dead, uses its old payload Trickbot to rebuild itself
  • North Korea state actors target security researchers with compromised analysis software
  • Research highlights the TLDs preferred by attackers for different types of malicious activity
Threat Set Radio #143 - Talion
Threat Set Radio #143
This week’s Threat Intel news:
  • US charges 2 suspected major REvil ransomware operators
  • Conti ransomware gang make grovelling apology to Arab Royals over data leak
  • TeamTNT hackers target your poorly configured Docker server
Threat Set Radio #142 - Talion
Threat Set Radio #142
This week’s Threat Intel news:
  • Darkside hit with a $10m bounty as fallout of Colonial Pipeline attack continues.
  • Critical Linux kernel vulnerability disclosed.
  • FBI releases advisory stating ransomware gangs specifically target victims in financially sensitive negotiations.
Threat Set Radio #141 - Talion
Threat Set Radio #141
This week’s Threat Intel news:
  • Avoslocker reportedly hits Gigabyte, possibly obtains files enabling supply chain attacks.
  • Conti begins selling access to non compliant victims networks.
  • Rootkit discovered bearing a valid Microsoft signature after evading vetting process.
Threat Set Radio #140 - Talion
Threat Set Radio #140
This week’s Threat Intel news:
  • Macaw Locker is Evilcorps latest ransomware strain rebrand to evade sanctions.
  • Trickbot uses new tricks for distribution.
  • FIN7 creates fake English cybersecurity firm to hire pen-testers to perform criminal attacks.
Threat Set Radio #139 - Talion
Threat Set Radio #139
This week’s Threat Intel news:
  • New EU legislation could ban anonymous domain registration, in an effort to curb cyber crime
  • FINN12 becomes the first ransomware affiliate to be elevated to threat actor level, targets healthcare
  • SnapMC skips the traditionally most important part of ransomware, and just plain extorts victims
Threat Set Radio #138 - Talion
Threat Set Radio #138
This week's Threat Intel news:
  • Ransomware operators arrested and ill gotten gains seized in Ukraine
  • Atom Silo ransomware strain targets Confluence servers and employs novel evasive measures
  • Apache Airflow vulnerability morphs into remote code execution as POC is released
Threat Set Radio #137 - Talion
Threat Set Radio #137
This week's Threat Intel news:
  • Microsoft scrambles to register autodiscover domains exploited in flaw it was warned of years ago.
  • The Conti ransomware gang target new recruits with specific backup destruction experience.
  • FoggyWeb malware attributed to the group behind the infamous Solarwinds attack.
Threat Set Radio #136 - Talion
Threat Set Radio #136
This week's Threat Intel news:
  • OS compatibility features abused to stealthily deliver malware
  • VMware notifies customers of particularly concerning vulnerability prior to disclosure
  • US government poised to sanction Crypto exchanges which have dealt with cyber criminals
Threat Set Radio #135 - Talion
Threat Set Radio #135
This week's Threat Intel news in just 7 minutes:
  • The recent Apple hack
  • Dark web forum Marketo making a name for themselves
  • Update on recent ransomware activity
Threat Set Radio #134 - Talion
Threat Set Radio #134
This week's Threat Intel news in just 6 minutes:
  • New malware technique observed using CLFS log files to evade detection.
  • REvil returns after 2 months of hiding, attacks UK based ITSP with DDoS attacks.
  • Babuk source code leaked by ransomware developer dying due to stage 4 lung cancer.
Threat Set Radio #133 - Talion
Threat Set Radio #133
This week's Threat Intel news in just 7 minutes:
  • Lockfile ransomware uses intermittent file encryption to bypass protections.
  • Microsoft exchange flaw can enable remote theft of entire mailbox.
  • BazaLoader uses fake DMCA takedown and DDoS notices as lures to deliver malware.
Threat Set Radio #132 - Talion
Threat Set Radio #132
This week's Threat Intel news in just 7 minutes:
  • Details emerge on Fin8’s newly developed backdoor
  • Razer products allow alarmingly easy local privilege escalation
  • Proxyshell attacks on the rise despite patch issued months ago
Ransomware Perceptions Report, 2021 - Talion
Ransomware Perceptions Report, 2021
Is Cyber Insurance Driving the Ransomware Crisis? Key Roundtable Takeaways - Talion
Is Cyber Insurance Driving the Ransomware Crisis? Key Roundtable Takea
Threat Set Radio #131 - Talion
Threat Set Radio #131
Some showstoppers this week, get the low down on:
  • Blackbaud in court battle over downplaying the severity of its 2020 ransomware attack
  • Almost half of US hospitals have shut down networks due to ransomware, new report shows
  • Possible terrorist suspect and no fly list exposed on Elasticsearch cluster with no password
Live Debate: Is Cyber Insurance Driving the Ransomware Crisis? - Talion
Live Debate: Is Cyber Insurance Driving the Ransomware Crisis?
Threat Set Radio #130 - Talion
Threat Set Radio #130
This week we're discussing:
  • Gigabyte, and American Megatrends GIT breached by RansomEXX
  • Accenture hit by Lockbit RaaS operation in the wake of REvil and Darkside winding down
  • Vulnerability disclosed in Arcadyan router firmware present for over a decade
Threat Set Radio #129 - Talion
Threat Set Radio #129
This week we're discussing:
  • Darkside returns, rebranding as Blackmatter following the Colonial Pipeline attack
  • Disgruntled Conti ransomware affiliate leaks the groups playbook and training materials
  • ENISA concludes current protections will fold to supply chain based attacks based on recent examples
Threat Set Radio #128 - Talion
Threat Set Radio #128
This week we're discussing:
  • Doppelpaymer looks to be performing a fairy obvious rebrand.
  • The Babuk groups new ransomware forum ironically held to ransom.
  • The no more ransom initiative saves over a billion in payments after 5 years in operation.
Threat Set Radio #127 - Talion
Threat Set Radio #127
This week we're discussing:
  • Kaseya obtains decryption master key, but is remaining quiet about its origin
  • Printer vulnerability nearly old enough to drive affects millions of machines
  • Windows zero day privilege escalation vulnerability affects even unreleased Windows 11
Hybrid SOC: Cure Your Cyber Security Headaches - Talion
Hybrid SOC: Cure Your Cyber Security Headaches
The Threat of Ransomware to UK Businesses and How to Mitigate it - Talion
The Threat of Ransomware to UK Businesses and How to Mitigate it
A Ransomware Briefing for UK Businesses: Key Roundtable Takeaways - Talion
A Ransomware Briefing for UK Businesses: Key Roundtable Takeaways
Threat Set Radio #126 - Talion
Threat Set Radio #126
This week we're discussing:
  • New Solarwinds vulnerability under active exploitation
  • REvil disappears from the face of the earth following Kaseya attack fallout
  • Trickbot resurgence with new capabilities
Threat Set Radio #125 - Talion
Threat Set Radio #125
Kaseya made headings this week with a supply chain attack claiming approximately 1500 victims, and the largest ever ransom demand of $70m.  Also, After OOB patch addressing PrintNightmare released by Microsoft, researchers discover a complete bypass.
Threat Set Radio #124 - Talion
Threat Set Radio #124
In this week's bulletin we're discussing:
  • Criminal VPN service taken down by law enforcement, who claim to have seized customer logs.
  • Code to exploit windows print spooler service accidentally released, disable ASAP.
  • Babuk ransomware building tool leaked to VT and immediately used by copycats.
Threat Set Radio #123 - Talion
Threat Set Radio #123
Ransomware continues to dominate the headlines this week, we'll be discussing:
  • Clop ransomware chugs onward despite arrests of multiple members and equipment seizures.
  • 700GB of ADATA files publicly released following refusal to pay ransom.
  • Data leak marketplace attempts to entice competitors into buying rivals compromised data.
Join the #RansomAware Movement - Talion
Join the #RansomAware Movement
Security in the Cloud - Talion
Security in the Cloud
Threat Set Radio #122 - Talion
Threat Set Radio #122
In this week's episode we're discussing:
  • Avaddon, responsible for almost a quarter of all ransomware attacks in 2021, calls it quits.
  • EA reportedly breached via slack channel used to obtain MFA login token.
  • SITA, IT provider for 90% of the airline industry, hit by longform supply chain attack.
Threat Set Radio #121 - Talion
Threat Set Radio #121
In this week's episode we're discussing:
  • Evilcorp attempts to imitate other criminal group to evade sanctions
  • Attackers are actively looking to leverage new VMware vulnerability with working PoC code
  • Colonial ransomware incident attributed to old VPN password found in previous breaches
  • Largest stolen credentials market taken down by joint operation
Threat Set Radio #120 - Talion
Threat Set Radio #120
In this week's episode we discuss:
  • HaveIBeenPwned partners with the FBI
  • Worlds largest meat producer hit by REvil ransomware attack
  • Group responsible for the Solarwinds nightmare begins new campaign
  • Babuk group moves away from encryption, toward data extortion model instead
Threat Set Radio #119 - Talion
Threat Set Radio #119
This week we report on, The SolarWinds attacker's NOBELIUM's latest campaign, 8 individuals arrested in connection with Royal Mail smishing campaign & a cheese loving drug dealer sentenced to 13 years
Threat Set Radio #118 - Talion
Threat Set Radio #118
This week we report on New Zealand hospitals infected by ransomware, cancels surgeries, Colonial Pipeline CEO confirms $4.4 million payment & Qlocker ransomware shuts down after extorting hundreds of QNAP users.
Threat Set Radio #117 - Talion
Threat Set Radio #117
This week we're focusing on the Colonial pipeline ransomware attack, the aftermath, and the potential long term consequences.
Threat Set Radio #116 - Talion
Threat Set Radio #116
In this week's episode we're discussing:
  • Dell kernel bugs have the potential to be used against an install base of hundreds of millions
  • New spectre flaw surfaces, bypasses all current protections
  • A student delivers Ryuk onto research institute estate after downloading cracked software
Threat Set Radio #115 - Talion
Threat Set Radio #115
In this week's episode - Another supply chain style attack, this time breaches an enterprise password manager, Babuk gets uncomfortably close to the plot of a bond film, threatening to expose informants if ransom goes unpaid and the “most reliable” UK rail network hit by ransomware as directors mail account hijacked.
Mapping risk and understanding your threat coverage - Talion
Mapping risk and understanding your threat coverage
Threat Set Radio #114 - Talion
Threat Set Radio #114
This week we cover:
  • Codecov compromised in another large supply chain attack
  • Ryuk updates its techniques to include novel evasion methods
  • The Bazarloader campaign uses collaboration platforms to increase infection rate
Threat Set Radio #113 - Talion
Threat Set Radio #113
This week we cover FBI accesses exchange servers still affected by proxylogon without consent, Zoom RCE vulnerability requiring no user interaction debuted at Pwn2Own and US Government finally formally charges APT29 with Solarwinds breach.
Threat Set Radio #112 - Talion
Threat Set Radio #112
In this week's episode we'll be discussing:
  • LinkedIn job offer phishing delivers more_eggs
  • VMWare suffers another critical vulnerability, this time in security platform
  • SAP issues advisory on how quickly attackers reverse engineer their own patches
Threat Set Radio #111 - Talion
Threat Set Radio #111
In this episode we'll be discussing:
  • Insurance Giant CNA hit by new ransomware strain tied to Evilcorp
  • Official PHP Git server appears to have been compromised, and a supply chain attack attempted
  • Ransomware group pledges to return payments, after pocketing a tidy profit due to Bitcoin inflation
Threat Set Radio #110 - Talion
Threat Set Radio #110
In this week's episode we're discussing:
  • Multiple high profile hackers charged, after targeting multiple companies including Tesla.
  • Acer hit by ransomware demanding largest known ransom demand to date, 50 million USD
  • Evil corp reportedly creates Wastedlocker spinoff to evade sanctions on ransom payment.
Threat Set Radio #109 - Talion
Threat Set Radio #109
In this week's episode we discuss:
  • 6 Distinct APTs leveraged the exchange 0-day prior to patch, indicating previously unseen co-operation.
  • Ransomware joins the list of post exchange exploit activity with the new strain “Dearcry”
  • Trickbot takes the crown once held by Emotet prior to its takedown.
Hybrid SOC: Improving Security Outcomes Through Collaboration & Transparency - Talion
Hybrid SOC: Improving Security Outcomes Through Collaboration & T
Threat Set Radio #108 - Talion
Threat Set Radio #108
This week we report on:
  • the Hafnium hack, posing a new long-term threat for already overtaxed cyber workers,
  • operators of REvil ransomware threatening DDoS attacks and increase intimidation techniques by threatening Journalists and Business Partners over the phone,
  • and the breach of 150,000 Verkada surveillance camera feeds for the NHS, Tesla and numerous other large organisations.
Threat Set Radio #107 - Talion
Threat Set Radio #107
In this week's episode we give you the lowdown on:
  • Ryuk develops self propagation capabilities, possibly due to Emotet takedown.
  • Four exchange vulnerabilities cause Microsoft to fear a repeat of the past.
  • Maza, infamous and exclusive Russian cybercriminal forum, suffers breach.
Threat Set Radio #106 - Talion
Threat Set Radio #106
In this week's episode we discuss:
  • Critical VMware vulnerability discovered, present in the default install of the majority of enterprise data centers.
  • Tool previously believed to be made by Chinese APT group appears to be cloned stolen NSA tool.
  • New details emerge regarding browser zero day used to target security researchers.
Threat Set Radio #103 - Talion
Threat Set Radio #103
In this weeks episode we discuss the following news stories:
  • Google patches the Chrome zero day suspected of use in targeted attacks against security researchers
  • Windows installer vulnerability is now exploitable for a 6th time as yet another bypass method is released
  • Trickbot continues to evolve and adapt following takedown attempt, this time adding a MassScan module
Threat Set Radio #105 - Talion
Threat Set Radio #105
In this episode we discuss the following news items: 
  • Jones Day law firm files released after the company refuses to pay ransom
  • Accelion product responsible for data breach is retired after decades of operation
  • Kia Motors America fall afoul of a Doppelpaymer ransomware attack
  • Microsoft claims the Solarwinds Orion compromise was the work of over 1000 engineers
Threat Set Radio #104 - Talion
Threat Set Radio #104
This week we report on remote Desktop Protocol Attacks surging by 768%, hacker modifying drinking water chemical levels in Florida and Cyperpunk 2077 creator CD Projekt Red hit with a ransomware attack.
A Ransomware Pandemic - Talion
A Ransomware Pandemic
Threat Intelligence Assessment – SolarWinds - Talion
Threat Intelligence Assessment – SolarWinds
Trust Amongst Thieves - Talion
Trust Amongst Thieves
Talion Protects Major UK Media Organisation during The World Cup - Talion
Talion Protects Major UK Media Organisation during The World Cup
Defeatism is Killing Cyber Security Innovation - Talion
Defeatism is Killing Cyber Security Innovation
Threat Set Radio #102 - Talion
Threat Set Radio #102
This week we report on suspected Lazarus attackers attempting to socially engineer security researcher to acquire zero days, legacy accounts of departed or deceased staff members being used for network compromise, and Emotet on the verge of collapse following infrastructure takedown.
Talion partner BAE Systems helps TalkTalk recover from a data breach & media frenzy - Talion
Talion partner BAE Systems helps TalkTalk recover from a data breach &
Threat Set Radio #101 - Talion
Threat Set Radio #101
This week we report on Malwarebytes joining the list of victims targeted by the SolarWinds attacker, attackers targeting cloud infrastructure more reliably bypassing MFA and the proof of concept code release, and public tool developed for CVSS 10 SAP vulnerability.
When Hurricane Harvey took us out, Talion were there - Talion
When Hurricane Harvey took us out, Talion were there
Threat Set Radio #100 - Talion
Threat Set Radio #100
This week we report on the SolarWinds attackers reportedly gaining some level of initial access via password spraying, similarities discovered between the malware used in SolarWinds attack and a Russian backdoor from 2017 and leak sites claiming to sell data obtained from recent SolarWinds compromise. Also the release of Microsoft tool updates to help detect process tampering type attacks and a Windows defender vulnerability being actively used in the wild patched.
Threat Set Radio #99 - Talion
Threat Set Radio #99
This week we report on multiple US agencies have now officially attributed the SolarWinds breach to a Russian state group, Microsoft claim that the end goal of the Sunburst backdoor was to move into victims cloud infrastructure and embedded, stored in plaintext, admin level credentials discovered present on many Zyxel firewall and VPN products.
We’re on your team: Talion partners with SCI - Talion
We’re on your team: Talion partners with SCI
Threat Set Radio #98 - Talion
Threat Set Radio #98
In this episode you'll hear the latest threat intelligence for the week commencing 21 December 2020 and tactical advice to mitigate new threats.
Threat Set Radio #97 - Talion
Threat Set Radio #97
Threat Set Radio is a complimentary weekly 5-7 minute podcast published by T-Labs Threat Intelligence team every Friday. It gives a round up of new threat intelligence and tactical advice to mitigate these threats. All cyber security teams will benefit from subscribing to this free service.
Buy, Build or Partner? - Talion
Buy, Build or Partner?
Data breach ransomware demands and establishing the truth - Talion
Data breach ransomware demands and establishing the truth
Talion’s OSINT Glass Service Thwarts Attack on Law Firm’s Head Office - Talion
Talion’s OSINT Glass Service Thwarts Attack on Law Firm’s Head Off
Your Incident Response Check List - Talion
Your Incident Response Check List
Strategic Cyber Security Advice for Executives - Talion
Strategic Cyber Security Advice for Executives
Talion Threat Intelligence Highlighted North Korean Threat - Talion
Talion Threat Intelligence Highlighted North Korean Threat
Is Legal Privilege a Help or Hindrance Following a Data Breach? - Talion
Is Legal Privilege a Help or Hindrance Following a Data Breach?
Talion Protects Major Manufacturer from Employee Data Exfiltration - Talion
Talion Protects Major Manufacturer from Employee Data Exfiltration
What we do
We build cyber security programmes that are woven into the fabric of your organisation.
 
Looking to maximise value and flexibility?
Learn how Talion and DEVO partner to achieve this.
Discuss your cyber security needs
Contact us below and one of our team will be in touch to answer your questions.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Get In Touch With Us

Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.