Contact

Resources

Podcasts

See our full selection of podcasts on the latest cyber security news, or discover more about threat intelligence.

Subscribe to our podcasts.
Threat Set Radio #267 - Talion
Threat Set Radio #267
In this week’s episode we report on: LockBit Ransomware group have had nothing but setbacks since  “Operation Chronos”. GitHub alerts users to 2 high severity vulnerabilities. A significant uptick in Docusign phishing emails has been observed in May.
Threat Set Radio #266 - Talion
Threat Set Radio #266
In this week’s episode we report on: LockBit ransomware admin is named and sanctioned. North Korean actors exploiting weak DMARC policies for spearphishing. Ivanti flaws chained together to drop Mirai botnet.
Threat Set Radio #265 - Talion
Threat Set Radio #265
In this week’s episode we report on: Developers targeted with Python backdoor during false job interviews. New UK law now in effect limits default passwords on smart devices. New malware emerges targeting small office and home routers.
Threat Set Radio #264 - Talion
Threat Set Radio #264
In this week’s episode we report on: MITRE breached using two Ivanti zero days. CrushFTP victim of targeted zero day exploitation. ArcaneDoor campaign targets vulnerable Cisco devices.
Threat Set Radio #263 - Talion
Threat Set Radio #263
In this week’s episode we report on: Large scale exploitation of Palo Alto CVE following PoC disclosures. Atlassian vulnerability leveraged to deploy Cerber ransomware. PuTTY flaw can be used to obtain private cryptographic keys.
Threat Set Radio #262 - Talion
Threat Set Radio #262
In this week’s episode we report on: Warnings issued regarding 10/10 CVSS score Rust vulnerability. Researchers speculate LLM wrote Powershell for malware strain. Change Healthcare hit by ransom demand again following AlphV exit scam.
Threat Set Radio #261 - Talion
Threat Set Radio #261
In this week’s episode we report on: Sophisticated supply chain attack attempted against multiple Linux distros. Linux false Sudo prompt flaw has persisted for over a decade. DinodasRAT now targeting Linux servers with new variant.
Threat Set Radio #260 - Talion
Threat Set Radio #260
In this week’s episode we report on: Huge darknet marketplace seized by German takedown effort. Muddywater group using legitimate RM tools for access. APT31 members sanctioned following US infrastructure attacks.
Threat Set Radio #259 - Talion
Threat Set Radio #259
In this week’s episode we report on: Fujitsu discover malware compromised systems. Russian actors may be targeting Ukrainian telecoms with new wiper malware. New DoS technique discovered able to create infinite feedback loop.
Threat Set Radio #258 - Talion
Threat Set Radio #258
In this week’s episode we report on: Russian groups accesses Microsoft source code in follow up from January attack. StopCrypt, the ransomware still targeting individuals over business has been upgraded. DarkGate leverage recent SmartScreen vulnerability in attacks.
Threat Set Radio #257 - Talion
Threat Set Radio #257
In this week’s episode we report on: The Blackcat / AlphV ransomware operation fakes law enforcement takedown to steal from their own affiliate.
Threat Set Radio #256 - Talion
Threat Set Radio #256
In this week’s episode we report on: LockBit claims swift recovery from takedown operation, downplaying severity and threatening leaks. Lazarus exploit Windows zero day flaw with new improved Rootkit.
Threat Set Radio #255 - Talion
Threat Set Radio #255
In this week’s episode we report on: DoJ takes down botnet used by Russian state group. LockBit ransomware operation gutted by the NCA. ScreenConnect under active attack, Lockbit utilised.
Threat Set Radio #254 - Talion
Threat Set Radio #254
Anydesk confirms cyberattack that allowed hackers to gain access to the company's production systems, Cloudflare publicly disclose its internal Atlassian server was breached by a suspected nation-state attacker and the FBI disrupt and neutralize KV-botnet.
Threat Set Radio #253 - Talion
Threat Set Radio #253
In this week’s episode we report on: Microsoft confirms details of recent Russian compromise. Kasseika joins ransomware groups performing BYOVD attacks. Trickbot browser injection developer jailed.
Threat Set Radio #252 - Talion
Threat Set Radio #252
In this week’s episode we report on: VMware critical flaw under active exploitation. Critical vulnerability discovered in Juniper firewalls and switches. Ivanti bypass flaw exploited in the wild.
Threat Set Radio #251 - Talion
Threat Set Radio #251
In this week’s episode we report on: Evasive Async RAT has targeted infrastructure for almost a year. New FBot toolkit targets SaaS and cloud platforms. Turkish group uses Mimic ransomware to target MSSQL servers.
Threat Set Radio #250 - Talion
Threat Set Radio #250
In this week’s episode we report on: Critical Invanti flaw allows compromise of enrolled devices. Multiple malware strains use Google feature for persistence. Microsoft disables MSIX after it is abused by malware again.
Threat Set Radio #249 - Talion
Threat Set Radio #249
In this week’s episode we report on: Rhadamanthys infostealer gains popularity with new features. MongoDB confirms breach and theft of customer data. FBI confirms it breached the Blackcat ransomware group.
Threat Set Radio #248 - Talion
Threat Set Radio #248
In this week’s episode we report on: AlphV ransomware  outage rumored to be caused by FBI. New "Pool Party" injection technique evades 5 leading EDR solutions. Lazarus continues to abuse Log4J with 3 new malware strains.
Threat Set Radio #247 - Talion
Threat Set Radio #247
In this week’s episode we report on: NCSC warns of Russian state group social engineering activity. Okta customers affected by recent attack revised from 1% to 100%. Researchers discover Linux rootkit RAT undetected since 2021.
Threat Set Radio #246 - Talion
Threat Set Radio #246
In this week’s episode we report on: Ransomware group arrested in Ukraine following attacks against 71 countries. Method discovered to passively extract RSA keys from SSH connections. Chrome fixes its 6th zero day exploited in the wild this year.
Threat Set Radio #245 - Talion
Threat Set Radio #245
In this week’s episode we report on: Russian state USB malware spreads to unintended targets. Qbot moves to Darkgate and Pikabot following takedown. Criminals claim ability to reuse expired Google auth cookies.
Threat Set Radio #244 - Talion
Threat Set Radio #244
In this week’s episode we report on: CISA adds three flaws to its KEV Google Workspace and Cloud highlighted as attack vector. VMWare warns of critical VCD flaw.
Threat Set Radio #243 - Talion
Threat Set Radio #243
In this week’s episode we report on: Microsoft will soon begin moving towards mandatory full MFA adoption. GootLoader variant moves to stealthier self developed bot. BlazeStealer targets developers with malicious code repos.
Threat Set Radio #242 - Talion
Threat Set Radio #242
In this week’s episode we report on: Recent F5 Big IP flaws exploited in stealthy attacks. Citrix bleed flaw leveraged against government targets. Mozi dismantled by mysterious killswitch command.
Threat Set Radio #241 - Talion
Threat Set Radio #241
In this week’s episode we report on: Fake Corsair job offers pushing Darkgate malware strain. Ragnar Locker operation dealt heavy blow by Europol. Okta support system compromised, customers breached.
Threat Set Radio #240 - Talion
Threat Set Radio #240
In this week’s episode we report on: Another Citrix Netscaler flaw exploited as a zero day since August. Microsoft will phase out NTLM with Windows 11, in favour of Kerberos. Multiple nation state groups are exploiting a recent critical WinRAR flaw.
Threat Set Radio #239 - Talion
Threat Set Radio #239
In this week’s episode we report on: Genetic information stolen by credential stuffing attack. New “rapid reset” zero day enables record breaking DDoS. Microsoft will kill of VBScript in the near future.
Threat Set Radio #238 - Talion
Threat Set Radio #238
In this week’s episode we report on: New BunnyLoader MaaS becomes popular due to features and pricing. Atlassian Confluence under active exploitation from new 0-day. Looney Tunables vulnerability enables root on popular Linux distros.
Threat Set Radio #237 - Talion
Threat Set Radio #237
In this week’s episode we report on: Maximum severity CVE assigned to libwebp following Google error New ShadowSyndicate group tied to several ransomware ops
Threat Set Radio #236 - Talion
Threat Set Radio #236
In this week’s episode we report on: VenomRAT dropped by fake PoC exploit for WinRAR flaw. Newly observed Sandman group targets Telecoms. BlackCat ransomware operation targets Azure storage.
Threat Set Radio #235 - Talion
Threat Set Radio #235
In this week’s episode we report on: Teams phishing techniques ignored by Microsoft used by ransomware enablers. A new chain of Kubernetes vulnerabilities can lead to code execution. Operators of the Redline and Vidar malware pivot to ransomware.
Threat Set Radio #234 - Talion
Threat Set Radio #234
In this week’s episode we report on: Cisco acknowledge VPN zero day exploited by ransomware actors. North Korean threat actors target cyber security researchers. New Blister malware updates drive quiet network infiltration.
Threat Set Radio #233 - Talion
Threat Set Radio #233
In this week’s episode we report on: PoC Exploit chain enables RCE attacks against Juniper firewalls. Attacks against Citrix Netscaler devices linked to FIN8. Qakbot botnet dismantled in aptly named “Operation Duck Hunt”
Threat Set Radio #232 - Talion
Threat Set Radio #232
In this week’s episode we report on: WinRAR flaw enables command execution by simply opening an archive. Malware strain maps victims location in real time via Wi-Fi triangulation. PoC exploit released for Ivanti vulnerability recently used in attacks.
Threat Set Radio #231 - Talion
Threat Set Radio #231
In this week’s episode we report on: Nearly 2000 Citrix NetScaler servers compromised in new campaign. NoFilter, new stealthy privilege escalation technique discovered. Raccoon returns with version 2.3 after 6 month hiatus.
Threat Set Radio #230 - Talion
Threat Set Radio #230
In this week’s episode we report on: AWS system manager can be leveraged as a remote access trojan. CISA highlights the SUBMARINE backdoor used in Barracuda ESG attacks. Google AMP links abused for stealthy phishing campaigns.
Threat Set Radio #229 - Talion
Threat Set Radio #229
In this week’s episode we report on: Compromised IIS servers used as malware delivery mechanism by Lazarus Critical zero days in Atera platform could allow for privilege escalation. Decoy Dog toolkit appears highly targeted and largely undetected.
Threat Set Radio #228 - Talion
Threat Set Radio #228
In this week’s episode we report on: Lazarus targets developers with malicious GitHub projects. USB malware strains SOGU and SNOWYDRIVE drive huge infection vector increase. Gamaredon campaign exfiltrating files mere 30 minutes after initial infection.
Threat Set Radio #227 - Talion
Threat Set Radio #227
In this week’s episode we report on: WormGPT, an AI tool which could make BEC attacks trivial. Chinese hackers exploit flaw in Windows policy to load malicious kernel drivers.
Threat Set Radio #226 - Talion
Threat Set Radio #226
In this week’s episode we report on: BlackCat ransomware group uses WinSCP SEO poisoning to push cobalt strike. New “StackRot” Linux vulnerability enables privilege escalation.
Threat Set Radio #225 - Talion
Threat Set Radio #225
In this week’s episode we report on: New EarlyRAT malware attributed to Lazarus offshoot. Microsoft issues warning on increased widespread credential theft activity. New Mockingjay process injection technique could bypass EDR detection.
Threat Set Radio #224 - Talion
Threat Set Radio #224
In this week’s episode we report on: US Government offers $10m bounty for info on the Clop ransomware group following MOVEit attacks. New “Mystic Stealer” malware as a service gaining traction in underground groups. APT37 deploying new “Fadestealer” espionage malware.
Threat Set Radio #223 - Talion
Threat Set Radio #223
In this week’s episode we report on: Batcloak malware obfuscation engine tied to various successful malware strains. Hackers impersonate cybersecurity experts and peddle poisoned PoC code.
Threat Set Radio #222 - Talion
Threat Set Radio #222
In this week’s episode we report on: PoC released for Win32K flaw actively exploited in attacks Chinese group Camaro Dragon use new TinyNote backdoor for intel gathering. The Clop threat actor claims responsibility for the MOVEit data theft attacks.
Threat Set Radio #221 - Talion
Threat Set Radio #221
In this week’s episode we report on: Gigabyte firmware vulnerability potentially affects 7 million devices. Phishing toolkits develop new ticks using new .ZIP TLD. New malware used to target and disrupt power grids discovered.
Threat Set Radio #220 - Talion
Threat Set Radio #220
In this week’s episode we report on: Tool which allows extraction of KeePass master password publicly available. Geacon, an open source Cobalt Strike port usable on MacOS, sees spike in use. Report outlines Microsoft Teams functions which can enable phishing and more.
Threat Set Radio #219 - Talion
Threat Set Radio #219
In this week’s episode we report on: ViperSoftX infostealer expands to target specific password managers. DLL sideloading is so effective, attackers begin doubling up the technique. North Korean Kimsuky group employing new Reconshark recon tool.
Threat Set Radio #218 - Talion
Threat Set Radio #218
In this week’s episode we report on: GhostToken flaw, which allowed invisible persistence, patched and visible. AuKill tool used in attack pipeline to kill EDR processes. PoC exploit code available for Papercut flaw, which allows server takeover.
Threat Set Radio #217 - Talion
Threat Set Radio #217
In this week’s episode we report on: Lazarus moves to distribute Linux malware via faux job offers. Aurora distributed via YouTube, resulting in evasive loader payload. Tangle of attackers as multiple groups collaborate with Domino malware.
Threat Set Radio #216 - Talion
Threat Set Radio #216
In this week’s episode we report on: Lazarus evolve their tactics and targeted industries. Zero day from recent patch Tuesday under active Ransomware exploitation. MuddyWater pairing with new splinter group to perform destructive attacks.
Threat Set Radio #215 - Talion
Threat Set Radio #215
In this week’s episode we report on: Wordpress plugin with over 11 million install base under active exploitation. Western Digital hit by cyber attack, services impacted, cause unclear. SFX archives can be used to run stealthy Powershell backdoors.
Threat Set Radio #214 - Talion
Threat Set Radio #214
In this week’s episode we report on: Malicious Python package avoids detection through use of Unicode Homoglyphs. The well established IcedID malware shifts from banking to ransomware delivery. Supply chain attack hits customers of 3CX VOIP application, including the NHS.
Threat Set Radio #213 - Talion
Threat Set Radio #213
In this week’s episode we report on: Fortinet zero-day vulnerability CVE-2022-42475 being exploited by a Chinese hacking group UNC3886, recent tactics from Russian state backed group Nobelium & Hitachi Energy confirmed as latest victim of Cl0ps exploitation of Fortra’s GoAnywhere MFT vulnerability.
Threat Set Radio #212 - Talion
Threat Set Radio #212
This week’s topics- New GoBruteforcer botnet in active development according to report. AI videos are being used as an effective lure to drop malware. Document signing services abused to deliver Redline stealer.
Threat Set Radio #211 - Talion
Threat Set Radio #211
This week’s topics- Emotet returns following 3 month break. CISA issues advisory regarding new Royal ransomware capabilities. Old UAC bypass technique used to drop Remcos.
Threat Set Radio #210 - Talion
Threat Set Radio #210
This week’s topics- Rig exploit kit going strong despite focusing on IE vulnerabilities. PlugX seeing success posing as legitimate windows debug utility. New advanced post exploitation framework linked to Lockbit affiliates.
Threat Set Radio #209 - Talion
Threat Set Radio #209
This week’s topics- North Korean trojan targets residents of specific cities. GoDaddy reveals multi-year security breach. New malware as a service circulated on the dark web.
Threat Set Radio #208 - Talion
Threat Set Radio #208
This week’s topics- Updates on Clop’s claims it breached 130 orgs using GoAnywhere zero-day ESXiArgs Ransomware Hits Over 500 New Targets in European Countries The Killnet DDoS Blocklist Russia’s Ransomware Gangs Are Being Named and Shamed by UK & US Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw
Threat Set Radio #207 - Talion
Threat Set Radio #207
This week’s topics- New actor spotted utilising “screenshotter” in targeted attacks. Gootkit continues to push SEO to target Healthcare and Finance Lockbit claims responsibility for the Royal Mail ransomware attack.
Threat Set Radio #206 - Talion
Threat Set Radio #206
This week’s topics- Packer operation uncovered used in major attacks since 2016. Lockbit green offers familiarity for displaced Conti affiliates. Microsoft OneNote is the latest infiltration vector pivot.
Threat Set Radio #205 - Talion
Threat Set Radio #205
This week’s topics- Emotet tricks victims into moving malicious files to trusted locations. Vice ransomware operation disrupted by international effort. Invisible PlugX variant spreads across USB drives, steals documents.
Threat Set Radio #204 - Talion
Threat Set Radio #204
This week’s topics- More than 1 in 20 internet facing Sophos firewalls still vulnerable to RCE vulnerability. CircleCI breach leads to the platform rotating many customer tokens due to severity. Ransomware generates 40% less profit than previous 2 years, as victims refuse to pay.
Threat Set Radio #203 - Talion
Threat Set Radio #203
This week’s topics- Turla leverages decade old defunct Gamarue infrastructure to attack Ukraine JWT security flaw could potentially lead to Remote Code Execution Gootkit abusing VLC through SEO poisoning campaign targeting healthcare
Threat Set Radio #202 - Talion
Threat Set Radio #202
This week’s topics- Slack suffers theft of internal GitHub code repositories over the holidays. Play confirmed as the ransomware operation behind the Rackspace breach.
Threat Set Radio #201 - Talion
Threat Set Radio #201
This week’s topics- Google Ads increasingly used to sideload malware alongside legitimate software. APTs turn to XLL files following office macros being disabled by default.
Threat Set Radio #200 - Talion
Threat Set Radio #200
This week’s topics- Okta source code stolen following GitHub repo breach. LastPass confirms customer password vaults stolen in earlier breach.
Threat Set Radio #199 - Talion
Threat Set Radio #199
This week’s topics- Fortinet SSL critical vulnerability exploited in attacks. Citrix ADC & Gateway critical vulnerability exploited in attacks. SVG image files used as infiltration vector by QBot malware.
Threat Set Radio #198 - Talion
Threat Set Radio #198
This week’s topics- MuddyWater leverage compromised accounts to drop legitimate admin tools. Open source ransomware strain acts as a wiper due to poor coding. Rackspace confirm outage is ransomware related, no attribution yet.
Threat Set Radio #197 - Talion
Threat Set Radio #197
This week’s topics- Acer laptops possess flaw which allows secure boot to be disabled. NPM package naming quirk can bypass security checks. LastPass suffers second security breach in 3 months as direct result of the first.
Threat Set Radio #196 - Talion
Threat Set Radio #196
This week’s topics- Another ransomware variant switches to the Rust programming language. Several threat actors observed switching to new Go based Aurora infostealer. Report suggests Nighthawk may soon be adopted as another Cobalt Strike alternative.
Threat Set Radio #195 - Talion
Threat Set Radio #195
This week’s topics- Chinese groups increasingly using Google drive and similar applications as infiltration vectors. QBot leverages Control Panel to launch malware after previously abusing Calc.exe. Lazarus employ updated version of DTrack as part of new wave of attacks.
Threat Set Radio #194 - Talion
Threat Set Radio #194
This week’s topics- Lockbit affiliate includes Amadey bot as part of new infection chain. Experts warn URLscan integrations are leaking sensitive data. 15,000 sites, primarily WordPress, compromised as part of SEO campaign.
Threat Set Radio #193 - Talion
Threat Set Radio #193
This week’s topics- RAT campaign impersonates legitimate password and backup software as delivery method. Chinese group using new quiet infection chain to drop LODEINFO. Media company compromised and used to push SocGholish through US news sites.
Threat Set Radio #192 - Talion
Threat Set Radio #192
This week’s topics- Emotet becomes prime distributor of self extracting malicious archives GitHub repositories claiming to be PoC code actually contain various malware. Two flaws which directly target Windows event logs could result in DoS.
Threat Set Radio #191 - Talion
Threat Set Radio #191
This week’s topics- Microsoft sensitive data breach linked to over 65,000 entities. Ursnif mirrors its peers, evolving from banking trojan to platform. New Powershell backdoor bypasses AV detection, hits 60+ victims.
Threat Set Radio #190 - Talion
Threat Set Radio #190
This week’s topics- POC available for critical Forinet vulnerability ProxyNotShell patches conspicuously missing from patch Tuesday Microsoft Defender to add automatic C2 detection to its capabilities
Threat Set Radio #189 - Talion
Threat Set Radio #189
This week’s topics- BlackByte group abuses “bring your own driver” flaw in attacks. Lazarus exploit existing Dell drivers to gut detection capabilities. Updated mitigation actions for ProxyNotShell issued after original actions bypassed.
Threat Set Radio #188 - Talion
Threat Set Radio #188
This week’s topics- New zero day “similar to proxylogon” used in exchange attacks. Brute Ratel has been cracked, and will likely replace Cobalt Strike imminently. A new dropper unloads a dozen infections, some of which are droppers themselves.
Threat Set Radio #187 - Talion
Threat Set Radio #187
This week’s topics- Lockbit 3.0 toolkit leaked online by one or more angry developers. 15 year old unpatched Python flaw present in over 350,000 projects. Emotet post Conti, now distributes Quantum and BlackCat.
Threat Set Radio #186 - Talion
Threat Set Radio #186
This week’s topics- Iranian group leverages data encryption to perform encryption. Intermittent encryption gains popularity among ransomware operators. Bumblebee gains new post exploitation and stealth capabilities.
Threat Set Radio #185 - Talion
Threat Set Radio #185
This week’s topics- Twilio breach allowed attackers access to Okta single use sign on codes. Raspberry Robin USB malware linked to EvilCorp via Dridex similarities. Ransomware written in more obscure languages trend continues with Golang based “Agenda”
Threat Set Radio #184 - Talion
Threat Set Radio #184
This week’s topics- LastPass suffers breach, unknown amount of source code stolen. APT29 and others leveraging dormant accounts to bypass MFA. Lockbit victim Entrust appears to DDoS the ransomware operation in retaliation.
Threat Set Radio #183 - Talion
Threat Set Radio #183
This week’s topics- Electron, the backbone of Teams and Discord, has a one click RCE vulnerability uncovered. POC for a 9.8 vulnerability targeting Realtek routers released online. Callback phishing as an attack vector sees an alarming 625% spike from last quarter.
Threat Set Radio #182 - Talion
Threat Set Radio #182
This week’s topics- Twitter discloses a breach affecting 5.4 million accounts that could enable smishing, phishing and sim swapping attempts. A suspected nation state cyberattack on NHS’s 111 service points speculation towards a Russian retaliation attack. Killnet announced its operations shall soon turn lethal.
Threat Set Radio #181 - Talion
Threat Set Radio #181
This week’s topics- Lockbit switches to abusing Windows Defender as Cobalt Strike loader. Raspberry Robin possibly linked to EvilCorp. Gootkit reappears with new infection vectors. Suspected Darkside rebrand BlackCat learns nothing, attacks gas pipeline.
Threat Set Radio #180 - Talion
Threat Set Radio #180
This week’s topics- UEFI malware in development since 2016 discovered in Gigabyte and ASUS motherboards. As Microsoft finally disables macros by default, container files emerge as replacement delivery mechanism. QBot uses old version of Windows Calculator to facilitate DLL hijacking.
Threat Set Radio #179 - Talion
Threat Set Radio #179
This week’s topics- Atlassian issues fix for critical hardcoded credentials vulnerability Two new ransomware strains are cross platform in nature New modular “Lightning Framework” adds to fears of Linux malware surge
Threat Set Radio #178 - Talion
Threat Set Radio #178
This week’s topics- Impersonation of cybersecurity firms by threat actors as part of callback phishing attacks. Luna Moth becomes the latest attack group to perform Ransomware style extortion without encryption. Searchable data leak sites gain traction among threat actors as new leverage tool.
Threat Set Radio #177 - Talion
Threat Set Radio #177
This week’s topics- Ransomware affiliates spoof US companies to obtain new red team tools as they pivot away from Cobalt Strike. Hive ransomware strain is completely re-written in Rust, gaining faster encryption among other benefits. Microsoft reverses change popular among InfoSec community, no longer disabling document macros by default.
Threat Set Radio #176 - Talion
Threat Set Radio #176
This week’s topics- Mitel phone bug exploited to perform ransomware attack. Lockbit 3.0 introduces first ransomware bug bounty program. AMD reportedly suffers attack and data is currently held for ransom.
Threat Set Radio #175 - Talion
Threat Set Radio #175
This week’s topics- New variation of PetiPtoam flaw dubbed DFSCoerce can allow windows domain takeover. Okta discusses Lapsus$ breach and how zero trust helped secure network from worse effects. A collection of 56 flaws dubbed Icefall degrades security posture of thousands of OT devices.
Threat Set Radio #174 - Talion
Threat Set Radio #174
This week’s topics- New Symbiote Linux malware has several concerning stealth, obfuscation, and rootkit style techniques. Emotet returns, featuring a similar codebase, but a host of new tricks. Report highlights how non admin 0365 access could be used to sabotage/encrypt cloud files.
Threat Set Radio #173 - Talion
Threat Set Radio #173
This week’s topics- Two recent flaws can be combined to create very sophisticated phishing attacks. Dridex authors EvilCorp become a LockBit affiliate, likely in another effort to evade sanctions. POC code released for “trivial” to exploit Atlassian Confluence vulnerability.
Threat Set Radio #172 - Talion
Threat Set Radio #172
This week’s topics- New Chromeloader malware employs stealthy installation and persistence methods. New MS Office zero day allows “no click” powershell exploitation even with macros disabled.
Threat Set Radio #171 - Talion
Threat Set Radio #171
This week’s topics- Information on a Russian botnet designed to manipulate social media trends and spread disinformation, facial recognition technology Clearview AI is fined by the UK government and an Iranian threat group target the port of London authority.
Threat Set Radio #170 - Talion
Threat Set Radio #170
This week’s topics- New modular Eternity malware being offered via Telegram Conti appears to encourage overthrowing the Costa Rican government Conti reportedly shuts down, splintering into smaller cells and operations.
Threat Set Radio #169 - Talion
Threat Set Radio #169
This week’s topics- US sanctions crypto laundering service used by the North Korean Lazarus group. Full featured Russian RAT DarkCrystal is selling perpetual licences for a mere $40. US offers a $15,000,000 bounty for information leading to the Conti overlords.
Threat Set Radio #168 - Talion
Threat Set Radio #168
This week’s topics- Confirmation of REvils return as new sample is obtained and evaluated. New technique discovered involving hiding payload in Windows Event Logs. Ukraine affiliated hacktivists target Russian alcohol production pipeline.
Threat Set Radio #167 - Talion
Threat Set Radio #167
This week’s topics- Bumblebee appears to replace BazarLoader as Conti’s delivery vector of choice. Emotet returns to full operation, more than a year after coordinated takedown. FBI circulates warning regarding new BlackCat ransomware strain.
Threat Set Radio #166 - Talion
Threat Set Radio #166
This week’s topics- No 10 suspected of being target of NSO spyware attack U.S. offers $5 million for info on North Korean cyber operators Notorious cybercrime gang’s botnet ZLoader disrupted
Threat Set Radio #165 - Talion
Threat Set Radio #165
This week’s topics- Raidforums seized, owner and operator arrested after running the site since the age of 14. Microsoft works with US government to dismantle operations targeting Ukraine. In an act of poetic justice, Conti source code is repurposed to attack Russian targets.
Threat Set Radio #164 - Talion
Threat Set Radio #164
This week’s topics- Intel completely shuts down business in Russia, exacerbating component shortage fears. German investigators shut down Hydra, the largest illegal Darkweb marketplace. Borat remote access trojan, with ransomware and other capabilities, offered for sale.
Threat Set Radio #163 - Talion
Threat Set Radio #163
This week’s topics- Chinese security researcher accidentally releases spring framework PoC exploit. Raccoon stealer malware operation suspended after key developer killed in Ukraine invasion. Kaspersky pose “unacceptable risk” as the Russian security giant is removed from bug bounty programs. Lapsus$ return from vacation, and take arrests in stride releasing 70gb of data stolen from Globant.
Threat Set Radio #162 - Talion
Threat Set Radio #162
This week’s topics- Open source software poisoned and turned into supply chain attack as anti war protest. Much newer functional version of Conti leaked online as revenge by Ukrainian member. Lapsus$ members arrested in London after more high profile hits over the last week.
Threat Set Radio #161 - Talion
Threat Set Radio #161
This week’s topics- The arrest and extradition of a NetWalker ransomware affiliate The exploitation of unskilled Ukrainian hackers A campaign which suggests China may be helping Russia in their cyber efforts towards the conflict
Threat Set Radio – Higher Education - Talion
Threat Set Radio – Higher Education
Hosted by Talion's in-house Threat Intelligence team, this special Threat Set Radio podcast episode covers some of the specific threats Higher Education is facing: ·         BotNet targeting Higher Education ·         Log4Shell exploit ·         Recent Ransomware attacks on Higher Education
Threat Set Radio #160 - Talion
Threat Set Radio #160
This week’s topics- Cybersecurity news regarding the ongoing Russian invasion of Ukraine rundown. Certificates obtained from Nvidia leak used to sign malware. Lapsus$ breaches Samsung shortly after the Nvidia attack.
Threat Set Radio #159 - Talion
Threat Set Radio #159
This week’s topics- Data wiper pointed at Ukraine appears to have been in development for months. Ukranian researcher leaks Conti comms after they announce support for Russian invasion. Trickbot developers appear to fold into Conti operation in act of cybercrime consolidation. Nvidia hacked and employee data stolen, only to promptly hack the attackers back.
Threat Set Radio #158 - Talion
Threat Set Radio #158
This week, we discuss the Russia/Ukraine conflict and its threat to spill over the Ukrainian boarders within the cyber space. Our thoughts here at Talion are with everyone affected by this conflict. We shall continue to update and support the public on developments regarding the cyber threats this conflict imposes to organisation's across the globe. This week’s topics- Analysis of the #DDoS Attacks against Ukrainian Websites New #Sandworm malware #Cyclops Blink replaces #VPNFilter Jammer used to stop kids going online, wipes out a town's internet by mistake
Threat Set Radio #157 - Talion
Threat Set Radio #157
In this week's episode: Microsoft Defender to gain ability to block credential theft via Mimikatz and similar methods. Kraken botnet spread using Smokeloader, and is observed dropping Redline. Hackers using Microsoft Teams to perform extremely blatant internal attacks.
Threat Set Radio #156 - Talion
Threat Set Radio #156
In this week's episode: Russia performs third major cybercrime arrest as apparent crackdown continues. Ransomware gangs adapt in effort to draw less attention and retaliation. Smokeloader spearheads long list of malware strains using pay per install service to expand
Threat Set Radio #155 - Talion
Threat Set Radio #155
In this week's episode: Malicious CSV files used as Bazar malware infection vector. Research compiled from 2021 shows most ransomware infections are self installed. New publicly available Windows privilege escalation vulnerability as admins skip January patch.
Threat Set Radio #154 - Talion
Threat Set Radio #154
In this week's episode: Windows Update used by Lazarus as a living off the land tool to deploy malware. Firmware level rootkits becoming more popular as 3rd to hide in SPI flash discovered. Microsoft finally disables Excel XML macros by default in effort to block malware.
Threat Set Radio #153 - Talion
Threat Set Radio #153
In this week's episode: Russian authorities claim to dismantle the entire REvil ransomware operation, and seize assets. Dark web card fraud platform shuts up shop after 8 years citing age of operators. New ransomware strain dubbed White Rabbit linked to Fin8 group.
Threat Set Radio #152 - Talion
Threat Set Radio #152
In this week's episode: Google doc comments leveraged as highly convincing phishing lures. Carbanak authors attempt ransomware infection by mailing disguised USBs to victims. 8 year old Microsoft Defender flaw highlighted by security researchers.
Threat Set Radio #151 - Talion
Threat Set Radio #151
In this week's episode: Microsoft sees in the new year with exchange server flaw dubbed Y22K, halting emails for affected organisations. Purple Fox rootkit seeing increased distribution through trojanised versions of Telegram messenger. Compromised version of Atera tools used to compromise organisations using decade old code signing oversight.
Threat Set Radio #150 - Talion
Threat Set Radio #150
In this week's episode: Rook, a new ransomware strain which appears to be created from the Babuk source code leak appears in the wild. Researchers say Log4J flaw will take years to fully address owing to the sheer number of nested dependencies. The ransomware gang which breached Gigabyte provides a free decryptor after realising they hit the US police.
Threat Set Radio #149 - Talion
Threat Set Radio #149
In this week's episode: New lightweight malware strain hides in the registry among other stealth techniques. Two active directory bugs from November patch Tuesday abused in tandem by PoC to allow takeover. Pysa ransomware strain experiences huge surge to become a top player as the year closes.
Threat Set Radio #148 - Talion
Threat Set Radio #148
In this week's episode the fallout from the Log4j discovery, new developments on the resurrection of Emotet & an accidental uncovering of Hello Kitty ransomware.
Threat Set Radio #147 - Talion
Threat Set Radio #147
In this weeks episode, New Cerber ransomware impersonator targets Confluence and Gitlab servers. Direct Cobalt Strike installation further suggests new Emotet infrastructure gearing up for Ransomware campaign. Solarwinds attackers deploy new stealthy malware strain and search for new supply chain attack opportunities.
Threat Set Radio #146 - Talion
Threat Set Radio #146
In this weeks episode, Trickbot adopt new evasion methods to avoid sandbox environments, nation state actors employ simple yet effective technique to perform post phishing exploitation, and an RCE vulnerability affecting over 150 distinct HP printer models has existed for over 8 years.
Threat Set Radio #145 - Talion
Threat Set Radio #145
In this weeks episode proof of concept weaponised with alarming speed as windows installer zero day spotted in the wild, GoDaddy suffers breach affecting 1.2 million sites, ongoing since September and new strain of Linux malware hides in cron jobs scheduled for dates that don't exist.
Threat Set Radio #144 - Talion
Threat Set Radio #144
This week’s Threat Intel news:
  • Emotet rises from the dead, uses its old payload Trickbot to rebuild itself
  • North Korea state actors target security researchers with compromised analysis software
  • Research highlights the TLDs favoured by attackers for different types of malicious activity
Threat Set Radio #143 - Talion
Threat Set Radio #143
This week’s Threat Intel news:
  • US charges 2 suspected major REvil ransomware operators
  • Conti ransomware gang make grovelling apology to Arab Royals over data leak
  • TeamTNT hackers target your poorly configured Docker server
Threat Set Radio #142 - Talion
Threat Set Radio #142
This week’s Threat Intel news:
  • Darkside hit with a $10m bounty as fallout of Colonial Pipeline attack continues.
  • Critical Linux kernel vulnerability disclosed.
  • FBI releases advisory stating ransomware gangs specifically target victims in financially sensitive negotiations.
Threat Set Radio #141 - Talion
Threat Set Radio #141
This week’s Threat Intel news:
  • Avoslocker reportedly hits Gigabyte, possibly obtains files enabling supply chain attacks.
  • Conti begins selling access to non compliant victims networks.
  • Rootkit discovered bearing a valid Microsoft signature after evading vetting process.
Threat Set Radio #140 - Talion
Threat Set Radio #140
This week’s Threat Intel news:
  • Macaw Locker is Evilcorps latest ransomware strain rebrand to evade sanctions.
  • Trickbot uses new tricks for distribution.
  • FIN7 creates fake English cybersecurity firm to hire pen-testers to perform criminal attacks.
Threat Set Radio #139 - Talion
Threat Set Radio #139
This week’s Threat Intel news:
  • New EU legislation could ban anonymous domain registration, in an effort to curb cyber crime
  • FINN12 becomes the first ransomware affiliate to be elevated to threat actor level, targets healthcare
  • SnapMC skips the traditionally most important part of ransomware, and just plain extorts victims
Threat Set Radio #138 - Talion
Threat Set Radio #138
This week's Threat Intel news:
  • Ransomware operators arrested and ill gotten gains seized in Ukraine
  • Atom Silo ransomware strain targets Confluence servers and employs novel evasive measures
  • Apache Airflow vulnerability morphs into remote code execution as POC is released
Threat Set Radio #137 - Talion
Threat Set Radio #137
This week's Threat Intel news:
  • Microsoft scrambles to register autodiscover domains exploited in flaw it was warned of years ago.
  • The Conti ransomware gang target new recruits with specific backup destruction experience.
  • FoggyWeb malware attributed to the group behind the infamous Solarwinds attack.
Threat Set Radio #136 - Talion
Threat Set Radio #136
This week's Threat Intel news:
  • OS compatibility features abused to stealthily deliver malware
  • VMware notifies customers of particularly concerning vulnerability prior to disclosure
  • US government poised to sanction Crypto exchanges which have dealt with cyber criminals
Threat Set Radio #135 - Talion
Threat Set Radio #135
This week's Threat Intel news in just 7 minutes:
  • The recent Apple hack
  • Dark web forum Marketo making a name for themselves
  • Update on recent ransomware activity
Threat Set Radio #134 - Talion
Threat Set Radio #134
This week's Threat Intel news in just 6 minutes:
  • New malware technique observed using CLFS log files to evade detection.
  • REvil returns after 2 months of hiding, attacks UK based ITSP with DDoS attacks.
  • Babuk source code leaked by ransomware developer dying due to stage 4 lung cancer.
Threat Set Radio #133 - Talion
Threat Set Radio #133
This week's Threat Intel news in just 7 minutes:
  • Lockfile ransomware utilises intermittent file encryption to bypass defences.
  • Microsoft exchange flaw can enable remote theft of entire mailbox.
  • BazaLoader uses fake DMCA takedown and DDoS notices as lures to deliver malware.
Threat Set Radio #132 - Talion
Threat Set Radio #132
This week's Threat Intel news in just 7 minutes:
  • Details emerge on Fin8’s newly developed backdoor
  • Razer products allow alarmingly easy local privilege escalation
  • Proxyshell attacks on the rise despite patch issued months ago
Threat Set Radio #131 - Talion
Threat Set Radio #131
Some showstoppers this week, get the low down on:
  • Blackbaud in court battle over downplaying the severity of its 2020 ransomware attack
  • Almost half of US hospitals have shut down networks due to ransomware, new report shows
  • Possible terrorist suspect and no fly list exposed on Elasticsearch cluster with no password
Threat Set Radio #130 - Talion
Threat Set Radio #130
This week we're discussing:
  • Gigabyte, and American Megatrends GIT breached by RansomEXX
  • Accenture hit by Lockbit RaaS operation in the wake of REvil and Darkside winding down
  • Vulnerability disclosed in Arcadyan router firmware present for over a decade
Threat Set Radio #129 - Talion
Threat Set Radio #129
This week we're discussing:
  • Darkside returns, rebranding as Blackmatter following the Colonial Pipeline attack
  • Disgruntled Conti ransomware affiliate leaks the groups playbook and training materials
  • ENISA concludes current defences will fold to supply chain based attacks based on recent examples
Threat Set Radio #128 - Talion
Threat Set Radio #128
This week we're discussing:
  • Doppelpaymer looks to be performing a fairy obvious rebrand.
  • The Babuk groups new ransomware forum ironically held to ransom.
  • The no more ransom initiative saves over a billion in payments after 5 years in operation.
Threat Set Radio #127 - Talion
Threat Set Radio #127
This week we're discussing:
  • Kaseya obtains decryption master key, but is remaining quiet about its origin
  • Printer vulnerability nearly old enough to drive affects millions of machines
  • Windows zero day privilege escalation vulnerability affects even unreleased Windows 11
Threat Set Radio #126 - Talion
Threat Set Radio #126
This week we're discussing:
  • New Solarwinds vulnerability under active exploitation
  • REvil disappears from the face of the earth following Kaseya attack fallout
  • Trickbot resurgence with new capabilities
Threat Set Radio #125 - Talion
Threat Set Radio #125
Kaseya made headings this week with a supply chain attack claiming approximately 1500 victims, and the largest ever ransom demand of $70m.  Also, After OOB patch addressing PrintNightmare released by Microsoft, researchers discover a complete bypass.
Threat Set Radio #124 - Talion
Threat Set Radio #124
In this week's bulletin we're discussing:
  • Criminal VPN service taken down by law enforcement, who claim to have seized customer logs.
  • Code to exploit windows print spooler service accidentally released, disable ASAP.
  • Babuk ransomware building tool leaked to VT and immediately used by copycats.
Threat Set Radio #123 - Talion
Threat Set Radio #123
Ransomware continues to dominate the headlines this week, we'll be discussing:
  • Clop ransomware chugs onward despite arrests of multiple members and equipment seizures.
  • 700GB of ADATA files publicly released following refusal to pay ransom.
  • Data leak marketplace attempts to entice competitors into buying rivals compromised data.
Threat Set Radio #122 - Talion
Threat Set Radio #122
In this week's episode we're discussing:
  • Avaddon, responsible for almost a quarter of all ransomware attacks in 2021, calls it quits.
  • EA reportedly breached via slack channel used to obtain MFA login token.
  • SITA, IT provider for 90% of the airline industry, hit by longform supply chain attack.
Threat Set Radio #121 - Talion
Threat Set Radio #121
In this week's episode we're discussing:
  • Evilcorp attempts to imitate other criminal group to evade sanctions
  • Attackers are actively looking to leverage new VMware vulnerability with working PoC code
  • Colonial ransomware incident attributed to old VPN password found in previous breaches
  • Largest stolen credentials market taken down by joint operation
Threat Set Radio #120 - Talion
Threat Set Radio #120
In this week's episode we discuss:
  • HaveIBeenPwned partners with the FBI
  • Worlds largest meat producer hit by REvil ransomware attack
  • Group responsible for the Solarwinds nightmare begins new campaign
  • Babuk group moves away from encryption, toward data extortion model instead
Threat Set Radio #119 - Talion
Threat Set Radio #119
This week we report on, The SolarWinds attacker's NOBELIUM's latest campaign, 8 individuals arrested in connection with Royal Mail smishing campaign & a cheese loving drug dealer sentenced to 13 years
Threat Set Radio #118 - Talion
Threat Set Radio #118
This week we report on New Zealand hospitals infected by ransomware, cancels surgeries, Colonial Pipeline CEO confirms $4.4 million payment & Qlocker ransomware shuts down after extorting hundreds of QNAP users.
Threat Set Radio #117 - Talion
Threat Set Radio #117
This week we're focusing on the Colonial pipeline ransomware attack, the aftermath, and the potential long term consequences.
Threat Set Radio #116 - Talion
Threat Set Radio #116
In this week's episode we're discussing:
  • Dell kernel bugs have the potential to be used against an install base of hundreds of millions
  • New spectre flaw surfaces, bypasses all current protections
  • A student delivers Ryuk onto research institute estate after downloading cracked software
Threat Set Radio #115 - Talion
Threat Set Radio #115
In this week's episode - Another supply chain style attack, this time breaches an enterprise password manager, Babuk gets uncomfortably close to the plot of a bond film, threatening to expose informants if ransom goes unpaid and the “most reliable” UK rail network hit by ransomware as directors mail account hijacked.
Threat Set Radio #114 - Talion
Threat Set Radio #114
This week we cover:
  • Codecov compromised in another large supply chain attack
  • Ryuk updates its techniques to include novel evasion methods
  • The Bazarloader campaign uses collaboration platforms to increase infection rate
Threat Set Radio #113 - Talion
Threat Set Radio #113
This week we cover FBI accesses exchange servers still affected by proxylogon without consent, Zoom RCE vulnerability requiring no user interaction debuted at Pwn2Own and US Government finally formally charges APT29 with Solarwinds breach.
Threat Set Radio #112 - Talion
Threat Set Radio #112
In this week's episode we'll be discussing:
  • LinkedIn job offer phishing delivers more_eggs
  • VMWare suffers another critical vulnerability, this time in security platform
  • SAP issues advisory on how quickly attackers reverse engineer their own patches
Threat Set Radio #111 - Talion
Threat Set Radio #111
In this episode we'll be discussing:
  • Insurance Giant CNA hit by new ransomware strain tied to Evilcorp
  • Official PHP Git server appears to have been compromised, and a supply chain attack attempted
  • Ransomware group pledges to return payments, after pocketing a tidy profit due to Bitcoin inflation
Threat Set Radio #110 - Talion
Threat Set Radio #110
In this week's episode we're discussing:
  • Multiple high profile hackers charged, after targeting multiple companies including Tesla.
  • Acer hit by ransomware demanding largest known ransom demand to date, 50 million USD
  • Evil corp reportedly creates Wastedlocker spinoff to evade sanctions on ransom payment.
Threat Set Radio #109 - Talion
Threat Set Radio #109
In this week's episode we discuss:
  • 6 Distinct APTs leveraged the exchange 0-day prior to patch, indicating previously unseen co-operation.
  • Ransomware joins the list of post exchange exploit activity with the new strain “Dearcry”
  • Trickbot takes the crown once held by Emotet prior to its takedown.
Threat Set Radio #108 - Talion
Threat Set Radio #108
This week we report on:
  • the Hafnium hack, posing a new long-term threat for already overtaxed cyber workers,
  • operators of REvil ransomware threatening DDoS attacks and increase intimidation techniques by threatening Journalists and Business Partners over the phone,
  • and the breach of 150,000 Verkada surveillance camera feeds for the NHS, Tesla and numerous other large organisations.
Threat Set Radio #107 - Talion
Threat Set Radio #107
In this week's episode we give you the lowdown on:
  • Ryuk develops self propagation capabilities, possibly due to Emotet takedown.
  • Four exchange vulnerabilities cause Microsoft to fear a repeat of the past.
  • Maza, infamous and exclusive Russian cybercriminal forum, suffers breach.
Threat Set Radio #106 - Talion
Threat Set Radio #106
In this week's episode we discuss:
  • Critical VMware vulnerability discovered, present in the default install of the majority of enterprise data centers.
  • Tool previously believed to be made by Chinese APT group appears to be cloned stolen NSA tool.
  • New details emerge regarding browser zero day used to target security researchers.
Threat Set Radio #103 - Talion
Threat Set Radio #103
In this weeks episode we discuss the following news stories:
  • Google patches the Chrome zero day suspected of use in targeted attacks against security researchers
  • Windows installer vulnerability is now exploitable for a 6th time as yet another bypass method is released
  • Trickbot continues to evolve and adapt following takedown attempt, this time adding a MassScan module
Threat Set Radio #105 - Talion
Threat Set Radio #105
In this episode we discuss the following news items: 
  • Jones Day law firm files released after the company refuses to pay ransom
  • Accelion product responsible for data breach is retired after decades of operation
  • Kia Motors America fall afoul of a Doppelpaymer ransomware attack
  • Microsoft claims the Solarwinds Orion compromise was the work of over 1000 engineers
Threat Set Radio #104 - Talion
Threat Set Radio #104
This week we report on remote Desktop Protocol Attacks surging by 768%, hacker modifying drinking water chemical levels in Florida and Cyperpunk 2077 creator CD Projekt Red hit with a ransomware attack.
Threat Set Radio #102 - Talion
Threat Set Radio #102
This week we report on suspected Lazarus attackers attempting to socially engineer security researcher to acquire zero days, legacy accounts of departed or deceased staff members being utilised for network compromise, and Emotet on the verge of collapse following infrastructure takedown.
Threat Set Radio #101 - Talion
Threat Set Radio #101
This week we report on Malwarebytes joining the list of victims targeted by the SolarWinds attacker, attackers targeting cloud infrastructure more reliably bypassing MFA and the proof of concept code release, and public tool developed for CVSS 10 SAP vulnerability.
Threat Set Radio #100 - Talion
Threat Set Radio #100
This week we report on the SolarWinds attackers reportedly gaining some level of initial access via password spraying, similarities discovered between the malware used in SolarWinds attack and a Russian backdoor from 2017 and leak sites claiming to sell data obtained from recent SolarWinds compromise. Also the release of Microsoft tool updates to help detect process tampering type attacks and a Windows defender vulnerability being actively used in the wild patched.
Threat Set Radio #99 - Talion
Threat Set Radio #99
This week we report on multiple US agencies have now officially attributed the SolarWinds breach to a Russian state group, Microsoft claim that the end goal of the Sunburst backdoor was to move into victims cloud infrastructure and hardcoded, stored in plaintext, admin level credentials discovered present on many Zyxel firewall and VPN products.
Threat Set Radio #98 - Talion
Threat Set Radio #98
In this episode you'll hear the latest threat intelligence for the week commencing 21 December 2020 and tactical advice to mitigate new threats.
Threat Set Radio #97 - Talion
Threat Set Radio #97
Threat Set Radio is a complimentary weekly 5-7 minute podcast published by T-Labs Threat Intelligence team every Friday. It gives a round up of new threat intelligence and tactical advice to mitigate these threats. All cyber security teams will benefit from subscribing to this free service.
What we do
We build cyber security programmes that are woven into the fabric of your organisation.
 
Looking to maximise value and flexibility?
Learn how Talion and DEVO partner to achieve this.
Discuss your cyber security needs
Contact us below and one of our team will be in touch to answer your questions.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Get In Touch With Us

Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.

CISO Cyber Dinner – Register Your Interest!

Thought-provoking cyber security discussion at Michelin-star restaurants across the UK.