Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
In this week’s episode of Shadow Talk, we cover the targeting of healthcare organizations by Orangeworm, BGP hijacking, vulnerabilities in MikroTik routers, DDoS market shutdowns, and the profitability of cryptocurrency mining.
Security software company Symantec reported on a newly identified threat group called Orangeworm, observed targeting entities in the healthcare industry with custom backdoor malware. Multiple geographies have been affected, which is likely the result of Orangeworm attacking international organizations. Orangeworm conducted information theft and reconnaissance, but the group’s exact motives are unconfirmed at the time of writing.
A new spam campaign is targeting multiple geographies with a quartet of malware that comprises the “Adwind” RAT, backdoors “XTRAT” and “DUNIHI”, and the information stealer “Loki Bot”. All the payloads are highly configurable and enable various malicious activities, including information theft and remote-access tasks. This is the first reported instance of the malware being bundled together in a spam campaign, having previously been distributed in separate attacks.
A botnet is actively targeting six exploits, including the remote code execution (RCE) vulnerability affecting the Drupal CMS. Its aim is to perform DoS attacks and mine cryptocurrencies. CVE-2018-7600 was classified as “highly critical” when publicly announced, and security updates have been released to address the flaw. This is the first identified incident of a threat actor targeting this vulnerability. Based on the popularity of RCE exploits, additional targeting is highly likely in the immediate future (next few weeks).
Security company Qihoo360 reported the exploitation of a zero-day vulnerability affecting the Internet Explorer browser’s kernel code by an unidentified threat actor. The vulnerability was labeled a “double play” loophole, but Microsoft has yet to release more technical details or information pertaining to the exploitation. The flaw reportedly affects all current versions of Internet Explorer and applications using the kernel.
The critical code of the kernel is usually loaded into a separate area of memory, which is protected from access by application programs or other, less critical parts of the operating system.