ShadowTalk Update – 09.03.2018

ShadowTalk Update – 09.03.2018
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
September 3, 2018 | 3 Min Read

Not a week goes by without an example where credential stealing, credential reuse, or poor password practices contributed heavily to a successful attack. With this in mind, Dr Richard Gold and Simon Hall join Rafael Amado to discuss the age-old problem of credential hygiene. In this week’s ShadowTalk we covered the ways in which attackers steal and take advantage of credentials, what most companies are getting wrong, and the steps you can take to improve your overall credential hygiene practices.

OilRig adds to its social-engineering bag of tricks

The OilRig threat group has continued to target entities in the oil-and-gas industry via a spearphishing and information-gathering campaign. In the 2017 campaign the group introduced a new tactic to its modus operandi by spoofing an online human resources portal. This demonstrates an increase in the effort, resources and intent OilRig is expending to achieve its goal: the acquisition of credentials and personal information.

 

Cyber security researcher discloses unpatched Windows zero-day vulnerability

Details of a Microsoft Windows zero-day vulnerability, recently announced by a cyber-security researcher, could enable exploitation by an attacker before a patch is released. A threat actor could use the vulnerability, which can exploit a fully patched 64-bit Windows 10 system, to escalate privileges locally on a target user’s computer. The vulnerability will likely be fixed as part of Windows’ next monthly patch update, due on 11 Sep 2018.

 

Lazarus Group’s FallChill backdoor can now target macOS

Backdoor malware associated with the Lazarus Group has been developed to target macOS devices and was used in an attack against a cryptocurrency exchange. Dubbed FallChill, this appears to be the first known instance of Lazarus Group-associated malware targeting this operating system. The cryptocurrency exchange was targeted with a trojanized cryptocurrency trading application. The tactics and techniques in this incident, as well as the targeting, are all consistent with historical Lazarus Group activity.

 

T-Mobile subject to breach potentially impacting 2 million customers

Telecommunications company T-Mobile was subject to a breach by an unauthorized third party on 20 Aug 2018. No financial data or social security numbers were said to have been compromised. However, the threat actor was allegedly able to access names, ZIP codes, phone numbers, email addresses, account numbers and account types for two million customers. Speculation about the compromise of passwords has been denied by T-Mobile and has yet to be confirmed.

 

To stay up to date with the latest Digital Shadows threat intelligence and news, subscribe to our threat intelligence emails here.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...
The story of Nulled: Old dog, new tricks

The story of Nulled: Old dog, new tricks

August 4, 2020 | 9 Min Read

It is often said that old dogs have a hard...
ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

August 3, 2020 | 3 Min Read

This week it’s a full house with ShadowTalk...
Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

July 29, 2020 | 10 Min Read

Back in February, Digital Shadows published...