ShadowTalk Update – Competitions On English Forums, Purple Teaming, & Hacker Bribes ‘Roblox’ Insider

ShadowTalk Update – Competitions On English Forums, Purple Teaming, & Hacker Bribes ‘Roblox’ Insider
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
May 11, 2020 | 2 Min Read

This week Alex chats with Kacey, Charles, and Rick around competitions we’ve been seeing on English-language cybercriminal forums and how they compare to the ones on Russian-language forums, purple teaming, and how a hacker bribed a ‘Roblox’ insider to access user data.

And finally… our thoughts on Elon Musk’s new baby’s name.

Lucy ransomware impersonates FBI to exploit Android users

The “Lucy” malware-as-a-service (MaaS) botnet and dropper has reportedly been updated with ransomware capabilities in a new attack campaign against Android mobile-device users. The malware was purportedly spread via malicious links on social media platforms. After tricking Android users who visited the platforms―causing them to grant permissions―the malware encrypted all data on the victims’ Android devices. Lucy used a ransom note that impersonated the United States Federal Bureau of Investigation and demanded that victims pay via credit card, probably so the threat actors could also gain access to victims’ credit-card details.


Cisco offers patch for high-severity router software flaw

A patch was released for a high-severity security flaw affecting Cisco’s IOS XE software used by SD-WAN routers. Described as an insufficient input validation flaw, the vulnerability could allow attackers to execute arbitrary code and abuse root privileges on target systems. No attacks exploiting the vulnerability have been reported but users are being advised to apply the patch.


SaltStack vulnerability leads to attacks on Ghost blogging platform

The open-source blogging platform Ghost was reportedly compromised in attacks that followed a threat actor exploiting a vulnerability in the SaltStack software (CVE-2020-11651). Attackers attempted to use Ghost’s infrastructure to mine cryptocurrency,  by using cryptocurrency-mining malware. The attack campaign was discovered on 03 May 2020, just two days after the vulnerability in SaltStack was disclosed. Reporting suggested that no user data was compromised.

For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 08 May 2020

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Targets and Predictions for the COVID-19 Threat Landscape

Targets and Predictions for the COVID-19 Threat Landscape

January 14, 2021 | 7 Min Read

Note: This blog is part of our ongoing...
Tracing the Rise and Fall of Dark Web Marketplaces and Cybercriminal Forums

Tracing the Rise and Fall of Dark Web Marketplaces and Cybercriminal Forums

January 13, 2021 | 9 Min Read

It’s often the case that a sequel to a...
ShadowTalk Update: SolarWinds Updates, TicketMaster Fraud, Apex Cyber Attack, and More!

ShadowTalk Update: SolarWinds Updates, TicketMaster Fraud, Apex Cyber Attack, and More!

January 11, 2021 | 2 Min Read

ShadowTalk hosts Stefano, Adam and Dylan...
ICYMI: SolarWinds Compromise Update

ICYMI: SolarWinds Compromise Update

January 8, 2021 | 7 Min Read

Note: This blog is a follow-up of our...