ShadowTalk Update – Competitions On English Forums, Purple Teaming, & Hacker Bribes ‘Roblox’ Insider

ShadowTalk Update – Competitions On English Forums, Purple Teaming, & Hacker Bribes ‘Roblox’ Insider
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
May 11, 2020 | 2 Min Read

This week Alex chats with Kacey, Charles, and Rick around competitions we’ve been seeing on English-language cybercriminal forums and how they compare to the ones on Russian-language forums, purple teaming, and how a hacker bribed a ‘Roblox’ insider to access user data.

And finally… our thoughts on Elon Musk’s new baby’s name.

Lucy ransomware impersonates FBI to exploit Android users

The “Lucy” malware-as-a-service (MaaS) botnet and dropper has reportedly been updated with ransomware capabilities in a new attack campaign against Android mobile-device users. The malware was purportedly spread via malicious links on social media platforms. After tricking Android users who visited the platforms―causing them to grant permissions―the malware encrypted all data on the victims’ Android devices. Lucy used a ransom note that impersonated the United States Federal Bureau of Investigation and demanded that victims pay via credit card, probably so the threat actors could also gain access to victims’ credit-card details.


Cisco offers patch for high-severity router software flaw

A patch was released for a high-severity security flaw affecting Cisco’s IOS XE software used by SD-WAN routers. Described as an insufficient input validation flaw, the vulnerability could allow attackers to execute arbitrary code and abuse root privileges on target systems. No attacks exploiting the vulnerability have been reported but users are being advised to apply the patch.


SaltStack vulnerability leads to attacks on Ghost blogging platform

The open-source blogging platform Ghost was reportedly compromised in attacks that followed a threat actor exploiting a vulnerability in the SaltStack software (CVE-2020-11651). Attackers attempted to use Ghost’s infrastructure to mine cryptocurrency,  by using cryptocurrency-mining malware. The attack campaign was discovered on 03 May 2020, just two days after the vulnerability in SaltStack was disclosed. Reporting suggested that no user data was compromised.

For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 08 May 2020

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

It’s even easier to initiate takedowns in SearchLight

It’s even easier to initiate takedowns in SearchLight

August 12, 2020 | 3 Min Read

When faced with infringing content, phishing...
Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

August 11, 2020 | 15 Min Read

Just a few short months ago, the...
Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...