Threat Intelligence / ShadowTalk Update – Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

ShadowTalk Update – Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

ShadowTalk Update – Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
August 17, 2020 | 2 Min Read

Alex, Kacey, and Charles host this week’s ShadowTalk, bringing you the latest in threat intelligence. In this episode they cover:

  • Defaced subreddits – which accounts were impacted and what was the cause?
  • An Intel Leak was exposed by a Twitter user – what was exposed and how did it happen?
  • Troy Hunt’s announcement on open-sourcing HIBP – our take on how it will improve the community at large

Listen below 👇👇

ShadowTalk Threat Intelligence Podcast · Weekly: Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

Iranian Fox Kitten campaign targets F5 devices

On 10 Aug 2020, security researchers reported on a Private Industry Notification (PIN) released by the FBI, warning that Iranian activity previously tracked as Fox Kitten is actively targeting F5 networking devices in the United States government and private sectors by attempting to exploit CVE-2020-5902. Fox Kitten is believed to exploit vulnerabilities in staging attacks for larger attacks by Iran’s advanced persistent threat (APT) actors such as “APT33”, “APT34”, and “Chafer”.

Critical vulnerability impacts Intel components

On 11 Aug 2020, Intel Corp warned its customers of a critical severity vulnerability that could lead to an unauthenticated remote attacker achieving an escalation of privileges. This impacts a wide range of Intel products, including motherboards, server systems, and compute modules. The critical flaw stems from improper-authentication mechanisms in Intel products before version 1.59, and is reportedly extremely exploitable, as attackers would not need to be authenticated to exploit.

LockBit targeting US-based small-medium businesses 

On 04 Aug 2020, a report published by Interpol’s Cybercrime Directorate disclosed that ransomware operators of the “LockBit” variant were actively targeting United States-based small-medium businesses (SMBs). The report, which detailed the cybercrime trends and threats amid the COVID-19 pandemic, also found that the “CERBER”, “NetWalker”, and “Ryuk” variants were the most active, and were constantly being developed to maximize the impact of their ransomware attacks.

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 14 August 2020

REvil: Analysis of Competing Hypotheses

REvil: Analysis of Competing Hypotheses

July 28, 2021 | 15 Min Read

Alex, Kacey, and Charles host this week’s...
Q2 Ransomware Roll Up

Q2 Ransomware Roll Up

July 20, 2021 | 9 Min Read

Alex, Kacey, and Charles host this week’s...
REvil Ransomware: What’s Next?

REvil Ransomware: What’s Next?

July 15, 2021 | 10 Min Read

Alex, Kacey, and Charles host this week’s...
Kaseya Attack Update: What’s Happened Since?

Kaseya Attack Update: What’s Happened Since?

July 14, 2021 | 6 Min Read

Alex, Kacey, and Charles host this week’s...