We're Moving! - Websites, That Is
Threat Intelligence / ShadowTalk Update – Ed Merrett Joins To Talk HackableYou And The Latest In Threat Intel

ShadowTalk Update – Ed Merrett Joins To Talk HackableYou And The Latest In Threat Intel

ShadowTalk Update – Ed Merrett Joins To Talk HackableYou And The Latest In Threat Intel
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
September 21, 2020 | 2 Min Read

This week’s host Kacey is joined by Charles and Alec to bring you the latest in threat intelligence. In this episode they cover: 

  • Visa issues a warning about new credit card skimmer “Baka”
  • Epic Manchego – Atypical malicious document delivery
  • What is Smaug and how does it operate?
  • Emotet – are there new developments and why did France send an advisory?

Listen below 👇👇

ShadowTalk Threat Intelligence Podcast · Weekly: The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again

89 vulnerabilities found in content management systems

Users of popular content management systems (CMS) have become susceptible to several cyber threats, following the discovery of 89 vulnerabilities in several popular platforms, including WordPress, Doomla, Drupal, and OpenCard. The discovery followed research into the rising number of web defacements observed between July 2019 and May 2020. Arbitrary file upload vulnerabilities were the most common issue, and may permit attackers to upload shell scripts onto web servers, facilitate remote code execution, and deface websites. The number of potential victims exposed to the 89 vulnerabilities is likely to be high. CMS platforms are typically used for web content management and support a diverse variety of industries and purposes.

NetWalker ransomware disrupts Pakistani electricity provider

K-Electric, known as Pakistan’s largest private utility company, was affected in a “NetWalker” ransomware attack that resulted in disruption to online and billing services. The attack did not have any impact on K-Electric’s ability to provide power, but could have had serious implications, given that K-Electric is the sole provider of electricity in Karachi. The incident highlights the growing trend of ransomware actors targeting sectors involved in critical national infrastructure, which could have dangerous consequences.

Chinese threat actors targeting US entities through Exchange, Citrix, F5 flaws

Chinese state-associated threat actors have been observed exploiting multiple vulnerabilities to target government entities and the private sector within the US. The flaws affect Citrix, Microsoft Exchange, Pulse VPN, and F5 networks. After gaining initial access, the threat actors use a series of tools to enable persistence and move laterally. Many of the vulnerabilities were exploited earlier this year by Iranian threat actors, in a campaign now being tracked as Fox Kitten.

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 18 September 2020

Related Blog Posts

We’re Moving! – Websites, That Is

We’re Moving! – Websites, That Is

December 15, 2022 | 1 Min Read

We’re excited to announce the next phase of...
APT Spotlight Series: Sandworm

APT Spotlight Series: Sandworm

December 8, 2022 | 4 Min Read

This blog is the latest in our series taking a...
Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

November 29, 2022 | 4 Min Read

As the holiday season approaches, my family has...