We're Moving! - Websites, That Is
Threat Intelligence / ShadowTalk Update – Torigon, Nulledflix, and BlueLeaks, Plus DevSecOps Insights From DS CISO Rick

ShadowTalk Update – Torigon, Nulledflix, and BlueLeaks, Plus DevSecOps Insights From DS CISO Rick

ShadowTalk Update – Torigon, Nulledflix, and BlueLeaks, Plus DevSecOps Insights From DS CISO Rick
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
June 29, 2020 | 2 Min Read

Alex, Kacey, Charles and Rick host this week’s ShadowTalk to bring you the latest threat intelligence stories. This week they cover:

  • Torigon – What was Torigon and how did it fail to survive?
  • Nulledflix – The Nulled-focused streaming service taken down immediately for maintenance
  • BlueLeaks exposing private law enforcement files
  • DevSecOps and how it can be useful to your organization

Listen to this week’s episode now 👇

ShadowTalk Threat Intelligence Podcast · Weekly: Torigon, Nulledflix, and BlueLeaks, Plus DevSecOps Insights From DS CISO Rick

TCP/IP flaws ripple through Internet of Things devices

Security researchers discovered 19 zero-day vulnerabilities in TCP/IP code developed by Treck Inc, which develops software that is implemented by many networking protocols and used by millions of Internet of Things devices. Four of the flaws were classified as critical, given a CVSS score above 9, and could allow an attacker to remotely execute code on victims’ devices. The vulnerabilities, dubbed Ripple20, were fixed on Treck stack (version 6.0.1.67 or later).

NCSC updates details of mass credential harvesting campaign

The United Kingdom’s National Cyber Security Centre (NCSC) released an update regarding a credential harvesting campaign active since at least July 2018. There has reportedly been a recent spike in phishing emails linked to the campaign, which have indiscriminately targeted United Kingdom entities. Reporting suggests that the emails are sent from the accounts of users known to the victims, and use content that mirrors recent email exchanges, plus a malicious link disguised as a notification alert.

Tor2Mine returns after quiet year

After a year’s hiatus, the threat group “Tor2Mine” was observed targeting six unnamed organizations with additional malware and new TTPs, to harvest victims’ credentials and conduct theft. Between January and June 2020, the group was linked to attacks deploying “AZORult”, an information-stealing trojan; “XMRig”, a cryptocurrency miner; “Remcos”, a remote-access tool; “DarkVNC”, a backdoor trojan; and an unnamed clipboard cryptocurrency stealer. Tor2Mine used domains and IP addresses previously attributed to the group, as well as a PowerShell command to download files from two new domains, asq.r77vh0[.]pw and asq.d6shiiwz[.]pw, that were hosted on a new IP address, 185.10.68[.]147. It remains unclear whether the attackers were successful against the six organizations.

For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 26 June 2020

Related Blog Posts

We’re Moving! – Websites, That Is

We’re Moving! – Websites, That Is

December 15, 2022 | 1 Min Read

We’re excited to announce the next phase of...
APT Spotlight Series: Sandworm

APT Spotlight Series: Sandworm

December 8, 2022 | 4 Min Read

This blog is the latest in our series taking a...
Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

November 29, 2022 | 4 Min Read

As the holiday season approaches, my family has...