ShadowTalk Update – Torigon, Nulledflix, and BlueLeaks, Plus DevSecOps Insights From DS CISO Rick

ShadowTalk Update – Torigon, Nulledflix, and BlueLeaks, Plus DevSecOps Insights From DS CISO Rick
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
June 29, 2020 | 2 Min Read

Alex, Kacey, Charles and Rick host this week’s ShadowTalk to bring you the latest threat intelligence stories. This week they cover:

  • Torigon – What was Torigon and how did it fail to survive?
  • Nulledflix – The Nulled-focused streaming service taken down immediately for maintenance
  • BlueLeaks exposing private law enforcement files
  • DevSecOps and how it can be useful to your organization

Listen to this week’s episode now 👇

ShadowTalk Threat Intelligence Podcast · Weekly: Torigon, Nulledflix, and BlueLeaks, Plus DevSecOps Insights From DS CISO Rick

TCP/IP flaws ripple through Internet of Things devices

Security researchers discovered 19 zero-day vulnerabilities in TCP/IP code developed by Treck Inc, which develops software that is implemented by many networking protocols and used by millions of Internet of Things devices. Four of the flaws were classified as critical, given a CVSS score above 9, and could allow an attacker to remotely execute code on victims’ devices. The vulnerabilities, dubbed Ripple20, were fixed on Treck stack (version 6.0.1.67 or later).

NCSC updates details of mass credential harvesting campaign

The United Kingdom’s National Cyber Security Centre (NCSC) released an update regarding a credential harvesting campaign active since at least July 2018. There has reportedly been a recent spike in phishing emails linked to the campaign, which have indiscriminately targeted United Kingdom entities. Reporting suggests that the emails are sent from the accounts of users known to the victims, and use content that mirrors recent email exchanges, plus a malicious link disguised as a notification alert.

Tor2Mine returns after quiet year

After a year’s hiatus, the threat group “Tor2Mine” was observed targeting six unnamed organizations with additional malware and new TTPs, to harvest victims’ credentials and conduct theft. Between January and June 2020, the group was linked to attacks deploying “AZORult”, an information-stealing trojan; “XMRig”, a cryptocurrency miner; “Remcos”, a remote-access tool; “DarkVNC”, a backdoor trojan; and an unnamed clipboard cryptocurrency stealer. Tor2Mine used domains and IP addresses previously attributed to the group, as well as a PowerShell command to download files from two new domains, asq.r77vh0[.]pw and asq.d6shiiwz[.]pw, that were hosted on a new IP address, 185.10.68[.]147. It remains unclear whether the attackers were successful against the six organizations.

For more details, read the full Weekly Intelligence Summary:

Weekly Intelligence Summary 26 June 2020

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

June 30, 2020 | 4 Min Read

We all have those days or that time of the...
Security Threat Intel Products and Services: Mapping SearchLight

Security Threat Intel Products and Services: Mapping SearchLight

June 10, 2020 | 6 Min Read

For those of you who have not yet seen, Gartner...