- In the spotlight this week: Microsoft has released a patch addressing a critical vulnerability that affects Remote Desktop Services on several legacy Windows operating systems. The flaw, referred as CVE-2019-0708, is particularly dangerous because it is “pre-authenticated” and does not require user interaction, meaning it could facilitate a widespread attack of a similar scale to the disruptive “WCry” campaign of May 2017.
- Highlights from the week include: A campaign likely conducted by the “MuddyWater” threat group that has demonstrated new obfuscation techniques, the continued development of the “Trickbot” trojan’s anti-detection capabilities in a new campaign adopting URL redirection tactics, and the deletion of over 12,000 MongoDB databases by the threat actor “Unistellar” as part of an extortion campaign.
Error - something went wrong!
Weekly Intelligence Summary 23 May - 30 May 2019
In the spotlight this week: First identified in April 2019, a new version of the malware loader “JasperLoad...
Error - something went wrong!
Most Recent Flipbooks
Weekly Intelligence Summary 05 Dec - 12 Dec 2019
“Lazarus Group” has been linked to a new trojanized Mac OS X application, demonstrating the threat group’s preference for employing OS X malware over the past two years.
Weekly Intelligence Summary 28 Nov - 05 Dec 2019
The Digital Shadows Intelligence Team discusses the risks of information exposure by Internet users, challenging contemporary thinking about standard security practices.
Weekly Intelligence Summary 21 Nov - 28 Nov 2019
In the spotlight this week is a technique that enables the bypass of security products to initiate ransomware infections.
Weekly Intelligence Summary 14 Nov - 21 Nov 2019
Digital Shadows reviewed nation-state–linked advanced persistent threat (APT) activity in 2019, and highlighted several trends. Some are likely to continue into 2020, and will be supplemented by ...
Weekly Intelligence Summary 07 Nov - 14 Nov 2019
Multiple reports of successful ransomware attacks have highlighted the risk to organizations of all sizes but, despite the media attention, other extortion tactics are being overlooked.
Weekly Intelligence Summary 31 Oct - 07 Nov 2019
A string of data breach incidents affecting perceptively smaller organizations this week has outlined the need for all companies, regardless of size, to take a proactive security stance in preference
Weekly Intelligence Summary 24 Oct - 31 Oct 2019
In the spotlight this week: A card skimming operation targeted the online retailer First Aid Beauty and evaded notice for months.
Weekly Intelligence Summary 17 Oct - 24 Oct 2019
In the spotlight this week: Russia-linked threat group “Turla” was reported to be using cyber-attack tools associated with Iran-linked threat group “APT34”, in conjunction with Turla’s own tools.
Weekly Intelligence Summary 10 Oct - 17 Oct 2019
In the spotlight this week is the “Simjacker” exploit, publicly disclosed in September 2019 and now potentially affecting entities across 29 countries.
Weekly Intelligence Summary 03 Oct - 10 Oct 2019
In the spotlight this week is the Iran-linked threat group “APT35”, which took aim at the email accounts of political entities in the United States and prominent Iranians living outside Iran.
Weekly Intelligence Summary 26 Sep - 03 Oct 2019
In the spotlight this week is a variety of new attack methods demonstrated by “Magecart Five”. The threat group is probably testing them out, and will highly likely implement the most successful metho
Weekly Intelligence Summary 19 Sep - 26 Sep 2019
In the spotlight this week is a newly identified threat group named Tortoiseshell, which has reportedly conducted supply-chain cyber attack campaigns against 11 IT providers in Saudi Arabia.
Weekly Intelligence Summary 12 Sep - 19 Sep 2019
The Iran-linked cyber-threat group “Cobalt Dickens” targeted 60-plus universities worldwide with a phishing campaign designed to capture credentials. Higher-education institutions have been popular...
Weekly Intelligence Summary 05 Sep - 12 Sep 2019
In the spotlight this week: Following reports that “APT3” used Equation Group tools prior to their public leak by the “Shadow Brokers” in 2016, cyber security researchers have provided additional ...
Weekly Intelligence Summary 29 Aug - 05 Sep 2019
In the spotlight this week: A surge in financially motivated cyber-attack campaigns has been attributed to “Silence”, which is a probably Russian cybercriminal group.
Weekly Intelligence Summary 22 Aug - 29 Aug 2019
Weekly highlights: A new campaign by the “Gamaredon” group may have targeted Ukrainian government bodies, a new ransomware variant dubbed Nemty was likely distributed through compromised remote desk
Weekly Intelligence Summary 15 Aug - 22 Aug 2019
Weekly highlights include: An additional 30 organizations were reportedly compromised alongside Capital One in the July 2019 breach; the “Danabot” banking trojan has been targeting financial, retail,
Weekly Intelligence Summary 08 Aug - 15 Aug 2019
In the spotlight this week are details of ongoing sextortion campaigns which consistently use unsophisticated tactics and techniques to target users indiscriminately.
Weekly Intelligence Summary 01 Aug - 08 Aug 2019
Weekly highlights focus on: the Russia-associated “APT28” threat group targeting Internet of Things (IOT) devices to access corporate networks, ten new information-stealing trojans targeting financial
Weekly Intelligence Summary 25 Jul - 01 Aug 2019