ShadowTalk: Powered by ReliaQuest

What Claude Mythos Means for Organizations

Wed, 15 Apr 2026 12:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts John and Alex, alongside special guest and ReliaQuest CTO Joe Partlow, as they discuss:

How Claude Mythos autonomously generated exploits
Why AI is accelerating CVE volume
Defense strategies organizations need now

Joe Partlow: CTO of ReliaQuest, a leading Information Security provider and is currently involved with new product initiatives along with research and development efforts. Joe has been involved the Information Security field for over 30 years, in both the defensive side and offensive capabilities. Current projects include data ingestion/analytics at scale, DFIR automation and generative AI. He is also a regular speaker and contributor at security conferences, groups and associations. Joe has a degree in Computer Information Systems and holds many industry-specific certifications

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Alexandra Moore: Manager of Threat Intelligence at ReliaQuest, where she leads intelligence analysis and customer dissemination to help organizations understand and respond to emerging cyber threats. Prior to this, she established and scaled monitoring across Russian-language cybercriminal platforms at Digital Shadows, building collection and analytical coverage to support digital risk protection capabilities.

Axios and Trivy — Supply Chain Gaps Organizations Must Fix

Wed, 08 Apr 2026 16:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts John and Tehman as they break down two of the most consequential supply chain attacks of 2026:

How DPRK actors socially engineered a NPM maintainer
Why hijacked GitHub versions are a CI/CD wake-up call
The three gaps every security team needs to close

Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.

Faster, Smarter, and Already Escalated — What It Takes to Defend Against the Modern Threat Landscape

Wed, 01 Apr 2026 13:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Alexandra and John, live from Exponent 2026, alongside top security leaders as they discuss:

How organizations keep pace with attackers
Why one in four incidents starts with social engineering
How automated response is helping organizations

Chris Thompson: CISO of Caris Life Sciences, a leading, next-generation AI TechBio company and precision medicine pioneer. Chris is a retired Federal Agent having most recently led the North Texas Cyber Task Force for the FBI and was an operator on the FBI Cyber Action Team.

Michael Andreano: Sr. Director of Information Security at Hikma Pharmaceuticals, leading their global information security team. He has over 30 years experience in the healthcare and hospitality industries with roles of increasing responsibility at Merck, Wyndham Hotels, Olympus, Syneos Health, and now Hikma the past four years. He also is part of the Evanta C-Suite Information Security Community where he serves as a Governing Body member and active in his local Cloud Security Alliance chapter in Lehigh Valley, Pennsylvania.

The Invisible Attack Surface: Iran-Aligned Threat Actors and Corporate Blind Spots

Wed, 25 Mar 2026 15:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Brandon and John as they discuss:

How Handala wiped 200,000 devices by weaponizing a trusted platform
Why your organization doesn't need to be a direct target to be at risk
How AI-enhanced malware is helping attackers get faster

Brandon Tirado: Brandon Tirado is the Director of GreyMatter Operations for ReliaQuest. Brandon is a skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.

The 2026 Annual Threat Report Breakdown, Part 3: The Long Game — Nation-State Threats & What's Coming in 2026

Wed, 18 Mar 2026 15:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts John and Alex as they discuss:

How a Chinese APT maintained access for over a year
Why North Korean impersonation surged 116%
Why attackers exploit the same foundational gaps

Alexander Capraro: Alexander Capraro is a Cyber Threat Intelligence Analyst at ReliaQuest with over five years of experience in cybersecurity. With his prior experience as a Security Analyst, he specializes in incident response, malware campaign tracking, and OSINT investigations.

The 2026 Annual Threat Report Breakdown, Part 2 — Once They're In: Post-Compromise Tactics, Ransomware & Exfiltration

Wed, 11 Mar 2026 16:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Tehman and John as they discuss:

Why ransomware now prioritizes exfiltration over encryption
How attackers can exfiltrate your data in just 6 minutes
Why proactive darkweb monitoring is critical

The 2026 Annual Threat Report Breakdown, Part 1 — How AI Contributes to Attacker Speed, and the Malware That's Winning

Wed, 04 Mar 2026 14:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Brandon and John as they discuss:

How attacker breakout times dropped to as little as 4 minutes
Why ClickFix surged 200%
Why behavioral detection is critical

Brandon Tirado: Director of Threat Research for ReliaQuest. A skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.

Malware Isn't Required—How Ransomware Groups Turn Legitimate RMMs Into a Weapon

Wed, 25 Feb 2026 11:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts John and Tehman as they discuss:

What attackers prefer over custom malware
How signature-based detection fails
Proactive governance vs. reactive triage

Ransomware vs. Exfiltration-Only—The Extortion Model Showdown

Wed, 18 Feb 2026 18:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Brandon and John as they discuss:

Why extortion payment rates are the lowest ever
Organizations paying ransomware but refusing data extortion demands
Why defenders need both visibility and speed

Patch Management Is Losing—The Case for Predictive Vulnerability Defense

Wed, 11 Feb 2026 14:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Brandon and John as they discuss:

Why traditional patch cycles can't beat attackers exploiting vulnerabilities in 24 hours
The shift from reactive patching to predictive intelligence using EPSS and CISA KEV
How to defend against zero-days when patching isn't an option

Beyond Phishing Emails—Social Engineering Drives Initial Access

Wed, 04 Feb 2026 16:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts John and Tehman as they discuss:

Why phishing emails are no longer the top malware delivery method
Emerging social engineering tactics: vishing, copy and paste abuse, and software impersonation
How campaigns have evolved from Black Basta to ShinyHunters

Malicious AI—The New Face of Cyber Threats

Wed, 28 Jan 2026 16:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

John and Tehman as they discuss:

How AI is enabling large-scale, high-speed attacks
Nation-states weaponizing AI for attack automation
The rise of sophisticated AI-generated malware

Maintainer Compromise: The Next Supply-Chain Attack Vector in 2026

Wed, 21 Jan 2026 13:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Brandon and John as they discuss:

How supply-chain attacks evolved
Campaigns targeting NPM package maintainers
Actionable defense strategies

Kicking Off 2026 with Ransomware Insights and Defense Strategies

Wed, 14 Jan 2026 18:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Brandon and Tehman as they discuss:

The resurgence of LockBit 5.0 and its December 2025 surge in named organizations
How top ransomware groups like Qilin, Akira, and Clop dominated in 2025.
Actionable defense strategies for organizations to proactively combat ransomware in 2026

Brandon Tirado: Director of Threat Research for ReliaQuest. Brandon is a skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.

React2Shell Attacks Evolve, ClickFix Attacks, and Holiday Season Threats

Wed, 17 Dec 2025 14:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host John and intelligence analyst Ivan as they discuss:

React2Shell Exploits Flood the Internet as Attacks Continue (1:06)
ClickFix Style Attack Leveraging Grok and ChatGPT for Malware Delivery (7:39)
New ConsentFix Attack Hijacking Microsoft Accounts via Azure CLI (13:50)
Holiday Season Attack Risks: Phishing, Ransomware, and Defense Recommendations (18:22)

Ivan Righi: Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. Since joining ReliaQuest in June 2019, Ivan has focused on data breach investigations, automations, threat actor profiling, and reverse engineering threat campaigns. He holds a Master of Science degree in Cybersecurity and a GIAC Reverse Engineering Malware (GREM) certification, bringing technical expertise and actionable insights.

React2Shell Exploits, CISA’s Brickstorm Warning, ShadyPanda’s Browser Weaponization

Wed, 10 Dec 2025 12:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host John along with systems security engineer Corey and intelligence analyst Hayden as they discuss:

Chinese Threat Groups Exploiting the React2Shell Vulnerability (1:18)
CISA Issues Alert on Persistent Brickstorm Backdoor Attacks (9:05)
ShadyPanda Hackers Turn Millions of Browsers into Weapons (13:36)
Storm-0249’s Shift to Targeted EDR Exploitation (20:09)

Corey Carter: Systems Security Engineer at ReliaQuest. A Florida native and former infantryman in the United States Marines, Corey holds a bachelor's degree in computer science with a specialization in information assurance. His experience as a detection researcher, security analyst, and threat hunter at ReliaQuest, combined with his military background, equips him with a unique perspective on cybersecurity challenges.

Hayden Evans: Cyber Threat Intelligence Analyst at ReliaQuest. He has experience in the F3EAD lifecycle and analyzing adversaries' TTPs to operationalize this information. He is also experienced with intrusion response, OSINT investigations, and offensive security.

Scattered Lapsus$ Hunters, SilverFox's ValleyRat Campaign, and More

Wed, 03 Dec 2025 16:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host John and intelligence analysts Alex and Hayden as they discuss:

Scattered Lapsus$ Hunters Targeting Zendesk (1:14)
Microsoft Teams Guest Access Phishing Bypass (3:37)
Dark AI Tools Enhancing Threat Actors (6:08)
Silver Fox’s Campaign: Chinese APT Spotlight (10:05)

Alexander Capraro: Cyber Threat Intelligence Analyst at ReliaQuest with over five years of experience in cybersecurity. With his prior experience as a Security Analyst, he specializes in incident response, malware campaign tracking, and OSINT investigations.

Are Cyber Predictions Worth It? Plus Chinese AI Attacks, IoT Takeovers

Wed, 26 Nov 2025 12:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Do you really need predictions to tackle cyber threats? Join host Kim along with intelligence analyst John & special guest CISO Rafal Baran as they discuss:

New NPM Supply Chain Threat (1:13)
China Manipulates AI for Initial Access (4:46)
Cloud Gaps Bring IoT Takeover (7:29)
2026 Cyber-Threat Predictions (10:57)

Rafal Baran: IT security leader and CISO in the global reinsurance space. He focuses on building practical security and privacy programs across multiple jurisdictions, with an emphasis on cloud security and incident readiness. He advises senior leadership on emerging risks and resilience and holds boardroom certification as a Qualified Technology Expert, along with multiple credentials spanning cybersecurity, privacy, and the re/insurance domains. Outside his role, he mentors upcoming security professionals and contributes to the broader cyber community.

Fortinet Flaw Exposed and Exploited! Plus, Threat Hunter Hacks: SEO Hits Hard

Wed, 19 Nov 2025 16:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim, intelligence analyst John, and threat hunter Tristan as they discuss:

Fortinet Flaw Enables Admin Takeover
Akira Ransomware Targets Nutanix VMs
Smart Redirects Evade Phishing Detection
Threat Hunter Hacks: SEO Hits Hard

Listen on @Listennotes: https://lnns.co/mgbyVjXv7p6

Tristan Luikey: Threat Hunter at ReliaQuest, specializing in responding to and mitigating active breaches to safeguard customers' networks. In addition to breach response, Tristan conducts comprehensive research into emerging threats and attack techniques, enabling proactive threat hunting to strengthen organizational security.

Gootloader's Return, LANDFALL Android Spyware, Sector-by-Sector Cyber Trends

Wed, 12 Nov 2025 12:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Wondering why Gootloader is suddenly back in action? Join host Kim along with intelligence analyst Hayden & Systems Security Engineer Corey as they discuss:

Gootloader Returns Using SEO Poisoning (1:27)
New Android Spyware LANDFALL (6:33)
Curly COMrades Hide in Windows Using Linux VMs (10:57)
Sector-by-Sector Cyber Trends Q3 2025 (15:20)

Corey Carter: Detection Researcher at ReliaQuest. A Florida native and former infantryman in the United States Marines, Corey holds a bachelor's degree in computer science with a specialization in information assurance. His experience as a Security Analyst and Threat Hunter at ReliaQuest, combined with his military background, equips him with a unique perspective on cybersecurity challenges.

Why Cloud Threats Are Escalating: Identity Risks, Automation Flaws, and Legacy Vulnerabilities, Plus the Latest on Chinese APT Campaigns and NPM Package Abuse

Wed, 05 Nov 2025 12:00:00 -0500

Resources: https://linktr.ee/ReliaQuestShadowTalk

Did you know 99% of cloud identities are over-privileged, creating the perfect storm for attackers to seamlessly infiltrate your environment? Join host Kim along with intelligence analysts John & Alex as they discuss:

Chinese Nation-State Campaigns and Geopolitics (1:12)
Malicious NPM Packages (7:20)
TruffleNet Attacks on AWS (10:53)
The Danger of Over-Privileged Cloud Identities (15:36)

Why Cyber Threats Surge 20% During M&A, Plus the Latest on Qilin and Lazarus Group Campaigns

Wed, 29 Oct 2025 13:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Picture this: You close a $50M acquisition on Friday and by Monday, attackers are in your network. Sound far-fetched? It's not. Join host Kim along with intelligence analyst John & Threat Hunter Leo as they discuss:

Attackers Exploit WSUS Flaw (1:15)
Qilin Deploys Cross-Platform Attacks (4:21)
Lazarus Group Reignites Operation DreamJob (9:05)
Threat Hunter Hacks: Active Cyber Threats in M&A (15:19)

Leo Dawson: Leo Dawson is a Threat Hunter on the ReliaQuest Threat Research Team. With a deep background in Experimental Physics and Artificial Intelligence, Leo brings a unique interdisciplinary perspective to cybersecurity. He is driven by a passion for leveraging these skills to proactively track, analyze, and understand threat actor campaigns while gaining deeper insights into their evolving tactics and behaviors.

Automate to Defend: A Former FBI Agent's Ransomware Guide for CISOs

Wed, 22 Oct 2025 13:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Wondering what makes ransomware operations successful? Join host Kim along with intelligence analyst John & former FBI Special Agent Keith Mularski as they discuss:

Year-Long F5 Breach (2:42)
North Korean Attacker Adopts EtherHiding (7:53)
Phishing Attacks Target LastPass (12:11)
Fighting Ransomware Automation: A CISO's Guide (17:19)

Keith Mularski is the Chief Global Ambassador at Qintel, where he leads global engagement and represents the company’s intelligence mission across governments, industry, and cybersecurity communities worldwide. Before joining Qintel, Keith led the Cyber Threat Management group at Ernst & Young, advising Fortune 100 companies on proactive defense and intelligence strategies. He also served more than 20 years as an FBI Special Agent, leading groundbreaking cybercrime investigations and pioneering collaboration between law enforcement and the private sector. His undercover work has been featured in the books Kingpin and DarkMarket. Keith is also co-host of the podcast Only Malware in the Building, where he explores the stories behind cybercrime and threat intelligence.

Is Your Software a Secret Backdoor? Flax Typhoon's Latest Campaign Unwrapped

Wed, 15 Oct 2025 13:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

How long could Flax Typhoon nestle silently in your networks? Join host Kim along with intelligence analysts John & Joey as they discuss:

Velociraptor Abused in Ransomware Attacks (1:13)
New Oracle E-business Suite Flaw (5:19)
GitHub CamoLeak AI Attack (7:46)
Year-Long Flax Typhoon ArcGIS Campaign (11:23)

Joseph Keyes: Cyber Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. With his prior role as a Cyber Security Analyst, he has gained years of experience in triaging and responding to active threats using GreyMatter's various tools. Joseph is skilled in intrusion response, threat actor profiling, OSINT across the clear and dark web, and analyzing adversarial TTPs.

Cl0p's Latest Heist: Exploiting Oracle's Critical Vulnerability

Wed, 08 Oct 2025 13:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with Intelligence Analyst John and Threat Detection Engineer Marken as they discuss:

Clop's Exploitation of Oracle E-Business Suite (1:09)
Scattered Lapsus$ Hunters Return With Salesforce Leaks (5:27)
Shutdown Threatens US Intel Sharing and Cyber Defense (10:02)
Ransomware and Cyber Extortion in Q3 2025 (15:02)

Marken Teder: Threat Detection Engineer at ReliaQuest, with a total of 7 years at the company. A native Estonian, he has previously worked as an Incident Response Analyst, Content Developer, and Security Architect. Marken's extensive experience in detection and response brings a robust technical perspective to discussions.

Should Governments Hoard Zero Days? Analyzing Brickstorm Malware and Storm-1849

Wed, 01 Oct 2025 13:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Joey along with intelligence analysts Alex and Hayden as they discuss:

Brickstorm Backdoor in U.S. Legal and Tech Sectors (1:17)
Storm-1849 Targeting Cisco ASA Devices (4:38)
Medusa Attempts to Pay Reporter for Initial Access (7:00)
Debate Over Government Zero-Day Stockpiling (14:41)

Attacker Breakout Time Hits 18 Minutes, New Shai-hulud NPM Worm

Wed, 24 Sep 2025 13:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with intelligence analysts John and Joey as they discuss:

Summer 2025 Attacker Trends (13:41)
Self-Replicating 'Shai-hulud' Worm Targeting NPM Packages (1:05)
Fortra Critical Patch for GoAnywhere MFT Vulnerability (3:49)
Phishing Round Up: File Fix Campaign and Microsoft's RaccoonO365 Takedown (7:12)

Welcome to ShadowTalk

Tue, 16 Sep 2025 09:00:00 -0400

Host, Kim, alongside ReliaQuest's Threat Research experts, cut through the noise to bring you the cyber insights that matter most.

Get news, research and actionable strategies from industry leaders, to help you stay ahead of attackers.

New episodes every Wednesday at 1pm EST.

Do You Need AI to Fight AI? Plus Supply-Chain Attacks and Russia's Latest Backdoor

Wed, 10 Sep 2025 12:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Thinking about whether you need more AI in SecOps? Join host Kim along with intelligence analyst Joey & systems security engineer Corey as they discuss:

SAP S/4HANA Flaw Exploitation (2:09)
AI-Powered Malware Exposes GitHub (4:24)
APT28 Outlook Backdoor hits NATO (8:21)
ReliaQuest Experts Answer Your Questions (11:55)

Salesforce Attack Fallout, Axios Abuse, and Cloud Ransomware

Wed, 03 Sep 2025 11:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Need the latest information on Salesloft Drift? Join host Kim along with intelligence analyst John & detection engineer Marken as they discuss:

Salesloft Drift Tokens Result in Salesforce Data Theft (1:31)
Storm-0501 Shifts Ransomware Attacks to Cloud (6:36)
APT29 Microsoft 365 Campaign Disrupted (11:26)
Axios, Direct Send Abuse Redefine Phishing (14:19)

New Silk Typhoon Attacks, the Cybercriminal Recruitment Underworld, and More!

Wed, 27 Aug 2025 12:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Curious about the skills needed for modern cyber attacks? Join host Kim along with intelligence analysts John & Hayden as they discuss:

Apple Patches Exploited Zero-Day (1:40)
Hackers Abuse Linux Files to Drop Malware (3:50)
Silk Typhoon Attacks Cloud Supply Chains (7:21)
ReliaQuest Uncovers Cybercriminals' Most Sought After Skills (11:02)

Warlock Ransomware Hits Telecoms, LLM Data Theft, and ShinyHunters Updates

Wed, 20 Aug 2025 12:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Intrigued by Warlock ransomware's Chinese connection? Join host Kim along with intelligence analysts Joey & John as they discuss:

\Warlock Ransomware Attacks Against Telecoms (3:12)
New FortiSIEM Flaw Exploited in the Wild (5:19)
Man-in-the-Prompt Attack Steals Data from LLMs (8:04)
How ReliaQuest Tracks Ransomware Groups and Evolving Cyber Threats (12:36)

ShinyHunters, Scattered Spider, and Salesforce? Plus, Kimsuky Data Breach!

Wed, 13 Aug 2025 12:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Want to know if ShinyHunters and Scattered Spider are really working together? Join host Kim along with detection engineer Marken as they discuss:

WinRAR Zero-Day Exploited in RomCom Attacks (1:44)
New EDR Killer Popular with Ransomware Groups (4:30)
Data Breach Reveal Kimsuky Inner Workings (11:31)
ReliaQuest Uncovers Potential ShinyHunters x Scattered Spider Collaboration (15:00)

Akira’s Zero-Day Chaos + The Rise of DRP Threats

Wed, 06 Aug 2025 13:00:00 -0400

Akira ransomware group is exploiting potential zero-day vulnerabilities, and digital risk protection (DRP) threats are rapidly evolving. Join host Joey, along with intelligence analysts John and Hayden, as they dive into:

Akira Ransomware Exploiting a Potential Zero Day
Plague Backdoor Emerges as Silent Intruder
Evolving Tactics of North Korean Attacker
DRP Threats Surge Amid Organizational Growth

Resources: https://linktr.ee/ReliaQuestShadowTalk

Joseph Keyes: Joseph Keyes is a Cyber Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. With his prior role as a Cyber Security Analyst, he has gained years of experience in triaging and responding to active threats using GreyMatter's various tools. Joseph is skilled in intrusion response, threat actor profiling, OSINT across the clear and dark web, and analyzing adversarial TTPs.

John Dilgen: John Dilgen is a Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Hayden Evans: Hayden Evans is a Cyber Threat Intelligence Analyst at ReliaQuest. He has experience in the F3EAD lifecycle and analyzing adversaries' TTPs to operationalize this information. He is also experienced with intrusion response, OSINT investigations, and offensive security.

Full CrushFTP Attack Chain, Plus BreachForums is Back!

Wed, 30 Jul 2025 13:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Curious how the latest CrushFTP exploit works? Join host Kim along with intelligence analyst Hayden and threat hunter Leo as they discuss:

BreachForums Back, XSS Out (1:28)
Warlock Ransomware Hits SharePoint (5:28)
Fire Ant Stings ESXi (9:39)
ReliaQuest Uncovers CrushFTP Attack Chain (13:35

Leo Dawson: Threat Hunter on the ReliaQuest Threat Research Team. With a deep background in Experimental Physics and Artificial Intelligence, Leo brings a unique interdisciplinary perspective to cybersecurity. He is driven by a passion for leveraging these skills to proactively track, analyze, and understand threat actor campaigns while gaining deeper insights into their evolving tactics and behaviors.

New SharePoint Flaw, How Cybercriminals Use AI

Wed, 23 Jul 2025 11:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Curious about how cybercriminals use AI? Join host Kim along with detection engineer Marken and intelligence analyst Alex as they discuss:

New SharePoint Vulnerability (1:34)
LameHug AI-Powered Malware (5:55)
UK Bans Ransomware Payments (9:44)
AI Tactics Behind the Latest Cyber Threats (14:11)

Do You Really Need IOCs? Plus Zero-Day Exploits, AI Data Leaks, and Phishing for VIPs

Wed, 16 Jul 2025 13:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Ever wondered if IOCs are still relevant in a world of polymorphic malware and zero-day exploits? Join host Kim along with intelligence analyst Joey and threat hunter Tristan as they discuss:

North American APT Targets China (1:25)
Chatbot Exposes Thousands of Job Applications (4:57)
New Phishing Campaign Targets VIPs (7:17)
How IOCs are Used in Modern Threat Hunting (10:07)

Kim Bromley: Kim Bromley is a Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024. Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights for ShadowTalk.

Tristan Luikey: Tristan Luikey is a Threat Hunter at ReliaQuest, specializing in responding to and mitigating active breaches to safeguard customers' networks. In addition to breach response, Tristan conducts comprehensive research into emerging threats and attack techniques, enabling proactive threat hunting to strengthen organizational security.

SafePay Ransomware Rises, North Korea Adopts ClickFix

Wed, 09 Jul 2025 12:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Have you heard of SafePay ransomware? Join host Kim along with intelligence analysts Hayden and John as they discuss:

SafePay Targets Ingram Micro (1:16)
Updates on Iran-Israel (5:43)
North Korea Adopts ClickFix & Attacks Web3 (8:24)
Insights from ReliaQuest Customer Incidents (13:14)

Citrix Bleed 2, Scattered Spider Hits Aviation

Wed, 02 Jul 2025 11:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with intelligence analysts Ivan and John as they discuss:

Citrix Bleed 2
Scattered Spider Hits Aviation
From ClickFix to FileFix
Ransomware Threats from Q2

Analyzing Iran-Israel Cyber Threats, New Scattered Spider Attack Chain

Wed, 25 Jun 2025 14:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with Intelligence Analyst Hayden and Threat Hunter Leo as they discuss:

New Scattered Spider Attack Chain
Israel and Iran Cyber Threat Deep Dive
Top Iran-linked Threat Groups & How to Mitigate

Israel-Iran Cyber Warfare, Anubis Ransomware, and More Attacker Trends

Wed, 18 Jun 2025 15:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with intelligence analyst Joey and detection engineer Marken as they discuss:

Anubis Ransomware Wiper Capability
Teamfiltration Pentesting Tool
Cyber Implications of Israel-Iran Conflict
The Most Up to Date Attacker Trends

Black Basta's Enduring Legacy, Qilin Exploits Fortinet Flaws

Wed, 11 Jun 2025 12:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with intelligence analysts Alex and John as they discuss:

The Enduring Legacy of Black Basta
Qilin's Exploitation of Fortinet Flaws
Vishing for Salesforce Data
Atomic Stealer x ClickFix Campaign

Scattered Spider's Evolving Playbook, SentinelOne Outage

Wed, 04 Jun 2025 12:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with intelligence analysts Joey and Alex as they discuss:

Scattered Spider's Focus on Tech Vendors
How APT41 Abuses Google Calendar for C2
The SentinelOne Outage
A New Void Blizzard Espionage Campaign

SPECIAL: How Russian Market Fuels Credential-Based Attacks

Wed, 28 May 2025 14:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with intelligence analysts Joey and Alex as they discuss:

Factors Driving Russian Market's Popularity
Attackers' Favorite Infostealers
Infostealer Attack Paths
Main Types and Exclusivity of Stolen Logs

The Threat Evolution: SAP Exploits, SEO Poisoning, and SkitNet Malware

Wed, 21 May 2025 12:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Joey along with intelligence analysts John and Hayden as they discuss:

ReliaQuest's investigation into hijacked routers and SEO poisoning fueling payroll heists
Nation-state actors leveraging the SAP NetWeaver vulnerability en masse
A new "Defendnot" tool that tricks Windows Defender into disabling itself
Ransomware groups using a stealthy post-exploitation malware

Will US Politics Reshape Russian Cyber Threats?

Wed, 14 May 2025 12:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with intelligence analysts Joey and Hayden as they discuss:

ReliaQuest's Forecast for How US Policy will Impact Russia-linked Cyber Threats
Infostealers Spread by Fake AI Video Generators
Kickidler Abuse by Ransomware Groups
FBI Takedown of Huge Botnet

Scattered Spider Strikes Again, Hunt for North Korean Insiders Heats Up

Wed, 07 May 2025 14:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with intelligence analyst John and threat hunter Tristan as they discuss:

Scattered Spider Attacks UK Retail Orgs
Bring Your Own Installer SentinelOne Bypass
Hunting for North Korean Insiders

Tristan Luikey: Threat Hunter at ReliaQuest, specializing in responding to and mitigating active breaches to safeguard customers' networks. In addition to breach response, Tristan conducts comprehensive research into emerging threats and attack techniques, enabling proactive threat hunting to strengthen organizational security.

Demystifying CVE-2025-31324, The New Critical SAP NetWeaver Flaw

Wed, 30 Apr 2025 12:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with detection engineer Marken and intelligence analyst Alex as they discuss:

ReliaQuest's Discovery of Critical SAP NetWeaver Vulnerability
AI Upgrade for Darcula Phishing Kit
DragonForce's New Cartel Business Model
Maximum Severity Commvault flaw

BreachForums Down: Hacktivist Attack or FBI Crackdown?

Wed, 23 Apr 2025 12:00:00 -0400

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with intelligence analysts Joey and John as they discuss:

BreachForums Down: Dark Storm Team Takes Credit
A Potential New Vulnerability in SAP NetWeaver
Exploit User Targets Salesforce Data
ReliaQuest Research: Understanding Chinese Espionage Strategies

Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024. Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.

Joseph Keyes: Joseph Keyes is a Cyber Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. With his prior role as a Cyber Security Analyst, he has gained years of experience in triaging and responding to active threats using GreyMatter's various tools. Joseph is skilled in intrusion response, threat actor profiling, OSINT across the clear and dark web, and analyzing adversarial TTPs.

Hijacked and Hidden: ReliaQuest Identifies New Backdoor and Persistence Technique

Wed, 16 Apr 2025 13:00:00 -0400

Resources: https://linktr.ee/RQShadowTalk

Join host Kim along with intelligence analysts Ivan and Hayden as they discuss:

How ReliaQuest Identified a New Backdoor and Persistence Technique
Our Latest Ransomware Quarterly Report
How Attackers Maintained Access to Patched FortiGate VPNs
What Oracle Said Next About That Breach

Ivan Righi: Senior Cyber Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. His areas of expertise include the development of cyber intelligence tools, data breach investigations, threat actor profiling, and reverse engineering of threat campaigns. Before joining ReliaQuest, Ivan was a member of the Digital Shadows Photon Research Team, where he investigated, researched, and responded to cyber threats across the clear, deep, and dark web.

Fast Flux DNS Challenges, Evolving Adversary Tactics, and Proactive Defense Strategies

Wed, 09 Apr 2025 13:00:00 -0400

Resources: https://linktr.ee/RQShadowTalk

Join host Kim along with intelligence analyst Joey and threat hunter Leo as they discuss:

Ivanti Patches Exploited Vulnerability
Fast Flux DNS Evasion Warning
Ransomware Scene Shifts
ReliaQuest's Approach to Threat Hunting

From Oracle to AI: Everything You Need to Know About Emerging Cyber Threats

Thu, 03 Apr 2025 11:00:00 -0400

Resources: https://linktr.ee/RQShadowTalk

Join host Kim along with intelligence analyst Hayden and threat detection engineer Marken as they discuss:

Oracle Data Breach Latest Updates
BlackLock Ransomware Exposed
Active Exploitation of ChatGPT Flaw
Up to the Minute Attacker Techniques

Guest Episode: Navigating Cyber Storms with Expert Insights on Incident Response

Wed, 26 Mar 2025 12:00:00 -0400

Resources: https://linktr.ee/RQShadowTalk

Join host Kim along with intelligence analyst Joey and special guest Rachel Ratcliff as they discuss:

The latest Insights on the Alleged Oracle Data Breach
A Critical Vulnerability in Next.js Middleware
The Importance of Incident Response when Tackling Today's Cyber Threats

Rachel Ratcliff: Engagement Management Leader for Aon Cyber Solutions and Stroz Friedberg Digital Forensics and Incident Response where she sits on the Executive Committee and oversees global commercial strategy for the firm’s reactive services practice. She and her team of professionals are responsible for managing complex digital forensic investigations, responding to data breach incidents, and overseeing testing and assessment in a host of cases involving cybercrime, theft of intellectual property, deletion of digital data, e-forgery, cyber-harassment, and online fraud and abuse. Rachel brings over 15 years of experience in incident response, and prior to joining Aon/Stroz Friedberg, she was a practicing lawyer in Dallas, Texas. Rachel is a frequent speaker, guest lecturer, and advisor to boards and C-suite executives on cybersecurity matters.

When Old Meets New: The Rise of VPN Exploits and Brute-Force Tools

Wed, 19 Mar 2025 13:00:00 -0400

Resources: https://linktr.ee/RQShadowTalk

Join host Kim along with intelligence analysts Ivan and John as they discuss:

ReliaQuest's Research: Devastating Paths to VPN Exploitation
SuperBlack Ransomware Exploits Fortinet Flaws
BRUTED Framework Automates Black Basta Attacks
ClickFix Campaign Hooks Hospitality Sector

Webcam Warfare, Supply Chains Under Siege, Insider Threats, and More!

Wed, 12 Mar 2025 12:00:00 -0400

Resources: https://linktr.ee/RQShadowTalk

Join host Kim, and intelligence analysts Joey and Anna as they discuss:

ReliaQuest's Research: Cyber Threats to Hospitality and Recreation
Silk Typhoon Expands to Supply-Chain Attacks
Insider's Kill Switch Cripples Ex-Employer
Akira Ransomware Uses Webcam to Compromise Network

Anna Jones: Cyber Threat Intelligence Analyst at ReliaQuest, based in our London office. She joined in June 2023 and specializes in OSINT investigations, with 5 years of experience in threat intelligence. Anna's expertise in sourcing and analyzing covert threat data provides unique insights into cybercriminal activities.

Hooked and Hacked: Phishing Frenzy, Ransomware Recap, Zero-Day Fallout

Wed, 05 Mar 2025 11:00:00 -0500

Resources: https://linktr.ee/RQShadowTalk

Join host Kim and Detection Researcher Marken Teder as they discuss:

ReliaQuest's Research: Blink and They're In
The Latest Ransomware Developments
244 Million Passwords Added to 'Have I Been Pwned'
VMware Zero-Days Actively Exploited

Marken Teder: Detection Researcher at ReliaQuest, with a total of 6 years at the company. A native Estonian, he has previously worked as an Incident Response Analyst, Content Developer, and Security Architect. Marken's extensive experience in detection and response brings a robust technical perspective to discussions.

SPECIAL: 'From Data to Defense' - Insights from ReliaQuest's Annual Cyber-Threat Report

Wed, 26 Feb 2025 12:00:00 -0500

Resources: https://linktr.ee/RQShadowTalk

Join host Kim and cyber threat intelligence analysts Joey Keyes and Hayden Evans as they discuss insights from ReliaQuest's 2025 Annual Cyber-Threat Report:

The Top Successful Initial Access Techniques
How Attackers Achieve Breakout in 48 Minutes
Key Recommendations to Outpace Attackers

Hayden Evans: Threat Intelligence Analyst at ReliaQuest. He has experience in the F3EAD lifecycle and analyzing adversaries' TTPs to operationalize this information. He is also experienced with intrusion response, OSINT investigations, and offensive security.

BlackLock Ransomware, 8Base Seized, Storm-2372 Phishing

Wed, 19 Feb 2025 13:00:00 -0500

Resources: https://linktr.ee/RQShadowTalk

Join hosts Chris and Kim as they discuss:

Storm-2372 Device Code Phishing Campaign
China Linked Espionage Tools Used Alongside Ransomware
8Base Leak Site Seized in Law Enforcement Operation
ReliaQuest Research on the Worlds Fastest Rising Ransomware Group: BlackLock

Chris Morgan: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team and has been the host of ShadowTalk since 2021. Chris joined ReliaQuest in August 2020, previously working as a Cyber Threat Intelligence analyst in the telecommunications and financial sectors. Chris also has a background in the British military. With his diverse background, he enhances ShadowTalk with deep insights into various threat landscapes.

Brute Force Campaign, Ransomware Insider Recruiting, Manufacturing Threats

Wed, 12 Feb 2025 12:00:00 -0500

Resources: https://linktr.ee/RQShadowTalk

Join hosts Chris and Kim, and Detection researcher Corey Carter as they discuss:

Large Scale Brute Force Campaign Targeting Edge Devices
Critical Microsoft RCE Vulnerability Exploited
Ransomware Criminals Attempt to Recruit Insiders
ReliaQuest Research: Manufacturing Sector Report

AI Spies, Unused AWS Buckets, New Lazarus Group Infrastructure

Wed, 05 Feb 2025 12:00:00 -0500

Resources: https://linktr.ee/RQShadowTalk

Join hosts Chris and Kim, and Senior Threat Intelligence Analyst Ivan Righi as they discuss:

APT Groups Use AI for Reconnaissance
Unused AWS Buckets Pose Supply-Chain Risk
New Lazarus Group Infrastructure Uncovered
ReliaQuest Research: Attackers Abuse Legitimate Tools

Attackers Accelerating Attacks, Lumma Infostealer, DeepSeek LLM

Wed, 29 Jan 2025 11:00:00 -0500

Resources: https://linktr.ee/RQShadowTalk

Join hosts Chris and Marken, and Threat Intelligence Analyst Anna as they discuss:

ReliaQuest's Research into Attacker Breakout Times
Lumma Infostealer Spreading via Fake Reddit Webpages
Ransomware Persisting with SSH Tunnelling
DeepSeek and the Potential Risks to User Data

Marken Teder: Marken Teder is a Detection Researcher at ReliaQuest, with a total of 6 years at the company. A native Estonian, he has previously worked as an Incident Response Analyst, Content Developer, and Security Architect. Marken's extensive experience in detection and response brings a robust technical perspective.

Anna Jones: Anna is a Cyber Threat Intelligence Analyst at ReliaQuest, based in our London office. She joined in June 2023 and specializes in OSINT investigations, with 5 years of experience in threat intelligence. Anna's expertise in sourcing and analyzing covert threat data provides unique insights into cybercriminal activities for ShadowTalk.

Ransomware Hits New Heights, FortiGate Data Leaked, Sneaky 2FA Phishing Kit

Wed, 22 Jan 2025 13:00:00 -0500

Resources: https://linktr.ee/RQShadowTalk

Join hosts Chris and Kim, and Detection Researcher Corey Carter as they discuss:

ReliaQuest's Q4 Ransomware Report
FortiGate Data Leak
New Sneaky 2FA Phishing Kit
UK Contemplates Ransomware Payment Ban

Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024. Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.

Chris Morgan: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team and has been the host of ShadowTalk since 2021. Chris joined ReliaQuest in August 2020, previously working as a Cyber Threat Intelligence analyst in the telecommunications and financial sectors. Chris also has a background in the British military. With his diverse background, he enhances ShadowTalk with deep insights into various threat landscapes.

Corey Carter: Detection Researcher at ReliaQuest. A Florida native and former infantryman in the United States Marines, Corey holds a bachelor's degree in computer science with a specialization in information assurance. His experience as a Security Analyst and Threat Hunter at ReliaQuest, combined with his military background, equips him with a unique perspective on cybersecurity challenges.

Guest Episode: Ways Threat Intel Can Prioritize Threats, Vulnerability Chaos, Biden Executive Order

Wed, 15 Jan 2025 13:00:00 -0500

Resources: https://linktr.ee/RQShadowTalk

Join hosts Chris and Kim, along with guest speaker Barri Graham, Beazley Threat Intelligence.

Fortinet and Ivanti zero-days under active exploitation
Infostealer spread via fake LDAPNightmare exploit
Biden administration hasten's executive order
The importance of taking a proactive approach within threat intelligence

Barri Graham: Experienced Security professional with over 25 years in the field. His 20+ years of military service saw stints as security practitioner and leader in both UK and Global settings. Following military retirement he took up the mantle of auditor and joined NQA in 2019 as an information security auditor. After 2 years in the role he struck out as consultant for a range of public and private sector clients. In 2023, the opportunity to work with a global FTSE100 company presented itself when he joined Beazley as Head of Cyber Threat Intelligence where he works today.

Espionage Hits US Treasury, OtterCookie Tricks Jobseekers, ReliaQuest Tackles Pure Malware

Wed, 08 Jan 2025 11:00:00 -0500

Resources: https://linktr.ee/RQShadowTalk

Join hosts Chris and Kim, and threat hunter Brian as they discuss:

Chinese Espionage Hits US Treasury Department
New OtterCookie Variant Used in North Korea Recruitment Scam
FireScam Infostealer Imitates Telegram to Steal Your Data
ReliaQuest's Response to a Speedy Pure Malware Compromise

Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024. Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.

Chris Morgan: Chris Morgan is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team and has been the host of ShadowTalk since 2021. Chris joined ReliaQuest in August 2020, previously working as a Cyber Threat Intelligence analyst in the telecommunications and financial sectors. Chris also has a background in the British military. With his diverse background, he enhances ShadowTalk with deep insights into various threat landscapes.

Brian Kelly: Brian Kelly is an experienced Threat Hunter and Intrusion Response Operator with a deep understanding of adversary tactics, techniques, procedures (TTPs), and motivations. Beginning his career in IT, Brian swiftly transitioned into cybersecurity, where he actively hunts for threats within organizations and responds to ongoing incidents. His expertise in adversary emulation and TTP exploration empowers him to anticipate and counteract malicious activities. Positioned on the front lines, Brian offers invaluable and actionable insights on the current threat landscape.

Guest Episode: Are Cyber Predictions Worth It? Clop Strikes, BADBOX Crumbles, US Fights Back Against Chinese Espionage

Wed, 18 Dec 2024 13:00:00 -0500

Resources: https://linktr.ee/RQShadowTalk

Join hosts Chris and Kim, and guest Noah Davis, CISO Ingersoll Rand, as they discuss:

2024 look-back, 2025 forecast. We discuss our expectations for the coming year
Clop resurface in new campaign
President-elect Trump administration pivot on tackling Chinese espionage
The future for AI and automation in shaping the security landscape

Noah Davis: Seasoned technologist with over 20 years of experience, excelling in translating complex tech challenges into simple business solutions for Fortune 500 companies. As VP & Chief Information Security Officer at Ingersoll Rand, he leads global cybersecurity efforts. Previously, he held senior roles in IT audit, incident response, and security architecture. Noah champions leadership by prioritizing people, enabling a secure and flexible future, and fostering authenticity and transparency.

Chris Morgan: Chris Morgan is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team and has been the host of ShadowTalk since 2021. Chris joined ReliaQuest in August 2020, previously working as a Cyber Threat Intelligence analyst in the telecommunications and financial sectors. Chris also has a background in the British military. With his diverse background, he enhances ShadowTalk with deep insights into various threat landscapes.

Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024. Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.

Termite Ransomware, QR-Code Browser Bypass, CAPTCHA Hijacking

Wed, 11 Dec 2024 15:00:00 -0500

Resources: https://linktr.ee/RQShadowTalk

Join hosts Chris and Kim, ReliaQuest field CISO Rick Holland, and detection researcher Marken as they discuss:

Termite Ransomware claiming responsibility for Blue Yonder incident
Ransomware impacting Romanian electricity supply
Researchers divulge QR code based browser bypass
ReliaQuest research into malware distribution through CAPTCHA hijacking

Chris Morgan: Chris Morgan is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team and has been the host of ShadowTalk since 2021. Chris joined ReliaQuest in August 2020, previously working as a Cyber Threat Intelligence analyst in the telecommunications and financial sectors. Chris also has a background in the British military. With his diverse background, he brings deep insights into various threat landscapes.

Kim Bromley: Kim Bromley is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024. Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.

Rick Holland: Rick Holland is one of ReliaQuest’s Chief Information Security Officers. A seasoned cybersecurity executive, practitioner, and former Forrester Research industry analyst, Rick is also a U.S. Army intelligence veteran. He regularly speaks at leading security conferences, including SANS, RSAC, and BSides. Rick's extensive expertise and industry insights make him an invaluable contributor.

Marken Teder: Marken Teder is a Detection Researcher at ReliaQuest, with a total of 6 years at the company. A native Estonian, he has previously worked as an Incident Response Analyst, Content Developer, and Security Architect. Marken's extensive experience in detection and response brings a robust technical perspective.

BootKitty Unleashed, Word Corruption Campaigns, M&A Cyber Threats

Wed, 04 Dec 2024 13:00:00 -0500

Resources: https://linktr.ee/RQShadowTalk

Join hosts Chris and Kim, and Threat Hunter Brian Kelly as they discuss:

BootKitty Linux Bootkit
LockBit Arrest in Russia
Novel Phishing Campaign Corrupts Word
Cyber Threats During M&A

Guest Episode: Can Someone Non-Technical Be a CISO? New APT28 & Palo Alto Exploits

Wed, 27 Nov 2024 12:00:00 -0500

Join hosts Chris and Kim, and guest CISO Chris Gunner, as they discuss:

APT28 conduct 'Nearest Neighbor' WiFi Attack
Windows Reissue Controversial Recall Feature
Update on Palo Alto Critical Vulnerability Exploitation
Navigating potential obstacles as a new CISO

Resources: https://linktr.ee/RQShadowTalk

Chris Gunner: Group CISO at a global financial service firm, comprised of federated business units across 20 countries. Chris is responsible for Group-wide cyber strategy as well as advising the business in the Group. Previously held roles as a security leader in law firms, as well as varied roles in consulting. Passionate that cyber security is a business enabler, where it can drive better business decisions, as well as protecting organizations and their customers.

Chris Morgan: Chris Morgan is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team and has been the host of ShadowTalk since 2021. Chris joined ReliaQuest in August 2020, previously working as a Cyber Threat Intelligence analyst in the telecommunications and financial sectors. Chris also has a background in the British military. With his diverse background, he enhances ShadowTalk with deep insights into various threat landscapes.

Kim Bromley: Kim Bromley is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024. Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights for ShadowTalk.

Black Friday Retail Risks, T-Mobile Troubles, AI Deceptions

Wed, 20 Nov 2024 14:00:00 -0500

Join hosts Chris and Kim, Field CISO Rick Holland, and Detection Researcher Corey Carter as they discuss:

Black Friday: Cyber Threats Facing the Retail Sector
T-Mobile Breached Again
Attacks Exploiting PAN-OS Zero-Day
Fake AI Image Generators Deploy Infostealers

Resources:

https://linktr.ee/RQShadowTalk

Chris Morgan: Chris Morgan is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team and has been the host of ShadowTalk since 2021. Chris joined ReliaQuest in August 2020, previously working as a Cyber Threat Intelligence analyst in the telecommunications and financial sectors. Chris also has a background in the British military. With his diverse background, he enhances ShadowTalk with deep insights into various threat landscapes.

Rick Holland: Rick Holland is one of ReliaQuest’s Chief Information Security Officers. A seasoned cybersecurity executive, practitioner, and former Forrester Research industry analyst, Rick is also a U.S. Army intelligence veteran. He regularly speaks at leading security conferences, including SANS, RSAC, and BSides. Rick's extensive expertise and industry insights make him an invaluable contributor on ShadowTalk.

Corey Carter: Corey Carter is a Detection Researcher at ReliaQuest. A Florida native and former infantryman in the United States Marines, Corey holds a bachelor's degree in computer science with a specialization in information assurance. His experience as a Security Analyst and Threat Hunter at ReliaQuest, combined with his military background, equips him with a unique perspective on cybersecurity challenges.

2025 Cyber Threat Predictions, MOVEit Data Breach, Volt Typhoon Rebuilds

Wed, 13 Nov 2024 11:00:00 -0500

Join hosts Chris, Kim and Anna as they discuss:

ReliaQuest's Cyber Threat Predictions for 2025
Huge Data Leak Linked to 2023 MOVEit Flaw
New Ransomware Partners with RustyStealer
Volt Typhoon Rebuilds Dismantled Botnet

Resources:

Chris Morgan: Chris Morgan is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team and has been the host of ShadowTalk since 2021. Chris joined ReliaQuest in August 2020, previously working as a Cyber Threat Intelligence analyst in the telecommunications and financial sectors. Chris also has a background in the British military. With his diverse background, he enhances ShadowTalk with deep insights into various threat landscapes.

Kim Bromley: Kim Bromley is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024. Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights for ShadowTalk.

Anna Jones: Anna is a Cyber Threat Intelligence Analyst at ReliaQuest, based in our London office. She joined in June 2023 and specializes in OSINT investigations, with 5 years of experience in threat intelligence. Anna's expertise in sourcing and analyzing covert threat data provides unique insights into cybercriminal activities for ShadowTalk.

Credential Theft, LastPass Social Engineering, Interlock Ransomware

Wed, 06 Nov 2024 11:00:00 -0500

In this episode of ShadowTalk, hosts Chris and Kim are joined by Senior Threat Intelligence Analyst Ivan Righi, to discuss the latest news in cybersecurity and threat research. Topics this week include:

ReliaQuest research exploring credential theft and misuse
Social engineering campaign targets LastPass users
Patch now: Sharepoint vulnerability exploited in the wild
New Interlock ransomware group targeting FreeBSD OS

Resources:

https://www.reliaquest.com/blog/the-credential-abuse-cycle-theft-trade-and-exploitation/

Guest Episode: Black Basta's TTP Shift, Diversity, Equity, and Inclusion (DEI) In Cyber Security

Wed, 30 Oct 2024 14:00:00 -0400

In this episode of ShadowTalk, hosts Kim and Chris are joined by guest speaker Eric Knopp, to discuss the latest news in cybersecurity and threat research. Topics this week include:

ReliaQuest research identifies Black Basta TTP changes
Amazon seize APT29 domains
Tango down: Redline & Meta Infostealers taken down by Dutch police
The importance of supporting DEI programs in hiring practices

Resources:

Eric Knopp: VP Security Operations for one of ReliaQuest’s customers, a large global financial services company. Eric has been in the IT industry for almost 30 years, with the past 11 in IT Security. He also has a passion for diversity, equity and inclusion, co-leading the DEI Committee in London. He also supports the cyber apprenticeship program in the UK.

Kim Bromley: Kim Bromley is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024. Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights for ShadowTalk.

Chris Morgan: Chris Morgan is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team and has been the host of ShadowTalk since 2021. Chris joined ReliaQuest in August 2020, previously working as a Cyber Threat Intelligence analyst in the telecommunications and financial sectors. Chris also has a background in the British military. With his diverse background, he enhances ShadowTalk with deep insights into various threat landscapes.

Scattered Spider x RansomHub, Anonymous Sudan Unmasked, APT41 Gamble

Wed, 23 Oct 2024 12:00:00 -0400

In this episode of ShadowTalk, host Kim is joined by Director of Threat Research Brandon Tirado and Threat Hunter Brian Kelly, to discuss the latest news in cybersecurity and threat research. Topics this week include:

Scattered Spider x RansomHub: A New Partnership
US Authorities Indict Anonymous Sudan Leaders
Crypt Ghouls Deploys LockBit on Russian Organizations
APT41 Targets Gambling and Gaming Industry in New Financially-Motivated Campaign

Resources:

Kim Bromley: Kim Bromley is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024. Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights for ShadowTalk.

Brandon Tirado: Brandon Tirado is the Director of Threat Research for ReliaQuest. Brandon is a skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.

Brian Kelly: Brian Kelly is an experienced Threat Hunter and Intrusion Response Operator with a deep understanding of adversary tactics, techniques, procedures (TTPs), and motivations. Beginning his career in IT, Brian swiftly transitioned into cybersecurity, where he actively hunts for threats within organizations and responds to ongoing incidents. His expertise in adversary emulation and TTP exploration empowers him to anticipate and counteract malicious activities. Positioned on the front lines, Brian offers invaluable and actionable insights on the current threat landscape for ShadowTalk.

Ransomware in Q3 2024, Cisco Breached, ChatGPT Misuse

Wed, 16 Oct 2024 12:00:00 -0400

In this episode of ShadowTalk, host Chris and Kim are joined by Detection researcher Corey Carter, to discuss the latest news in cybersecurity and threat research. Topics this week include:

ReliaQuest reporting on ransomware activity in Q3 2024
OpenAI confirm malicious use of ChatGPT
Russian APT29 mass exploiting known vulnerabilities
CISCO data reportedly breached by IntelBroker

Resources:

Chris Morgan: Chris Morgan is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team and has been the host of ShadowTalk since 2021. Chris joined ReliaQuest in August 2020, previously working as a Cyber Threat Intelligence analyst in the telecommunications and financial sectors. Chris also has a background in the British military. With his diverse background, he enhances ShadowTalk with deep insights into various threat landscapes.

Kim Bromley: Kim Bromley is a Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024. Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights for ShadowTalk.

Corey Carter: Corey Carter is a Detection Researcher at ReliaQuest. A Florida native and former infantryman in the United States Marines, Corey holds a bachelor's degree in computer science with a specialization in information assurance. His experience as a Security Analyst and Threat Hunter at ReliaQuest, combined with his military background, equips him with a unique perspective on cybersecurity challenges.

Healthcare Cyber Threat, Salt Typhoon Compromises US Telecoms, Gorilla Botnet DDoS Campaigns

Wed, 09 Oct 2024 12:00:00 -0400

In this episode of ShadowTalk, host Chris and Kim are joined by detection researcher, Marken, to discuss the latest news in cybersecurity and threat research. Topics this week include:

Cyber Threats Facing the Health Care and Social Assistance Sector
Salt Typhoon Compromises US-based Telecoms Companies
Microsoft and US DoJ Takedown Star Blizzard Infrastructure
Gorilla Botnet Conducts Large-Scale DDoS Campaign

Resources:

https://www.reliaquest.com/blog/threats-health-care-social-assistance-landscape/

Guest Episode: Importance of Cyber Insurance, Embargo Ransomware Target Cloud, Influence Ops Target US Election

Wed, 02 Oct 2024 23:00:00 -0400

In this episode of ShadowTalk, host Chris and Kim are joined by guest Samantha Billy, AON U.S Broking Growth Leader, to discuss the latest news in cybersecurity and threat research. Topics this week include:

The Critical Role of Cyber Insurance in Mitigating Cyber Risk
Embargo Ransomware Targeting Cloud
Iranian Threat Actors Conducting Influence Ops Against US Elections
National Crime Agency Tease Lockbit Update

Resources:

https://www.reliaquest.com/blog/2024-us-election-top-cyber-threats-organizational-impacts/

Telegram's Pivot, Kaspersky's Surprise, Remediating Data Exfiltration Attacks

Wed, 25 Sep 2024 11:00:00 -0400

In this episode of ShadowTalk, host Chris and Kim, along with Threat Hunter Brian, discuss the latest news in cybersecurity and threat research. Topics this week include:

Telegram Pivot 180: Agree to Share IP and Phone Data on Legal Requests
Kaspersky Auto-Replace Software with UltraAV Antivirus
Dell Investigate Two Data Breaches
ReliaQuest Data Exfiltration Case Study

Fortinet Breach, Malware Locks Users in "Kiosk" Mode, Insider Threat Case Studies

Wed, 18 Sep 2024 11:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Corey and Anna, discuss the latest news in cyber security and threat research. Topics this week include:

Threat actors express difficulty in retrieving stolen Fortinet data
Amadey malware's novel approach: Users locked in Kiosk Mode
Aftermath of incident affecting Transport for London (TFL)
ReliaQuest Response to Insider Threat Cases

Resources:

https://www.reliaquest.com/blog/common-infostealers/

GRU Orchestrate Sabotage and Assassination, Sextortion Scams, Inc. Ransom's Novel Attack

Wed, 11 Sep 2024 12:00:00 -0400

In this episode of ShadowTalk, host Chris Morgan, along with Marken Teder, discuss the latest news in cyber security and threat research. Topics this week include:

Russia's Military Intelligence target CNI, identified using "Non-Lethal Acoustic Weapons"
New Sextortion scam targets spouses
Privacy concerns with smart automobiles
ReliaQuest research into "Inc Ransom" Data Extortion Attack

Resources:

https://www.reliaquest.com/blog/inc-ransom-attack-analysis/

Guest Episode: Building Security Teams, Ransomware and Lawsuits, Top Attacker Techniques

Wed, 04 Sep 2024 11:00:00 -0400

In this episode of ShadowTalk, hosts Chris and Kim, along with guest CISO Rob F, discuss the latest news in cyber security and threat research. Topics this week include:

City of Columbus Ohio sue security researcher following ransomware breach
Dutch Data Protection Authority fine AI/Facial recognition company
Building security teams and improving your cyber maturity
ReliaQuest research into top attacker techniques

Resources:

https://www.reliaquest.com/blog/top-cyber-attacker-techniques/

Telegram CEO Arrested, Volt Typhoon, Cybercriminal Forum Insights

Thu, 29 Aug 2024 13:00:00 -0400

In this episode of ShadowTalk, hosts Chris and Kim, along with Director of Threat Research Brandon Tirado and Threat Intelligence Analyst Anna, discuss the latest news in cyber security and threat research.

Telegram CEO arrested in France over alleged criminal use of the platform
Return of Volt Typhoon: China APT exploiting Versa high-severity bug
Cybercriminals discuss exploiting physical security gaps to target SMEs

NPD Breach Latest, Election Disinformation, Service Account Abuse

Wed, 21 Aug 2024 11:00:00 -0400

In this episode of ShadowTalk, host Kim, along with Corey and Gjergji, discusses the latest news in cyber security and threat research. Topics this week include:

Data breach at NPD affecting millions resulted from exposed credentials
Iran-linked APT groups abuse OpenAI to create US-election propaganda
ReliaQuest Research: Service Account Abuse

Resources:

Unusual Espionage, Vicious Vulnerabilities, Popular Exfiltration Tools and Malware Loaders

Wed, 14 Aug 2024 14:00:00 -0400

In this episode of ShadowTalk, host Kim, along with Marken and Brian, discusses the latest news in cyber security and threat research. Topics this week include:

Unusual Espionage: China-linked threat groups target Russian government, IT organizations
Vicious Vulnerabilities: New vulnerability in all Windows systems with IPv6, Sonos Speaker flaws allow eavesdropping
ReliaQuest Research: Data Exfiltration Tools and Malware Loaders

Resources:

https://www.reliaquest.com/blog/exfiltration-tools

https://www.reliaquest.com/blog/common-malware-loaders

Special: LIVE from BlackHat 2024, Unauthorized RMM Useage, DEF CON 32 Preview

Thu, 08 Aug 2024 16:00:00 -0400

In this episode of ShadowTalk, host Rick Holland is joined by ReliaQuest Lead Threat Hunter Colin Ferris LIVE on the BlackHat show floor in Las Vegas to discuss:

Takeaways from BlackHat CISO Summit
ReliaQuest presentation on Remote Monitoring & Management (RMM) tools
Things to look forward to at DEF CON 32

Deepfakes-The New Frontier in Deception, Ransomware Roundup, Threats Bypassing Your EDR

Wed, 31 Jul 2024 13:00:00 -0400

In this episode of ShadowTalk, hosts Chris and Kim, along with Ivan Righi, discuss the latest news in cyber security and threat research. Topics this week include:

Rise of the Deepfakes: Threat actors target Ferrari, Fake North Korean IT worker fake's job interview
Developments in ransomware: Stormous v3, VSXI, Black Basta develop custom malware
ReliaQuest Research: Beyond the Endpoint: Threats Bypassing your Endpoint Detection and Response (EDR) solutions

Resources:

CrowdStrike Global IT Outage, Finance & Insurance Threats

Wed, 24 Jul 2024 13:00:00 -0400

In this episode of ShadowTalk, hosts Chris and Kim, along with ReliaQuest CISO Rick Holland, and Detection Researcher Corey Carter, discuss the latest news in cyber security and threat research. Topics this week include:

CrowdStrike Global IT Outage breaks records in impacting 8.5 million devices (1:22)
The importance of accountability and trust when working with third party vendors
ReliaQuest research into threats facing Financial & Insurance (18:46)

Resources:

https://www.reliaquest.com/blog/crowdstrike-outage-script-phishing-and-social-engineering-attacks/

Guest Episode: Ransomware in Q2 2024, Disney/AT&T Breach

Wed, 17 Jul 2024 12:00:00 -0400

In this episode of ShadowTalk, hosts Chris and Kim, along with guest CISO Craig McEwen, discuss the latest news in cyber security and threat research. Topics this week include:

ReliaQuest Research: Ransomware in Q2 2024
Weekly roundup: Threat actors weaponizing exploits within 22 minutes, Disney/AT&T breaches
Linking security strategy to expenditure
Supporting cyber apprenticeships and investing in people

Resources:

GenAI Powers Cybercrime, Cobalt Strike Takedown, Record-breaking DDoS Attack

Thu, 11 Jul 2024 03:00:00 -0400

In this episode of ShadowTalk, hosts Chris and Kim, along with Brian, discuss the latest news in cyber security and threat research.

The influence of Generative Artificial Intelligence (GenAI) on cybercrime
Tango down: Law enforcement takedown over 600 Cobalt Strike servers
Record breaking DDoS attack disclosed by researchers
Rockyou2024: 9.9 Billion stolen passwords posted onto BreachForums

Resource: AI-powered Cybercrime Report

Weekly: TeamViewer Supply Chain Attack, MOVEit Horrors, Medusa Ransomware Case Study

Wed, 03 Jul 2024 12:00:00 -0400

In this episode of ShadowTalk, hosts Chris and Kim, along with Marken, discuss the latest news in cyber security and threat research. Topics this week include:

TeamViewer compromised by APT29 in supply chain attack
MOVEit in the headlines again, critical severity vulnerability disclosed
Popular Content Delivery Network (CDN) providers compromised in supply chain attacks
ReliaQuest research in a case study attributed to the Medusa ransomware group

Resources:

https://www.reliaquest.com/blog/medusa-attack-analysis/

Weekly: Lockbit Claim US Federal Reserve Breach, Protocol Tunneling, Kaspersky Banned in US

Thu, 27 Jun 2024 10:00:00 -0400

In this episode of ShadowTalk, hosts Chris and Kim, along with Ivan and Gjergji, discuss the latest news in cyber security and threat research. Topics this week include:

Lockbit claim breach of the US Federal Reserve, but are they telling the truth?
ReliaQuest research into misuse of Protocol Tunneling
Fallout from the US Ban of Kaspersky

Resources:

https://www.reliaquest.com/blog/protocol-tunneling-tools-and-techniques/#:~:text=Protocol%20tunneling%20is%20a%20technique%20used%20to%20encapsulate,be%20transmitted%20through%20a%20secure%20or%20otherwise-allowed%20protocol.

Weekly: Future of Scattered Spider, Supply Chain Compromise, Insider Threats

Thu, 20 Jun 2024 10:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Marken, discuss the latest news in cyber security and threat research. Topics this week include:

Scattered Spider leader reportedly arrested, as group pivot to target SaaS solutions
ReliaQuest research into supply chain compromise. Detections to improve your resilience
Classifying insider threats and the difficulties of proving intent

Resources:

Guest Episode: Cyber Threats Facing Healthcare, Optum Impact, Ransomware, AI and Automation

Wed, 12 Jun 2024 14:00:00 -0400

In this Special Guest Episode of ShadowTalk, host Chris and one of ReliaQuest's CISOs Rick Holland are joined by University of Kansas Health System (UKHS) CISO Michael Meis to discuss the latest news in cyber security and threat research. Topics this week include:

Significant threats facing healthcare: Ransomware, accidental insiders
The influence of COVID on ransomware activity
The immediate and long term impact of the Optum breach
The importance of understanding your revenue cycle to weather the storm of a breach
Methods of maintaining engagement and retaining staff
AI and automation: Improving timeliness and efficiency of incident response

Special: Live from InfoSec Europe 2024, Snowflake Breach, Cybercriminal AI reflections

Wed, 05 Jun 2024 12:00:00 -0400

In this episode of ShadowTalk, host Chris Morgan is joined by ReliaQuest Chief Strategy Officer Jason Pfeiffer LIVE on the InfoSec Europe show floor in London, UK to discuss:

How InfoSec stacks up against the US cyber conferences
Snowflake data breach affecting TicketMaster and others
Cybercriminal reflections on generative AI

Resources:

https://www.reliaquest.com/blog/common-infostealers/

Weekly: Microsoft Deprecates VBScript, Common Infostealers, GhostEngine Cryptominer, BlackSuit Attack Analysis

Thu, 30 May 2024 09:00:00 -0400

In this episode of ShadowTalk host Corey, along with Gjergji and Brian, discuss the latest news in cyber security and threat research. Topics this week include:

Microsoft set to begin the deprecation of VBScript in the second half of 2024
ReliaQuest research into the top three Infostealers
Dive into a new crypto miner dubbed 'GhostEngine'
ReliaQuest analysis of a BlackSuit ransomware attack

Resources:

Weekly: Microsoft Enforce MFA, Fileless Malware, Rise of Deepfakes

Wed, 22 May 2024 12:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Director of Threat Research Brandon Tirado, discuss the latest news in cyber security and threat research. Topics this week include:

Microsoft mandating multi-factor authentication across Azure
ReliaQuest research exploring fileless malware and living against the land (LoTL) techniques
Use of deepfakes in social engineering in 2024

Resources:

Weekly: Ransomware Impacting Hospitals, Q1 Most Observed Attacker Techniques, BreachForums Advertise Access to Security Company

Wed, 15 May 2024 17:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Ivan and Marken, discuss the latest news in cyber security and threat research. Topics this week include:

Recent ransomware attacks on the healthcare sector do not necessarily suggest a change in targeting preferences
Black Basta pivot TTPs: New social engineering campaign using mass sign ups to mailing list spam
Pain on the adversary, in having multiple controls to slow down an attacker, can greatly improve cyber resilience when combined with network visibility
Initial access brokers (IAB) continuing to play a crucial role in facilitating cybercrime

Resources:

https://www.reliaquest.com/blog/q1-2024-attacker-trends/

Special: AI and Automation at RSAC 2024

Wed, 08 May 2024 21:00:00 -0400

In this episode of ShadowTalk, host Rick Holland is joined by ReliaQuest CTO Joe Partlow and Chief Scientist Brian P. Murphy LIVE on the RSAC show floor in San Francisco, CA to discuss all things AI and automation.

Cracking the Code: Getting a Job in Cybersecurity

Wed, 01 May 2024 12:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Brian and Corey, discuss their career paths, as well as offering tips for individuals aiming to gain employment within cybersecurity.

The importance of tact and developing both soft and hard skills
Working around personnel constraints
Picking the right vendors to compliment your security model
Recommendations for advancing your own career

Weekly: APT28 Activity, Iran/Israel Tensions, Ransomware Rebrands

Thu, 25 Apr 2024 12:00:00 -0400

In this episode of ShadowTalk, host Chris, along Kim and one of ReliaQuest's CISO's Rick, discuss the latest news in cyber security and threat research. Topics this week include:

APT28 Exploit 6 year old CISCO vulnerability
ReliaQuest research on Iran/Israel Tensions
Ransomware Rebrands
Apple notify users impacted by Spyware

Resources:

https://www.reliaquest.com/blog/cyber-threats-linked-to-iran-israel-conflict/

Weekly: Palo Alto Critical Exploit, VPN Management, RansomHub Leak Optum Data

Wed, 17 Apr 2024 12:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Marken, discuss the latest news in cyber security and threat research. This weeks topics include:

Palo Alto Critical Vulnerability under active exploitation
ReliaQuest research on VPN attack surface management
Optum Healthcare data breached by RansomHub group

Weekly: HC3 Social Engineering Warning, ReliaQuest Q1 Phishing Report, Microsoft Copilot

Wed, 10 Apr 2024 14:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Gjergji and James, discuss the latest news in cyber security and threat research. Topics this week include:

Health sector Cybersecurity Coordination Center (HC3) issues alert warning regarding attackers using social engineering to target IT helpdesk's across the health sector
ReliaQuest releases it's findings from it's Q1 Phishing report
How improper permissions can lead to problems with new Microsoft Copilot AI

Resources:

Weekly: New Backdoor in XZ Utils, SEO Poisoning, Impersonation Scams

Wed, 03 Apr 2024 14:00:00 -0400

In this episode of ShadowTalk, host Kim, along with Brian, discuss the latest news in cyber security and threat research. Topics this week include:

Sophisticated backdoor identified in XZ Utils
Our Spotlight report on SEO poisoning
Impersonation scams cost $1.1 billion in 2023

Weekly: Google AI Search, Spain Telegram Ban, Speculative Execution Vulnerabilities

Wed, 27 Mar 2024 17:00:00 -0400

In this episode of ShadowTalk, host Chris, along with ReliaQuest Threat Hunter's Caroline and Corey discuss the latest news in cyber security and threat research. This week's topics include:

Issues with Google AI-powered search generative experience recommending scam sites
Spain high court judge issues temporary ban on messaging platform 'Telegram'
Speculative Execution vulnerabilities found on Apple M Series and Intel Raptor Lake CPU's

Weekly: AT&T Breach, Magnet Goblin, ReliaQuest's Annual Threat Report (ATR)

Wed, 20 Mar 2024 11:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Marken and ReliaQuest CISO Rick, discuss the latest news in cyber security and threat research. This week's topics include:

2021 AT&T breach released for free
Magnet Goblin threat group exploiting 1-day vulnerabilities
An introduction to ReliaQuest's Annual Threat Report (ATR)

Weekly: TeamCity and Supply Chain Risk, BEC Detections, Midnight Blizzard

Wed, 13 Mar 2024 16:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Corey and Caroline, discuss the latest news in cyber security and threat research. Topics this week include:

TeamCity Server critical vulnerability leaves potential for supply chain risk
ReliaQuest research into advanced business email compromise (BEC) detections
Microsoft compromised by Midnight Blizzard password spraying attack

Resources:

Weekly: ConnectWise Critical Vulnerabilities , Credential Theft, NIST Frameworks

Wed, 06 Mar 2024 13:00:00 -0500

In this episode of ShadowTalk, host Chris, along with Fearghal and Kim, discuss the latest news in cyber security and threat research. Topics include:

An overview of the critical severity vulnerabilities affecting ConnectWise, patch now!
ReliaQuest research into Browser Credential Dumping attacks
The latest in the world of ransomware
Update to National Institute of Standards and Technology (NIST) framework

Resources:

https://www.reliaquest.com/blog/browser-credential-dumping/

Weekly: Lockbit Return, SAT Exercises, Optum Breach

Wed, 28 Feb 2024 13:00:00 -0500

In this episode of ShadowTalk, host Chris, along with Ivan, Caroline, and one of ReliaQuest's CISOs Rick, discuss the latest news in cyber security and threat research. This week's topics include:

Lockbit return following law enforcement operation
Recent Structured Analytical Technique (SAT) exercises ran by ReliaQuest
The Optum Breach and what you need to know
'SubdoMailing' malvertising campaign leveraging compromised domains

Resources:

Weekly: Lockbit Taken Down, RMM Tool Abuse, Chinese Gov't Documents Exposed

Wed, 21 Feb 2024 14:00:00 -0500

In this episode of ShadowTalk, host Chris, along with Brian, Kim, and one of ReliaQuest's CISOs Rick, discuss the latest news in cyber security and threat research. Topics this week include:

Lockbit taken down by NCA led operation. Does this spell the end for the ransomware group?
ReliaQuest research into abuse of Remote monitoring and management (RMM) tools
Insider leaks Chinese government documents on Github

Resources:

https://www.reliaquest.com/blog/lockbit-taken-down-what-comes-next/

Weekly: SocGholish, Volt Typhoon, ToothBrush DDoS' and Flipper Zero

Wed, 14 Feb 2024 14:00:00 -0500

In this episode of ShadowTalk, host Chris, along with Marken and Corey, discuss the latest news in cyber security and threat research. Topics this week include:

ReliaQuest research into changes observed on SocGholish infection chain
Update to Volt Typhoon campaign affecting US CNI
Furore over reporting on Toothbrush smart devices reportedly used in DDoS attacks
Canada bans Flipper Zero consumer hacking device, over car theft concerns

Resources:

Weekly: AnyDesk Breach, Deepfake Social Engineering, Q1 2024 Priorities

Wed, 07 Feb 2024 04:00:00 -0500

In this episode of ShadowTalk, host Chris Morgan is joined by ReliaQuest CISO Rick Holland, Director of Threat Research Brandon Tirado and Intelligence Collection Analyst Fearghal Hughes to discuss the latest news in cyber security and threat research. Topics this week include:

Breach of Remote Desktop Application 'AnyDesk' results
Continued Ivanti vulnerability exploitations
The rise of BEC deepfake social engineering attacks
ReliaQuest's top priorities for the remainder of Q1 2024

Resources:

Weekly: Killnet 2.0, Baselining Detection Rules, Ransomware in Q4 2023

Wed, 31 Jan 2024 10:00:00 -0500

In this episode of ShadowTalk, host Chris, along with James and Ivan, discuss the latest news in cyber security and threat research. Topics this week include:

The emergence of Killnet 2.0
Best practices for Baselining Detection Rules
Insights from ReliaQuest's Q4 2023 Ransomware blog

Resources:

https://www.reliaquest.com/blog/q4-2023-ransomware/

Weekly: Midnight Blizzard Targets Microsoft, Recent Attacker Techniques, Citrix NetScaler Vulnerabilities

Wed, 24 Jan 2024 12:00:00 -0500

In this episode of ShadowTalk, host Corey, along with Kim and Caroline, discuss the latest news in cyber security and threat research. Topics this week include:

Midnight Blizzard Targeting Microsoft
Threat research on Attacker techniques observed from Customer incidents
Two new Citrix NetScaler vulnerabilities being exploited in the wild

Resources:

Weekly: Ivanti Zero-days, Valid Account Misuse, Emerging risk from (IoT) devices

Wed, 17 Jan 2024 14:00:00 -0500

In this episode of ShadowTalk, host Chris, along with Brian, Gjergji and ReliaQuest CISO Rick Holland, discuss the latest news in cyber security and threat research. Topics this week include:

Ivanti Zero-day vulnerabilities under mass exploitation
ReliaQuest research into misuse of Valid Accounts
Risk posed through emerging Internet of Things (IoT) devices

Resources:

https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

Weekly: Cyber Threats Developments of 2023, Lockbit Targets Healthcare

Wed, 10 Jan 2024 13:00:00 -0500

In this episode of ShadowTalk, host Chris, along with Marken and Fearghal, discuss the latest news in cyber security and threat research. Topics this week include:

A recap of major developments in 2023: Ransomware, Business Email Compromise, Living off the land (LotL)
The influence of Generative AI on cyber threats
Lockbit targeting healthcare providers in Germany

Weekly: 2023 in Review, ALPHV Targeted by FBI, Predictions for 2024

Wed, 20 Dec 2023 14:00:00 -0500

In this episode of ShadowTalk, host Chris, along with Rick and Kim, discuss the latest news in cyber security and threat research. Topics this week include:

ALPHV targeted in law enforcement operation
A look back at major events from the previous 12 months
Predictions for the cyber threat landscape in 2024
'Expense in depth' and maximising investments

Resources:

Weekly: BYOVD Report, Log4Shell Two Years Later, ALPHV Site Outage, Delaying SEC Disclosures

Wed, 13 Dec 2023 13:00:00 -0500

In this episode of ShadowTalk, host Corey Carter, along with ReliaQuest CISO Rick Holland and Gjergji Paco, discuss the latest news in cyber security and threat research. Topics this week include:

An overview of a ReliaQuest report on a sophisticated incident involving a technique known as Bring Your Own Vulnerable Driver (BYOVD).
ALPHV ransomware site outage rumored to be caused by law enforcement.
Apps vulnerable to Log4Shell still being exploited by Advanced Persistence Threats.
FBI releases policy notice that informs cyber victims how they can request to delay public disclosures to the Securities and Exchange Commission.

Resources:

Weekly: Ransomware Targeting ESXi, Threats to Airline Organizations, CNI Impacted

Wed, 06 Dec 2023 15:00:00 -0500

In this episode of ShadowTalk, host Chris, along with Caroline and James, discuss the latest news in cyber security and threat research. Topics this week include:

Ransomware groups increasingly targeting ESXi
Cyber Threats to the Airline industry
Incidents affecting CNI in the US, UK, and Israel

Resources:

Weekly: EDR Pitfalls, Okta Intrusion Update, Secure AI Guidelines, Expired Google Cookies

Wed, 29 Nov 2023 15:00:00 -0500

In this episode of ShadowTalk, host Corey, along with Rick, Marken, and James, discuss the latest news in cyber security and threat research.
Topics this week include:

An overview of ReliaQuest's latest report covering EDR Pitfalls and Best Practices.
Latest updates to Okta's Support Case Management System intrusion that occurred in October.
Discussion on guidelines released for secure AI system development by CISA and UK NCSC.
Infostealers making headlines after allegedly being able to restore expired Google cookies.

Resources:

Okta's Support Case Management System Intrusion Update-
https://sec.okta.com/harfiles

Proactive Defense: Positioning your IR Team for Success webinar-
https://event.on24.com/wcc/r/4388361/F9C6D55AEEB34F33683F29973F48D174?partnerref=shadowtalk

CISA and UK NCSC Joint Guidelines-
https://www.cisa.gov/news-events/alerts/2023/11/26/cisa-and-uk-ncsc-unveil-joint-guidelines-secure-ai-system-development

Scattered Spider Blog-
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/

Weekly: ALPHV SEC Complaint, Scattered Spider Case Study, Sandworm Attacks

Wed, 22 Nov 2023 13:00:00 -0500

In this episode of ShadowTalk, host Ivan, along with Brandon and Colin discuss the latest news in cyber security and threat research. Topics this week include:

AlphaV filing a complaint with the SEC
ReliaQuest case study on the Scattered Spider attack
Sandworm hacker group conducts "largest ever" attack on Danish infrastructure

Resources:

https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/

Weekly: CitrixBleed, Taking a Proactive Approach to IR, BiBi wiper targets Israeli Organizations

Wed, 15 Nov 2023 13:00:00 -0500

In this episode of ShadowTalk, host Chris, along with Kim, discuss the latest news in cyber security and threat research. Topics this week include:

CitrixBleed vulnerability mass targeted by threat actors
Taking the burden from incidents responders by taking proactive steps
Hacktivists targeting Israeli organizations with "BiBi" data wiping malware

Resources:

https://www.reliaquest.com/blog/citrix-bleed-vulnerability-background-and-recommendations/

Weekly: Apache ActiveMQ and Atlassian Confluence, SEC files charges, QR code phishing

Wed, 08 Nov 2023 14:00:00 -0500

In this episode of ShadowTalk, host Ivan Righi, along with ReliaQuest's CISO Rick Holland and Detection Researcher Marken Teder, discuss the latest news in cyber security and threat research. Topics this week include:

Apache ActiveMQ vulnerability (CVE-2023-46604) exploited by ransomware gangs
Discussion over charges filed by the US SEC against SolarWinds
Active exploitation of a Critical Atlassian Confluence flaw (CVE-2023-22518)
An overview of QR code phishing threats

Resources:

https://event.on24.com/wcc/r/4387339/A63BC17298406ECD68AABFFEF416702B?partnerref=organic

Weekly: SolarWinds SEC Charges, Vulnerabilities Roundup, AI Executive Order

Thu, 02 Nov 2023 10:00:00 -0400

In this episode of ShadowTalk, host Kim, along with Caroline and Corey, discuss the latest news in cyber security and threat research. Topics this week include:

The charges filed by the US SEC against SolarWinds
A sneak-peak of the findings from our Vulnerabilities Roundup blog
An overview of some vulnerabilities impacting users right now
The Executive Order issued by the Biden administration on artificial intelligence.

Weekly: Q3 Ransomware Report, ServiceNow Vulnerability, Okta Incident

Thu, 26 Oct 2023 05:00:00 -0400

In this episode of ShadowTalk, Host Chris Morgan is joined by one of ReliaQuest's CISO's Rick Holland, Threat Hunter Brian Kelly and Threat Intelligence Analyst Ivan Righi to discuss the latest news in cyber security and threat research. Topics this week include:

The findings of ReliaQuest's Quarterly Ransomware Report recapping Q3 2023 activity.
ServiceNow vulnerability and what it means for you
The latest on a security incident pertaining to authentication provider, Okta.

Resources:

https://www.reliaquest.com/blog/ransomware-trends-q3-2023/

Weekly: Critical CISCO IOS XE Vuln, Business Email Compromise (BEC) activity, malicious use of Discord

Fri, 20 Oct 2023 14:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Kim and Gjergji, discuss the latest news in cyber security and threat research. Topics this week include:

Threat actors exploiting Critical CISCO IOS XE Vuln
Increase in Business Email Compromise (BEC) activity
Social media platform Discord being used for malicious activity

Weekly: Hamas Cyber Threat Implications, Top Adversary Techniques, Qakbot

Fri, 13 Oct 2023 11:00:00 -0400

In this episode of ShadowTalk, host Chris Morgan, along with ReliaQuest CISO Rick Holland, James Xiang and Caroline Fenstermacher, discuss the latest news in cyber security and threat research. Topics this week include:

Cyber threat implications from the Hamas - Israel Conflict
Top Adversary Techniques: What We're Seeing Right Now
Has Qakbot returned?

Resources:

https://www.reliaquest.com/blog/iranian-cyber-threats-practical-advice-for-security-professionals/

Weekly: National Cyber Security Awareness Month (NCSAM), Progress FTP Server, RDP Sessions, IronNet

Fri, 06 Oct 2023 12:00:00 -0400

In this episode of ShadowTalk, host Chris Morgan, along with ReliaQuest CISO Rick Holland and Corey Carter discuss the latest news in cyber security and threat research. Topics this week include:

2023 National Cyber Security Awareness Month (NCSAM)
Progress FTP Server
The risk posed by open Remote Desktop Protocol (RDP) Sessions
IronNet ceasure operations

Resources:

Weekly: Hunting for MFA bypass techniques, Libwebp Vuln exploited, VMWare ESXi

Fri, 29 Sep 2023 11:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Gjergji and James, discuss the latest news in cyber security and threat research. Topics this week include:

Hunting for MFA bypass techniques
Exploitation of a Zero-day LibWebP Vulnerability
Threat actors targeting VMWare ESXI

Resources:

https://www.reliaquest.com/blog/mfa-bypass-techniques/#:~:text=Attackers%20also%20bypass%20MFA%20by,for%20sale%20on%20cybercriminal%20platforms.

Weekly: MFA Bypass Techniques, Microsoft Data Leak, Latest ALPHV Attack

Fri, 22 Sep 2023 04:00:00 -0400

In this episode of ShadowTalk, host Kim, along with Caroline and Brian, discuss the latest news in cyber security and threat research. Topics this week include:

A deep dive into popular MFA bypass techniques and how to mitigate them
How a misconfigured SAS token led to a big Microsoft data breach
The latest ALPHV ransomware attack

Resources:

https://www.reliaquest.com/blog/domain-redirection-attacks-wrong-turns-in-cyberspace/

Weekly: Anonymous Sudan, Domain Redirection Attacks, UK Ransomware Report and Managed Engine Zero-Day Exploit

Thu, 14 Sep 2023 16:00:00 -0400

In this episode of ShadowTalk, host and ReliaQuest CISO Rick Holand and ReliaQuest Threat Research team members Corey Carter and Gjergji Paco discuss the latest news in cyber security and threat research. Topics this week include:

A deep dive on domain redirection attacks
New ransomware report from the UK government
New Managed Engine zero-day exploited by multiple threat actors
Anonymous Sudan Telegram bans and DDoS attacks.

Resources:

Weekly: SocGhoulish deep dive, AI security concerns, LockBit vs. UK MOD

Fri, 08 Sep 2023 04:00:00 -0400

In this episode of ShadowTalk, host Roman, along with Corey and Ivan, discuss the latest news in cyber security and threat research. Topics this week include:

A deep dive of malware loader SocGhoulish
Artificial intelligence: implications, security concerns, and use by cybercriminals
LockBit leaking top secret information from the UK’s Ministry of Defence

Resources:

Weekly: Qakbot Takedown, New Barracuda Zero-Day, Resurgence of Hacktivism

Fri, 01 Sep 2023 13:00:00 -0400

In this episode of ShadowTalk, host Chris Morgan, along with ReliaQuest CISO Rick Holland and Gjergji Paco, discuss the latest news in cyber security and threat research. Topics this week include:

The FBI operation targeting Qakbot infrastructure
Barracuda Zero-Day targeted by Peoples Republic of China (PRC) aligned actors
The resurgence and future of Hacktivism

Weekly: Malware Loaders, Ransomware Runbooks, Generative AI and Barracuda ESG

Fri, 25 Aug 2023 04:00:00 -0400

In this episode of ShadowTalk, host Dean Murphy, along with one of ReliaQuest's CISO's Rick Holland and Threat Hunter Brian Kelly, discuss the latest news in cyber security and threat research. Topics this week include:

Malware Loaders
Ransomware Runbooks
Generative AI
Barracuda ESG - Zero-Day

Resources:

Weekly: DefCon, Cl0p, Raccoon Stealer

Fri, 18 Aug 2023 10:00:00 -0400

In this episode of ShadowTalk, host Chris, along with one of Brandon and Gjergji, discuss the latest news in cyber security and threat research. Topics this week include:

Recap of DefCon conference
The latest updates regarding Clop's exploitation of MOVEit zero-day
The return of the infamous Raccoon Stealer

Weekly: AI at BlackHat, Device Code Phishing, Russia-Ukraine War Trends and DEF CON Tips

Fri, 11 Aug 2023 04:00:00 -0400

In this episode, one of ReliaQuest's CISO's Rick Holland is joined by threat hunters Colin Ferris and Caroline Fenstermacher to discuss the presence of AI at BlackHat, Device Code Phishing, trends from the Russia-Ukraine War and lastly how to make the most of a visit to DEF CON.

Special: CISO Chat Live from BlackHat 2023

Thu, 10 Aug 2023 11:00:00 -0400

In this episode, one of ReliaQuest's CISO's Rick Holland and Chief Technology Officer Joe Partlow are joined by Freeport LNG CISO, Todd Beebe and Ciena CISO Ryan Hammer to discuss all things BlackHat 2023.

Weekly: Business Email Compromise (BEC), ReliaQuest Bi-Annual threat reports, influence of AI on the Cyber Threat Landscape

Fri, 04 Aug 2023 15:00:00 -0400

In this episode of ShadowTalk, host Chris, along with one of ReliaQuest's CISOs Rick, and James, discuss the latest news in cyber security and threat research. Topics this week include:

Themes in recent Business Email Compromise (BEC) activity
A breakdown of ReliaQuest research into threats facing the Professional, Scientific, and Technical Services (PSTS) sector
The influence of AI on the cyber threat landscape
ReliaQuest activities at BlackHat 2023 conference

Weekly: What We're Seeing Right Now, Cl0p Cycle Continues, Ivanti Zero-Day, ALPHV API

Fri, 28 Jul 2023 09:00:00 -0400

In this episode of ShadowTalk, host Roman, along with Ivan and Brandon, discuss the latest news in cyber security and threat research. Topics this week include:

Twitter becoming X security concerns
Cl0p names 71 new victims
ReliaQuest releases Q2 ransomware report
Hackers target Norwegian government ministries with Ivanti zero-day exploit
ALPHV ransomware group creates API key for its data leak site

Resources:

Weekly: What We're Seeing Right Now, Cl0p Update, WormGPT

Fri, 21 Jul 2023 04:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Brian and James, discuss the latest news in cyber security and threat research. Topics this week include:

ReliaQuest research into common attacker techniques
An update on Clop's exploitation of the MOVEit vulnerability
ChatGPT rival with ‘no ethical boundaries’ sold on dark web

Resources:

Weekly: Microsoft Cloud Breach, Strava App, Cl0p Update and Remote Management Monitoring

Fri, 14 Jul 2023 04:00:00 -0400

In this episode of ShadowTalk, host Dean Murphy, one of ReliaQuests CISO's Rick Holland and threat research teamers Colin Ferris and Gjergji Paco discuss the latest news in cyber security and threat research. Topics this week include:

Chinese hackers breach Microsoft Cloud
Strava App – Tracked and Killed
Cl0p Update
Remote Monitoring and Management Software – RMM

Resources:

Weekly: Defense Evasion via Virtualization, LockBit target TSMC, CISA Identify New Exploited Vulnerabilities

Fri, 07 Jul 2023 10:00:00 -0400

In this episode of ShadowTalk, host Chris Morgan, along with Corey Carter, Jonny Elrod, Gjergji Paco, and one of ReliaQuests CISO's Rick Holland, discuss the latest news in cyber security and threat research. Topics this week include:

Threat actors obfuscating activity through virtualization
LockBit claim to have impacted Taiwanese semiconductor giant TSMC
CISA identify new exploited vulnerabilities
New critical vulnerability impacting Fortinet, FortiOS and FortiProxy SSL-VPN appliances

Resources:

Weekly: Legal Developments, New APT29 Campaign and ReliaQuest's Annual Threat Report

Fri, 30 Jun 2023 04:00:00 -0400

In this episode of ShadowTalk, host Stefano, along with Kim Bromley, and one of ReliaQuests CISO's Rick Holland, discuss the latest news in cyber security and threat research. Topics this week include:

The SEC reportedly charging SolarWinds executives
APT29 hunting for credentials
Our new, shiny Annual Threat Report

Resources:

Weekly: Cl0p update, Killnet target European financial institutions, closed sources findings

Fri, 23 Jun 2023 04:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Dani, and one of ReliaQuests CISO's Rick Holland, discuss the latest news in cyber security and threat research. Topics this week include:

The latest updates related to Cl0p's exploitation of MOVEit zero-day
Killnet targeting European financial institutions
Insights drawn from our closed sources team
The team's observations on this years InfoSec conference

Resources:

Weekly: Cl0p releases company names, Gootloader, new Fortinet RCE, Ukrainians hackers take down Infotel.

Mon, 19 Jun 2023 16:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Colin and Caroline, discuss the latest news in cyber security and threat research. Topics this week include:

The latest updates related to Clop's exploitation of MOVEit zero-day
An overview of the Gootloader initial access malware
Fortinet RCE CVE-2023-27997
Ukraine's Cyber Anarchy Squad take down Infotel

Resources:

Weekly: MOVEit Zero-day and Cl0p attribution, Infostealing ecosystem, DBIR 2023 Report

Fri, 09 Jun 2023 10:00:00 -0400

In this episode of ShadowTalk, host Stefano, along with Rick, Dean, and Ivan, discuss the latest news in cyber security and threat research. Topics this week include:

What you need to know on the MOVEit Zero-day vulnerability and the latest Cl0p updates
Infostealers ecosystem: most common malware, impact, and mitigation strategies
Key insights from the latest Verizon's DBIR issue

Resources:

Weekly: MOVEit Zero-day, RaidForums Breach, Buhti Ransomware

Fri, 02 Jun 2023 17:00:00 -0400

In this episode of ShadowTalk, host Chris, along with Gjergji and Ivan, discuss the latest news in cyber security and threat research. Topics this week include:

What you need to know on the MOVEit Zero-day vulnerability
RaidForums user's data breached
The Buhti ransomware taking a unique approach to targeting victims

Resources:

Weekly: GootLoader, Intrusion Truth, Volt Typhoon, and Exponent conference debrief

Fri, 26 May 2023 04:00:00 -0400

Summary: In this episode of ShadowTalk, host Stefano, along with Kim, Rick, and Dean, discuss the latest news in cyber security and threat research. Topics this week include:

An investigation into the GootLoader malware
The latest operation from hacktivist group Intrusion Truth
A cyber espionage campaign conduct by Volt Typhoon
RQ Exponent conference debrief

Resources:

Weekly: SocGholish, Cactus Ransomware, Greatness Phishing-as-a-service

Fri, 19 May 2023 04:00:00 -0400

In this episode of ShadowTalk, host Chris Morgan , along with Caroline Fenstermacher and Gjergji Paco, discuss the latest news in cyber security and threat research. Topics this week include:

Revisiting the SocGholish malware distribution framework
Getting pricked by the Cactus ransomware
Greatness Phishing-as-a-service

Resources:

Weekly: Snake malware takedown, Kubernetes hunts, and Caffeine Phishing-as-a-Service

Fri, 12 May 2023 04:00:00 -0400

Summary: In this episode of ShadowTalk, host Stefano, along with Caroline and Colin, discuss the latest news in cyber security and threat research. Topics this week include:

Five Eyes agencies takedown FSB-linked Snake malware
Hunting Kubernetes for privilege escalation techniques
Investigation offers insights into Caffeine PhaaS platform

Resources:

Weekly: ReliaQuest Threat Management, ALPHV, Veeam Vulnerability Exploited

Fri, 05 May 2023 04:00:00 -0400

In this episode of ShadowTalk, host Chris Morgan is joined by Corey Carter and Ivan Righi to discuss:

A day in the life of a Threat Engineer at ReliaQuest
ALPHV leaking internal comm's related to victims incident response
High Severity vulnerability affecting Veeam back servers exploited in the wild (CVE-2023-27532)

Weekly: RQ Ransomware Report, 3CX Update, Russia-Ukraine Cyber Operations, and Cybercriminal Ecosystems

Fri, 28 Apr 2023 15:00:00 -0400

In this episode of ShadowTalk, host Stefano, along with Kim, Ivan, and Brandon, discuss the latest news in cyber security and threat research. Topics this week include:

Highlights from the ReliaQuest Ransomware Quarterly Report Q1 2023
A supply-chain of a supply-chain: 3CX Update
Analysis of Russia-Ukraine cyber operations
A look into recent shifts in the cybercriminal ecosystem

Resources:

Special: RSA Conference 2023

Wed, 26 Apr 2023 15:00:00 -0400

In this episode, host and CISO Rick Holland is joined by ReliaQuest's Chief Technical Officer Joe Partlow and Chief Strategy Officer Jason Pfeiffer to discuss

cyber trends they're seeing across RSA Conference 2023
the benefits of such an event
AI in cyber and more.

Weekly: Vulnerability Quarterly Roundup, Domino Backdoor, Lockbit Targeting MacOS

Fri, 21 Apr 2023 04:00:00 -0400

In this episode of ShadowTalk, host Chris Morgan, along with Dani and Dean Murphy, discuss the latest news in cyber security and threat research. Topics this week include:

A breakdown of ReliaQuest's latest Vulnerability quarterly report
Aftermath of the ransomware attack affecting Capita
The "Domino" Backdoor and "Project Nemesis" information stealing malware
Lockbit targeting macOS

Resources:

Weekly: Cobalt Strike takedown, latest MERCURY campaign, Patch Tuesday

Fri, 14 Apr 2023 04:00:00 -0400

In this episode of ShadowTalk, host Stefano, along with Caroline and Kitch, discuss the latest news in cyber security and threat research. Topics this week include:

A new approach in malicious infrastructure takedown
The latest TTPs of MERCURY aka MuddyWater
What's new on this Patch Tuesday?

Resources:

Weekly: Genesis Market seizure, Vulkan Files, and new Microsoft Security Update

Fri, 07 Apr 2023 04:00:00 -0400

In this episode of ShadowTalk, host Stefano, along with Ivan and Corey, discuss the latest news in cyber security and threat research. Topics this week include:

The prominent Genesis Market has been seized: What's next?
Confidential Vulkan Files expose ties between Russian APTs and private sector
Microsoft mitigates malicious attachments delivered via OneNote

Resources:

Weekly: 3CX supply chain attack, Rostec deanonymize Telegram, IcedID

Thu, 30 Mar 2023 16:00:00 -0400

In this early released episode of ShadowTalk, host Chris Morgan, along with ReliaQuest CISO Rick Holland, Kim Bromley, and Colin Ferris discuss the latest news in cyber security and threat research. Topics this week include:

Implications from the 3CX supply-chain attack and what you need to do going forward
Russian telco Rostec de-anonymizing Telegram users
Updates to the IcedID malware

Resources:

https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/
https://www.reliaquest.com/blog/3cx-trojan-attack/
https://www.bleepingcomputer.com/news/security/russia-s-rostec-allegedly-can-de-anonymize-telegram-users/
https://www.bleepingcomputer.com/news/security/new-icedid-variants-shift-from-bank-fraud-to-malware-delivery/

Weekly: Outlook Vulnerability, TeamTNT and Breachforums closure

Fri, 24 Mar 2023 04:00:00 -0400

In this episode of ShadowTalk, host Chris Morgan, along with Ivan Righi and Caroline Fenstermacher, discuss the latest news in the cyber security and the information security landscape. Topics this week include:

Implications following the arrest of BreachForums administrator Pompompurin
Cryptojacking activity group the TeamTNT threat group
Microsoft Outlook bug CVE-2023-23397

Resources:

Weekly: SVB collapse, FBI IC3 report, and Cl0p update

Fri, 17 Mar 2023 11:00:40 -0400

In this episode of ShadowTalk, host Stefano De Blasi, along with Rick Holland and Brandon Tirado, discuss cyber threats related to the SVB collapse, the FBI IC3 report and Cl0p ransomware: zero-day vulnerability and victims.

Resources:

Weekly: US National Cybersecurity Strategy, Emotet and Cl0p return

Thu, 16 Mar 2023 20:06:07 -0400

In this episode of ShadowTalk, host Stefano, along with Caroline and Dean, discuss:

the new US National Cybersecurity Strategy
the return of Emotet
zero-day exploited by the Cl0p ransomware group.

Weekly: HTML Smuggling, CISA Guidance on Logging

Thu, 16 Mar 2023 20:02:25 -0400

This weeks ShadowTalk host Chris, along with Rick, Kitch and Corey, discuss:

the email threat of HTML Smuggling
the latest guidance on logging from CISA.

Weekly: Russia-Ukraine War - One-Year Later

Fri, 24 Feb 2023 15:43:05 -0500

This week's ShadowTalk podcast covers the latest developments and implications of the Russian-Urkaine War.

Resources:

https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-24-feb

Weekly: Trickbot/Conti Sanctions, OneNote Documents, and NATO DDoS Attacks

Fri, 17 Feb 2023 12:20:13 -0500

This week's ShadowTalk podcast covers the latest in the Trickbot/Conti Sanctions, OneNote Documents, NATO DDoS Attacks.

Resources:

https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-17-feb

Weekly: VMware ESXI campaign and SocGholish overview

Fri, 10 Feb 2023 11:20:30 -0500

This week's ShadowTalk podcast covers the latest in the VMware ESXI Ransomware campaign, Killnet, SocGholish, and more.

Resources:

https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10-feb

Weekly: Hive Ransomware Takedown and Dark Web Cybercriminal Jobs

Fri, 03 Feb 2023 13:10:54 -0500

This week's ShadowTalk podcast covers the latest in the Hive ransomware takedown and dark web cybercriminal forum.

Resources:

https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-3-feb

Weekly: Ransomware Profits Drop, Russian ISP, and Microsoft Investigation

Fri, 27 Jan 2023 12:18:26 -0500

This week's ShadowTalk podcast covers the drop in Ransomware profits, DDoS activity spikes against Russian ISP, and Microsoft implementing security changes following a months-long investigation.Get this week’s intelligence summary at: resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-27-janSubscribe to our threat intelligence email: info.digitalshadows.com/SubscribetoEm…cast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: 2022 Recap and Forecasting 2023 Trends

Fri, 20 Jan 2023 11:58:07 -0500

Looking Back, Moving Forward. As 2023 gets into full swing, listen to our recap of 2022 including trends in cybercrime, espionage, hacktivism, and more. Plus, global industry forecasting for 2023. Get this week’s intelligence summary at: resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-20-janSubscribe to our threat intelligence email: info.digitalshadows.com/SubscribetoEm…cast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Turla Target Ukraine, ChatGPT, and Lorenz Ransomware Activity

Fri, 13 Jan 2023 11:31:22 -0500

ShadowTalk host Chris alongside Ivan give you the latest in threat intelligence. This week they cover:-Russian APT Turla-Chat GPT-Ransomware Group Lorenz TTP ChangesGet this week’s intelligence summary at: resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-13-janSubscribe to our threat intelligence email: info.digitalshadows.com/SubscribetoEm…cast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Welcome to 2023!

Fri, 06 Jan 2023 11:19:47 -0500

The first ShadowTalk Podcast of the New Year is here. Join host Chris for the latest happenings in threat intelligence and cyber security.Get this week’s intelligence summary at: resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-6-janSubscribe to our threat intelligence email: info.digitalshadows.com/SubscribetoEm…cast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Recent Vulnerabilities, Clop Ransomware, New Year's Resolutions

Fri, 16 Dec 2022 11:19:06 -0500

ShadowTalk host Chris alongside guests Ivan give you the latest in threat intelligence. This week they cover: -Recent Vulnerabilities-Clop Ransomware-New Year's ResolutionsGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-16-dec***Resources from this week’s podcast***Payment Declined: Carding Cyber Criminals Fears for Their Futurehttps://www.reliaquest.com/blog/web-carding-future/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Russian and Ukraine Roundup, Lazarus Group Cryptocurrency Activity, Apple’s Right to Repair

Fri, 09 Dec 2022 13:30:00 -0500

ShadowTalk host Chris alongside guests Rick and Danny give you the latest in threat intelligence. This week they cover: -Russian and Ukraine Roundup-Lazarus Group Cryptocurrency Activity-Apple’s Right to Repair Get this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-9-dec***Resources from this week’s podcast***Vulnerability Intelligence Roundup: Five lessons learned since Log4Shellhttps://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-roundup-five-lessons-learned-since-log4shell/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Sandworm targets Ukraine, Oracle RCE vulnerability, 300th Episode

Fri, 02 Dec 2022 14:43:11 -0500

ShadowTalk host Nicole alongside guests Rick, Ivan and Dean give you the latest in threat intelligence. This week they cover: -Sandworm deploying ransomware targeting Ukraine -Oracle RCE vulnerability actively exploited-300th Episode & Look forward***Resources from this week’s podcast***Vulnerability Intelligence Roundup: Five lessons learned since Log4Shellhttps://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-roundup-five-lessons-learned-since-log4shell/ Vice Society CISA advisoryhttps://www.cisa.gov/uscert/ncas/alerts/aa22-249a Five ways security leaders can prepare for economic uncertainty by Rick https://www.scmagazine.com/perspective/strategy/five-ways-security-leaders-can-prepare-for-economic-uncertainty SANS CTI Summithttps://www.sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2023/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: LockBit Arrest, Tech Layoffs, Black Friday Risks

Wed, 23 Nov 2022 11:55:08 -0500

ShadowTalk host Chris alongside guests Dani and Kim give you the latest in threat intelligence. This week they cover: -LockBit Arrest-Big Tech Layoffs-Black Friday Vulnerability Risks***Resources from this week’s podcast***Black Friday Webinarhttps://www.reliaquest.com/resource/webinar/soc-talk-keeping-black-friday-cyber-threats-at-bay/?utm_source=Digital+Shadows&utm_medium=On-Demand+Webinar Keeping One Step Ahead of Black Friday Cyber Threats https://www.digitalshadows.com/blog-and-research/keeping-one-step-ahead-of-black-friday-cyber-threats/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: APT29 Credential Roaming, Russian Hacktivists Use Somnia Ransomware, Recent LockBit Activity

Fri, 18 Nov 2022 12:42:19 -0500

ShadowTalk host Nicole alongside guests Ivan, Rick and Andrew give you the latest in threat intelligence. This week they cover: -APT29 Windows Credential Roaming-Russian Hacktivists Targeting Ukraine with New Somnia Ransomware-LockBit Using Amadey Bot Malware, LockBit Affiliate ArrestedGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-18-nov ***Resources from this week’s podcast***Cyber Threats to the FIFA World Cup Qatar 2022https://www.digitalshadows.com/blog-and-research/cyber-threats-to-the-fifa-world-cup-qatar-2022/ Keeping One Step Ahead of Black Friday Cyber Threats https://www.digitalshadows.com/blog-and-research/keeping-one-step-ahead-of-black-friday-cyber-threats/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: British Government Scanning UK Devices, Twitter's Verification Process, Latest Emotet Return

Fri, 11 Nov 2022 11:45:26 -0500

ShadowTalk host Chris alongside guests Kim gives you the latest in threat intelligence. This week they cover: -British Government Scanning UK Devices-Twitter's Verification Process-Latest Emotet ReturnGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-11-nov ***Resources from this week’s podcast***Cyber Threats to the FIFA World Cup Qatar 2022https://www.digitalshadows.com/blog-and-research/cyber-threats-to-the-fifa-world-cup-qatar-2022/ Dark Web Recruitment: Malware, Phishing and Cardinghttps://www.digitalshadows.com/blog-and-research/dark-web-recruitment-malware-phishing-and-carding/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: APT10 Deploy LODEINFO Malware, New Azov Data Wiper, Emotet Malicious Spam

Fri, 04 Nov 2022 12:54:30 -0400

ShadowTalk host Nicole alongside guests Ivan give you the latest in threat intelligence. This week they cover: -APT10 leveraging antivirus to deploy LODEINFO malware-New Azov data wiper attempting to frame security researchers-New Emotet malicious spam campaignGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-04-nov***Resources from this week’s podcast***Q3 2022 Vulnerability Rounduphttps://www.digitalshadows.com/blog-and-research/q3-2022-vulnerability-roundup/ 2023 Cyber Threat Predictions https://www.digitalshadows.com/blog-and-research/2023-cyber-threat-predictions/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Ukraine Activity Roundup, Vice Society Targeting Schools, Iranian Hacktivism

Fri, 28 Oct 2022 14:15:12 -0400

Weekly: Ukraine Activity Roundup, Vice Society Targeting Schools, Iranian HacktivismShadowTalk host Chris alongside guests Stefano give you the latest in threat intelligence. This week they cover: -Ukraine Activity Roundup-Vice Society Targeting Schools-Iranian HacktivismGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-28-oct***Resources from this week’s podcast***Q3 2022 Vulnerability Rounduphttps://www.digitalshadows.com/blog-and-research/q3-2022-vulnerability-roundup/ Have your Forgotten About Phishing?Ransomware in Q3 2022https://www.digitalshadows.com/blog-and-research/cybersecurity-awareness-month-2022-have-you-forgotten-about-phishing/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: REvil connection to Ransom Cartel, Cryptocurrency hacks in Japan by Lazarus, Toyota T-Connect Attack

Fri, 21 Oct 2022 14:01:30 -0400

ShadowTalk host Nicole alongside guests Rick and Ivan give you the latest in threat intelligence.

This week they cover:

REvil connection to Ransom Cartel
Cryptocurrency hacks in Japan by Lazarus
Toyota T-Connect Attack

Resources:

https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-21-october
https://www.digitalshadows.com/blog-and-research/ransomware-in-q3-2022/
https://www.digitalshadows.com/blog-and-research/alternative-future-analysis-pro-russian-hacktivism/
https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/special-geoff-white-and-the-lazarus-heist

Weekly: US Airports DDoS’d, Fortinet Vulnerability, Deep Dive Into Information Stealers

Fri, 14 Oct 2022 13:59:40 -0400

ShadowTalk host Chris alongside guests Kim give you the latest in threat intelligence. This week they cover: -Recent DDoS attacks on US Airports -Fortinet Vulnerability-A Deep Dive Into Information StealersGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-14-oct

Rick Holland with Michael Farnum & Greg Porterfield of Set Solutions: Uber breach & 2023 predictions

Fri, 30 Sep 2022 14:01:43 -0400

ShadowTalk host and Digital Shadows CISO Rick Holland alongside Michael Farnum Chief Technology Officer at Set Solutions and Greg Porterfield, Senior Security Consultant at Set Solutions give you the latest in threat intelligence. This episode they cover: -How Defenders Should Respond to The Uber Breach-2023 planning For more information about Set Solutions, check out their podcast:https://www.setsolutions.com/category/podcast/Also, make sure you’ve looked at the details and have registered for Hou.Sec.Con 2022:https://web.cvent.com/event/0ac8a54d-fbe9-4a16-8510-49dcf538389f/summary

First use of LockBit Builder, Ransomware Groups Destroying vs. Encrypting Data, Domain Shadowing

Fri, 30 Sep 2022 12:02:44 -0400

ShadowTalk host Nicole alongside guests Stefano and Ivan give you the latest in threat intelligence. This week they cover: -Potential first use of LockBit Builder leak-Ransomware Groups Destroying vs. Encrypting Data-Increase in Domain ShadowingLockBit Builder leakGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/20220930-dsweeklyintsum ***Resources from this week’s podcast***Who’s Next In Lapsus$’ Crosshairs?https://www.digitalshadows.com/blog-and-research/whos-next-in-lapsus-crosshairs/ Dark Web Recruitment: How Ransomware Groups Hire Cybercriminal Talenthttps://www.digitalshadows.com/blog-and-research/dark-web-recruitment-how-ransomware-groups-hire-cybercriminal-talent/ Guide to Domain Shadowing Detectionhttps://ieeexplore.ieee.org/document/9148945

LockBit Builder leak, Lapsus$ breaches Rockstar and Uber, Emotet pushes Quantum and Alphv ransomware

Fri, 23 Sep 2022 16:46:40 -0400

ShadowTalk host Nicole alongside Stefano give you the latest in threat intelligence. This week they cover:-LockBit Builder leak,-Lapsus$ breaches Rockstar Games and Uber,-Emotet pushes Quantum and Alphv ransomwareGet this week’s intelligence summary at: resources.digitalshadows.com/weekly-int…ry-23-sept

Weekly: Intermittent Encryption Tactics, Geopolitical Developments in Cyber Crime

Fri, 16 Sep 2022 13:53:19 -0400

ShadowTalk host Chris alongside Danny give you the latest in threat intelligence. This week they cover: -Intermittent Encryption Tactics,-Geopolitical Developments in Cyber CrimeGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-16-sept***Resources from this week’s podcast***There’s No Honor Among Thieves: Carding Forum Staff Defraud Users In An ESCROW Scamhttps://www.digitalshadows.com/blog-and-research/theres-no-honor-among-thieves-carding-forum-staff-defraud-users-in-an-escrow-scam/Ransomware Franchising: How Do Groups Get Startedhttps://www.digitalshadows.com/blog-and-research/ransomware-franchising-how-do-groups-get-started/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Revival of Hacktivism, Targeting the Education Sector, Terror NFTs

Fri, 09 Sep 2022 12:06:37 -0400

ShadowTalk host Nicole alongside Ivan and Chris give you the latest in threat intelligence. This week they cover: -Increase in hacktivism since the Russian invasion of Ukraine -Threat Actors Targeting the Education Sector-New NTF Trends in Cyber Attacks Get this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-09-sept***Resources from this week’s podcast***APT Spotlight Series: APT41https://www.digitalshadows.com/blog-and-research/apt-spotlight-series-apt41/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: LastPass Incident, Montenegro Attacks

Fri, 02 Sep 2022 12:50:45 -0400

ShadowTalk host Stefano alongside Kim and Digital Shadows CISO Rick you the latest in threat intelligence. This week they cover: Details of the August attack on LastPassCoordinated and Precise Infrastructure Attacks in MontenegroGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-02-sept***Resources from this week’s podcast***“Looking For Pentesters”: How Forum Life Has Conformed To The Ransomware Banhttps://www.digitalshadows.com/blog-and-research/looking-for-pentesters-how-forum-life-has-conformed-to-the-ransomware-ban/“I’m Tired Of Living In Poverty” – Russian-Speaking Cyber Criminals Feeling The Economic Pinchhttps://www.digitalshadows.com/blog-and-research/im-tired-of-living-in-poverty-russian-speaking-cyber-criminals-feeling-the-economic-pinch/

Weekly: Cyber Threat Insurance, LockBit’s lockdown, Charming Kitten email attack

Fri, 26 Aug 2022 13:49:16 -0400

ShadowTalk host Chris alongside Kim and Ivan bring you the latest in threat intelligence. This week they cover: - Lloyd’s of London Ltd. confirms policies state what they will and won’t cover- The LockBit sites have been shut down due to a DDoS attack- Charming Kitten uses a new tool to gather targeted email accountsGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-26-aug***Resources from this week’s podcast***Vulnerability Intelligence RoundUp: Cloudy With A Chance Of Zero Dayshttps://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-roundup-cloudy-with-a-chance-of-zero-days/What We’re Reading This Month: August 2022https://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-august-2022/

Weekly: BlackHat and Defcon Recap, Microsoft’s Patch Tuesday, North Korea Fake Coinbase Jobs

Fri, 19 Aug 2022 10:54:03 -0400

ShadowTalk host Nicole alongside CISO Rick Holland bring you the latest in threat intelligence. This week they cover: - BlackHat and Defcon recap- Microsoft’s Patch Tuesday- North Korea fake Coinbase jobsGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-19-aug***Resources from this week’s podcast***Stop The Line: Cyber Threats Facing Manufacturinghttps://www.digitalshadows.com/blog-and-research/stop-the-line-cyber-threats-facing-manufacturing/Honker Union: Has The Grandfather Of Chinese Hacktivism Returned?https://www.digitalshadows.com/blog-and-research/honker-union-has-the-grandfather-of-chinese-hacktivism-returned/

Weekly: A History of Ransomware, deBridge Hack Details, Advice for Multiple Ransomware Attacks

Thu, 11 Aug 2022 17:36:16 -0400

ShadowTalk host Chris alongside Stefano bring you the latest in threat intelligence. This week they cover: - History of ransomware- Details of the deBridge hack- Thoughts and recommendations for organizations targeted multiple timesGet this week’s intelligence summary at: ***Resources from this week’s podcast***Tensions Between The PRC And Taiwan: What’s Happening?https://www.digitalshadows.com/blog-and-research/tensions-between-the-prc-and-taiwan-whats-happening/Meet DUMPS Forum: A Pro-Ukraine, Anti-Russia Cybercriminal Forumhttps://www.digitalshadows.com/blog-and-research/meet-dumps-forum-a-pro-ukraine-anti-russia-cybercriminal-forum/

Weekly: 911 Proxy Service Ends, ALPHV claims attack on pipeline and Recent news from Taiwan & China

Fri, 05 Aug 2022 10:57:15 -0400

ShadowTalk host Stefano alongside Chris bring you the latest in threat intelligence. This week they cover: - 911 proxy service ends protection for cybercriminals- ALPHV (aka BlackCat) ransomware claims attack on European gas pipeline- Cyber threat implications from recent news in Taiwan & China Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-05-aug***Resources from this week’s podcast***The Boy Who Cried Ransomware: The Trustworthiness Of Ransomware Groupshttps://www.digitalshadows.com/blog-and-research/the-boy-who-cried-ransomware-the-trustworthiness-of-ransomware-groups/ReliaQuest And Digital Shadows – The Next Stage Of The Journeyhttps://www.digitalshadows.com/blog-and-research/reliaquest-and-digital-shadows-the-next-stage-of-the-journey/

Weekly: Entrust Ransomware Attack, Coinbase Insider-Trading Case and Redeemer Ransomware Builder

Fri, 29 Jul 2022 09:11:08 -0400

ShadowTalk host Nicole alongside Ivan and CISO Rick Holland bring you the latest in threat intelligence. This week they cover: - Entrust suffered a ransomware attack- Ex-Coinbase manager charged in first crypto insider-trading case- Redeemer ransomware builderGet this week’s intelligence summary at: ***Resources from this week’s podcast***Holy Ghost’s Bargain Basement Approach To Ransomwarehttps://www.digitalshadows.com/blog-and-research/holy-ghosts-bargain-basement-approach-to-ransomware/July edition of What we are reading this monthhttps://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-july-2022/How To Paint Your Best Cyber Threat Landscape: My Three Top Tips From ENISA’s Methodology Reporthttps://www.digitalshadows.com/blog-and-research/how-to-paint-your-best-cyber-threat-landscape-my-three-top-tips-from-enisas-methodology-report/

Weekly: North Korea Makes Comeback with Ransomware, How Malware is Distributed, Russia Fines Google

Fri, 22 Jul 2022 13:26:29 -0400

ShadowTalk host Stefano alongside Chris and Dani bring you the latest in threat intelligence. This week they cover:* HolyGhost6 ransomware operation linked with North Korea* Explanation on how malware is created and distributed* Russia fines Google for failing to delete YouTube videos ***Resources from this week’s podcast***Q2 2022 Vulnerability Rounduphttps://www.digitalshadows.com/blog-and-research/q2-2022-vulnerability-roundup/Breach Forums – When Student Becomes The Teacherhttps://www.digitalshadows.com/blog-and-research/breach-forums-when-student-becomes-the-teacher/How To Paint Your Best Cyber Threat Landscape: My Three Top Tips From ENISA’s Methodology Reporthttps://www.digitalshadows.com/blog-and-research/how-to-paint-your-best-cyber-threat-landscape-my-three-top-tips-from-enisas-methodology-report/Microsoft links Holy Ghost ransomware operation to North Korean hackershttps://www.bleepingcomputer.com/news/security/microsoft-links-holy-ghost-ransomware-operation-to-north-korean-hackers/Russia fines Google $358 million for not removing banned infohttps://www.bleepingcomputer.com/news/security/russia-fines-google-358-million-for-not-removing-banned-info/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Microsoft Patch Tuesday, Russia Targeted, Hive Ransomware Upgrade, TrickBot Attacks Ukraine

Fri, 15 Jul 2022 14:08:16 -0400

ShadowTalk host Chris alongside Nicole, Ivan, and Rick bring you the latest in threat intelligence. This week they cover:* Microsoft Patch Tuesday* Chinese cyber espionage groups target Russia* Hive ransomware group takes LockBit information to upgrade to Rust* IBM Security X-Force finds evidence on TrickBot attacking Ukraine***Resources from this week’s podcast***Ransomware in Q2 2022: Ransomware is Back in Businesshttps://www.digitalshadows.com/blog-and-research/ransomware-in-q2-2022-ransomware-is-back-in-business/Offensive Nation-State Cyber Threats: Who Takes The Top Spot?https://www.digitalshadows.com/blog-and-research/offensive-nation-state-cyber-threats-who-takes-the-top-spot/Chinese Cyber Espionage Groups Increasingly Targeting Russiahttps://www.infosecurity-magazine.com/news/chinese-cyber-espionage-russia/Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Methodhttps://thehackernews.com/2022/07/hive-ransomware-upgrades-to-rust-for.htmlUnprecedented Shift: The Trickbot Group is Systematically Attacking Ukrainehttps://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine/Conti ransomware gang takes over TrickBot malware operationhttps://www.bleepingcomputer.com/news/security/conti-ransomware-gang-takes-over-trickbot-malware-operation/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Chinese Data Leaked, Crypto Scam Targets British Army, Bug Bounty Reports Insider Threat

Fri, 08 Jul 2022 14:11:02 -0400

ShadowTalk host Stefano alongside Dani bring you the latest in threat intelligence. This week they cover:* Roughly 1 billion Chinese citizens' data breached* British Army's Youtube and Twitter accounts hacked and used to promote cryptocurrency scams* HackerOne employee steals bug reports to sell ***Resources from this week’s podcast***What We’re Reading This Month: June 2022https://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-june-2022/Hacker claims to have stolen 1 bln records of Chinese citizens from policehttps://www.reuters.com/world/china/hacker-claims-have-stolen-1-bln-records-chinese-citizens-police-2022-07-04/British Army’s YouTube and Twitter accounts were hacked to promote crypto scamshttps://www.theverge.com/2022/7/3/23193668/british-army-youtube-twitter-accounts-hacked-promote-crypto-scam-fraudRogue HackerOne employee steals bug reports to sell on the sidehttps://www.bleepingcomputer.com/news/security/rogue-hackerone-employee-steals-bug-reports-to-sell-on-the-side/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Cyber Threat Intelligence Aids Ukraine, Conti Stops Data Leak, LockBit's New Bounty Program

Fri, 01 Jul 2022 14:26:37 -0400

ShadowTalk host Chris alongside Stefano and Kim bring you the latest in threat intelligence. This week they cover:* Recent advances in cyber threat intelligence and end-point protection have helped Ukraine* Conti finally shuts down data leak and negotiates with victims* LockBit debuts ransomware bug bounty program***Resources from this week’s podcast***Market Differentiation: Cybercriminal Forums’ Unusual Features Designed To Attract Usershttps://www.digitalshadows.com/blog-and-research/market-differentiation-cybercriminal-forums-unusual-features-designed-to-attract-users/NATO Leaders Are Meeting At The Madrid Summit 2022: What Is Going To Happen?https://www.digitalshadows.com/blog-and-research/nato-leaders-are-meeting-at-the-madrid-summit-2022-what-is-going-to-happen/Defending Ukraine: Early Lessons from the Cyber Warhttps://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/Conti ransomware finally shuts down data leak, negotiation siteshttps://www.bleepingcomputer.com/news/security/conti-ransomware-finally-shuts-down-data-leak-negotiation-sites/LockBit 3.0 Debuts With Ransomware Bug Bounty Programhttps://www.darkreading.com/threat-intelligence/lockbit-3-debut-bug-bounty-programSubscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: AlphV Publishes Victims' Data, 'BidenCash' Website Sells Credit Card Info, ATO Paper

Fri, 24 Jun 2022 14:59:40 -0400

ShadowTalk host Chris alongside Stefano and Kim bring you the latest in threat intelligence. This week they cover:* AlphV breaching victims' data in open source* 'BidenCash' website sells your credit card information for only 15 cents* Account Takeover paper***Resources from this week’s podcast***POLONIUM: Proxy Warfare And Iran’s Cyber Strategyhttps://www.digitalshadows.com/blog-and-research/polonium-proxy-warfare-and-irans-cyber-strategy/Vulnerability Intelligence Roundup: Leveraging The OODA Loop For Vulnerability Managementhttps://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-roundup-leveraging-the-ooda-loop-for-vulnerability-management/Credential Stuffing: What Is It, Are You At Risk?https://www.digitalshadows.com/blog-and-research/credential-stuffing-what-is-it-are-you-at-risk/ALPHV/BlackCat ransomware gang starts publishing victims’ data on the clear webhttps://securityaffairs.co/wordpress/132339/malware/blackcat-ransomware-clear-web.htmlNew 'BidenCash' site sells your stolen credit card for just 15 centshttps://www.bleepingcomputer.com/news/security/new-bidencash-site-sells-your-stolen-credit-card-for-just-15-cents/The Anatomy of a Cyberattackhttps://www.wsj.com/articles/anatomy-cyberattack-11654543046Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Follina Zero Day, Conti Shuts Down Affiliate Program, LockBit vs Mandiant Discussion

Fri, 17 Jun 2022 12:48:45 -0400

ShadowTalk host Stefano alongside Ivan, Nicole, and Rick bring you the latest in threat intelligence. This week they cover:* Cybersecurity researchers disclosed a new Windows zero-day vulnerability* Conti shuts down affiliate program* Cybercriminals discuss LockBit vs Mandiant***Resources from this week’s podcast***Weak Credentials Are Fueling A New Generation Of Cyber Threatshttps://www.digitalshadows.com/blog-and-research/weak-credentials-are-fueling-a-new-generation-of-cyber-threats/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: LockBit PR Stunt Against Mandiant and Bohrium Targeted Users Via Spear-Phishing Operations

Fri, 10 Jun 2022 11:33:09 -0400

ShadowTalk host Stefano alongside Xue, and Kim bring you the latest in threat intelligence. This week they cover:- LockBit x Mandiant PR stunt- Bohrium targets victims in various geographiesGet this week’s intelligence summary at:https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10-jun/***Resources from this week’s podcast*** Killnet: The Hactivist Group That Started A Global Cyber War:https://www.digitalshadows.com/blog-and-research/killnet-the-hactivist-group-that-started-a-global-cyber-war/-Ransomware Gangs and PR Stunts: Why LockBit Faked a Ransomware Attack Against Mandianthttps://www.digitalshadows.com/blog-and-research/ransomware-gangs-and-pr-stunts-why-lockbit-faked-a-ransomware-attack-against-mandiant/

Special: Geoff White and the Lazarus Heist

Tue, 31 May 2022 13:38:16 -0400

ShadowTalk host Chris alongside Nicole and special guest Geoff White cover the cybercrime group Lazarus and their impact in cyber security.In this special episode, they discuss:* Geoff's new book 'The Lazarus Heist'* An overview of the Lazarus Group* How North Korea created one of the most sophisticated cyber crime groups in the world**Resources from this special podcast**Find Geoff on Twitter: https://twitter.com/geoffwhite247Find Geoff on LinkedIn: https://www.linkedin.com/in/geoffwhite247/Pre-order Geoff's book 'The Lazarus Heist' now:https://www.penguin.co.uk/books/447/447163/the-lazarus-heist/9780241554258.htmlSubscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Special: David Thejl-Clayton Talks Rolling Your Own Verizon DBIR

Fri, 27 May 2022 09:36:21 -0400

Digital Shadows CISO Rick Holland hosts this edition of ShadowTalk. Rick is joined by repeat special guest David Thejl-Clayton, Senior Advisor in Cyber Defense at Combitech. They discuss:- Rick and David's thoughts on the 2022 DBIR report (Full disclosure, they are fanboys) - Research that shows how APT groups primarily go after known vulnerabilities and not 0days- David's experience helping customers create their custom version of the DBIR***Resources from this week’s podcast***Find David on Twitter: https://twitter.com/DCSecuritydkFind David on LinkedIn: https://www.linkedin.com/in/davidclayton454/2022 Data Breach Investigations Report: https://www.verizon.com/business/resources/reports/dbir/Vocabulary for Event Recording and Information Sharing (VERIS): http://veriscommunity.net/SANS CTI Summit - VERISIZE your way into CTI: https://www.youtube.com/watch?v=AwMC6INC5TESoftware Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats https://arxiv.org/abs/2205.07759VSec Community: https://vsec.dk/about/Checkout the “Roll your own DBIR” Templates on GitHub here: https://github.com/cvpl-fdca/rollyourown-DBIR

Weekly: Insider Threat Actor is Sentenced, Microsoft Patch Tuesday Mishap and NFT Scams

Fri, 20 May 2022 10:54:56 -0400

ShadowTalk host Chris alongside Ivan, and Nicole bring you the latest in threat intelligence. This week they cover: - Insider Threat Actor at Chinese real estate brokerage is sentenced to 7 years in prison- Microsoft Patch Tuesday mishap- NFT scamsGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-20-may-2022***Resources from this week’s podcast***: Vulnerability Intelligence Round-Up: The Good, The Bad and The Risky:https://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-round-up-the-good-the-bad-and-the-risky/ Mustang Panda: https://www.digitalshadows.com/blog-and-research/advanced-persistent-threat-group-feature-mustang-panda/ What we’re reading this month: https://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-may-2022/ Angry IT Admin Wipes Employers Databases Gets 7 Years in Prisonhttps://www.bleepingcomputer.com/news/security/angry-it-admin-wipes-employer-s-databases-gets-7-years-in-prison/Microsoft May Patch Tuesday Updates Cause Windows Ad Authentication Errorshttps://threatpost.com/microsofts-may-patch-tuesday-updates-cause-windows-ad-authentication-errors/179631/Fake Binance NFT Mystery Box Bots Steal Victims Crypto Walletshttps://www.bleepingcomputer.com/news/security/fake-binance-nft-mystery-box-bots-steal-victims-crypto-wallets/

Weekly: Costa Rica Declares State of Emergency, EU Accuses Russia of Attack, 5 Years Since WannaCry

Fri, 13 May 2022 14:20:38 -0400

ShadowTalk host Stefano alongside Kim bring you the latest in threat intelligence. This week they cover:* Costa Rica declares state of emergency because of Conti* The European Council formally attributes VIASAT attack to Russia* Five years since the WannaCry incident***Resources from this week’s podcast***Five Years After The WannaCry Dumpster Fire, Ransomware Remains A Global Threathttps://www.digitalshadows.com/blog-and-research/five-years-after-the-wannacry-dumpster-fire-ransomware-remains-a-global-threat/US offers $15 million reward for info on Conti ransomware ganghttps://www.bleepingcomputer.com/news/security/us-offers-15-million-reward-for-info-on-conti-ransomware-gang/Viasat shares details on KA-SAT satellite service cyberattackhttps://www.bleepingcomputer.com/news/security/viasat-shares-details-on-ka-sat-satellite-service-cyberattack/Satellite outage knocks out thousands of Enercon's wind turbineshttps://www.reuters.com/business/energy/satellite-outage-knocks-out-control-enercon-wind-turbines-2022-02-28/Viasat confirms satellite modems were wiped with AcidRain malwarehttps://www.bleepingcomputer.com/news/security/viasat-confirms-satellite-modems-were-wiped-with-acidrain-malware/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: The Return of REvil, China APT Activity, Russia-Ukraine RoundUp

Fri, 06 May 2022 13:40:24 -0400

ShadowTalk host Chris alongside Ivan and Nicole bring you the latest in threat intelligence. This week they cover:* REvil ransomware returns with new malware* Moshen Dragon targeting telecommunication service providers in Central Asia* Russian hackers utilize embassy emails to target governments***Resources from this week’s podcast***ALPHV: THE FIRST RUST-BASED RANSOMWAREhttps://www.digitalshadows.com/blog-and-research/alphv-the-first-rust-based-ransomware/Colonial Pipeline One Year Later: What’s Changed?https://www.digitalshadows.com/blog-and-research/colonial-pipeline-one-year-later-whats-changed/REvil ransomware returns: New malware sample confirms gang is backhttps://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/Chinese cyber-espionage group Moshen Dragon targets Asian telcoshttps://www.bleepingcomputer.com/news/security/chinese-cyber-espionage-group-moshen-dragon-targets-asian-telcos/Russian hackers compromise embassy emails to target governmentshttps://www.bleepingcomputer.com/news/security/russian-hackers-compromise-embassy-emails-to-target-governments/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: The Return of Lapsus$, 2 Months of Russia-Ukraine War

Fri, 29 Apr 2022 10:27:10 -0400

ShadowTalk host Stefano alongside Xue, Kim, & Rory bring you the latest in threat intelligence. This week they cover:* Cybercrime group Lapsus$ is back* Cyber activity in the Russia-Ukraine war so far***Resources from this week’s podcast***The Russia – Ukraine War: Two Months Inhttps://www.digitalshadows.com/blog-and-research/the-russia-ukraine-war-two-months-in/Opportunity In The Midst Of Chaos: Russian-Speaking Cybercriminals Grapple With Sanctions And Forum Takedownshttps://www.digitalshadows.com/blog-and-research/russian-speaking-cybercriminals-grapple-with-sanctions-and-forum-takedowns/Leaked Chats Show LAPSUS$ Stole T-Mobile Source Codehttps://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Connection Found Between Conti and Karakurt, ICS Networks Targeted, Lazarus Uses Crypto Apps

Fri, 22 Apr 2022 13:17:12 -0400

ShadowTalk host Chris alongside Ivan, Rick, and Nicole bring you the latest in threat intelligence. This week they cover:* Security researchers find connection between Conti and Karakurt* Chernovite’s Pipedream malware targets ICS networks* Lazarus hacking group is targeting organizations in the cryptocurrency and blockchain industries***Resources from this week’s podcast***The Power Of Data Analysis In Threat Intelligence – Part 2: Machine Learninghttps://www.digitalshadows.com/blog-and-research/the-power-of-data-analysis-in-threat-intelligence-part-2-machine-learning//What We’re Reading This Month: April 2022https://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-april-2022/The Role Of Non-Fungible Tokens (NFTs) In Facilitating Cybercrimehttps://www.digitalshadows.com/blog-and-research/the-role-of-non-fungible-tokens-in-facilitating-cybercrime/Karakurt revealed as data extortion arm of Conti cybercrime syndicatehttps://www.bleepingcomputer.com/news/security/karakurt-revealed-as-data-extortion-arm-of-conti-cybercrime-syndicate/Dragos estimates that Chernovite’s Pipedream malware targets ICS networkshttps://industrialcyber.co/threats-attacks/dragos-estimates-that-chernovites-pipedream-malware-targets-ics-networks/US warns of Lazarus hackers using malicious cryptocurrency appshttps://www.bleepingcomputer.com/news/security/us-warns-of-lazarus-hackers-using-malicious-cryptocurrency-apps/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Cybercriminal Forums Go Down & Cyber Activity in the Russia-Ukraine War Go Up

Thu, 14 Apr 2022 15:37:51 -0400

ShadowTalk host Stefano alongside Rory bring you the latest in threat intelligence. This week they cover:* 'RaidForums' has been shut down and seized* SandWorm targets electrical substations in Ukraine* The resurgence of hacktivism in the Russia-Ukraine conflict***Resources from this week’s podcast***Q1 2022 Vulnerability Rounduphttps://www.digitalshadows.com/blog-and-research/q1-2022-vulnerability-roundup/Q1 2022 Ransomware Rounduphttps://www.digitalshadows.com/blog-and-research/q1-2022-ransomware-roundup/One of the world’s biggest hacker forums taken downhttps://www.europol.europa.eu/media-press/newsroom/news/one-of-world%E2%80%99s-biggest-hacker-forums-taken-downSubscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Spring4Shell, Borat RAT, FIN7 Evolves Toolset

Fri, 08 Apr 2022 11:03:18 -0400

ShadowTalk host Chris alongside Ivan and Austin bring you the latest in threat intelligence. This week they cover:* Spring4Shell: The Internet security disaster that wasn’t* New Borat remote access malware is no laughing matter* FIN7 hackers evolve toolset, work with multiple ransomware gangs***Resources from this week’s podcast***Intelligence Collection Plans: Preparation Breeds Successhttps://www.digitalshadows.com/blog-and-research/intelligence-collection-plans-preparation-breeds-success/Team A Vs Team B: What Is Motivating Lapsus$?https://www.digitalshadows.com/blog-and-research/team-a-vs-team-b-what-is-motivating-lapsus/Five Things We Learned From The Conti Chat Logshttps://www.digitalshadows.com/blog-and-research/five-things-we-learned-from-the-conti-chat-logs/Explaining Spring4Shell: The Internet security disaster that wasn’thttps://arstechnica.com/information-technology/2022/04/explaining-spring4shell-the-internet-security-disaster-that-wasnt/New Borat remote access malware is no laughing matterhttps://www.bleepingcomputer.com/news/security/new-borat-remote-access-malware-is-no-laughing-matter/FIN7 hackers evolve toolset, work with multiple ransomware gangshttps://www.bleepingcomputer.com/news/security/fin7-hackers-evolve-toolset-work-with-multiple-ransomware-gangs/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Special: Structured Analytical Techniques and Office Banter

Mon, 04 Apr 2022 12:06:33 -0400

ShadowTalk host Stefano alongside Chris and Rick bring you the latest on structured analytical techniques. This episode they cover: *Why they use SATs in their intel team*How they came up with the idea to analyze Lapsus$*How they chose Team A/Team B and how they prepared it*How the exercise performed*Future research direction***Resources from this special podcast***Meet Lapsus$: An Unusual Group In The Cyber Extortion Business https://www.digitalshadows.com/blog-and-research/meet-lapsus-an-unusual-group-in-the-cyber-extortion-business/The Okta Breach: What We Know So Farhttps://www.digitalshadows.com/blog-and-research/the-okta-breach-what-we-know-so-far/A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis https://www.stat.berkeley.edu/~aldous/157/Papers/Tradecraft%20Primer-apr09.pdfSubscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Especial: Desvendando o Grupo de Hackers Lapsus$

Mon, 04 Apr 2022 11:09:21 -0400

Bem-vindo ao Shadow Talk em Português! Neste episódio, Ivan, Matheus, e Daniel falam sobre:- A história do grupo Lapsus$ e como eles são diferentes- Conexões do Lapsus$ no Brasil- Reações de outros hackers sobre este grupo- Recomendações de como se proteger do Lapsus$***Recursos deste podcast***Meet Lapsus$: An Unusual Group In The Cyber Extortion Businesshttps://www.digitalshadows.com/blog-and-research/meet-lapsus-an-unusual-group-in-the-cyber-extortion-business/Weekly Intelligence Summary 25th Marhttps://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-25th-marAssine nosso e-mail de inteligência de ameaças:https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html

Weekly: Q1 Review Including Russia-Ukraine War, REvil Arrests, Emergence of Lapsus$ & More!

Fri, 01 Apr 2022 12:46:37 -0400

ShadowTalk host Stefano alongside Kim, Xue, and Rick bring you the latest in threat intelligence. This week they cover a recap of a highly dynamic quarter including:* Log4j complex mitigation and remediation* REvil arrests* Cybercrime and Russia-Ukraine War* Extortion and the emergence of Lapsus$***Resources from this week’s podcast***Log4j: What’s Happened Sincehttps://www.digitalshadows.com/blog-and-research/log4j-whats-happened-since/The Log4j Zero-Day: What We Know So Farhttps://www.digitalshadows.com/blog-and-research/the-log4j-zero-day-what-we-know-so-far/Meet Lapsus$: An Unusual Group In The Cyber Extortion Businesshttps://www.digitalshadows.com/blog-and-research/meet-lapsus-an-unusual-group-in-the-cyber-extortion-business/How Cybercriminals Are Using Messaging Platformshttps://www.digitalshadows.com/blog-and-research/how-cybercriminals-are-using-messaging-platforms/Ransomware Q4 Overviewhttps://www.digitalshadows.com/blog-and-research/ransomware-q4-overview/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Especial: Lapsus$, Sus Ataques, y La Brecha de Okta

Thu, 31 Mar 2022 12:53:18 -0400

Bienvenido a ShadowTalk en Español! En este episodio, Stefano y Dani van a discutir:* Lapsus$: Un grupo inusual en el negocio de la extorsión cibernética* Cómo Lapsus$ conducen sus ataques* Ataques de alto perfil y la brecha de Okta*** Si hoy has escuchado algo que te resulte curioso, no olvides consultar el contenido disponible en la sección de archivos adjuntos más abajo ***Los blogs de Digital Shadows en Lapsus$:Meet Lapsus$: An Unusual Group In The Cyber Extortion Businesshttps://www.digitalshadows.com/blog-and-research/meet-lapsus-an-unusual-group-in-the-cyber-extortion-business/The Okta Breach: What We Know So Farhttps://www.digitalshadows.com/blog-and-research/the-okta-breach-what-we-know-so-far/Come siempre, si teneis algún comentario sobre este episodio o si queréis saber mas de algún tema, escribenos a shadowtalk@digitalshadows.com y estaremos muy felices para tomar sus preguntas!

Weekly: Lapsus$ Targets Large Companies, Russia/Ukraine Ongoing War, TransUnion Data Breach

Fri, 25 Mar 2022 11:25:16 -0400

ShadowTalk host Chris alongside Kim, Ivan, and Rick bring you the latest in threat intelligence. This week they cover:* Lapsus$ threat group targets several large companies* Russia/Ukraine war shows no sign of slowing down* TransUnion unveils enhanced data breach***Resources from this week’s podcast***Vulnerability Intelligence Round-Up: Russia-Ukraine Warhttps://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-round-up-russia-ukraine-war/The Okta Breach: What We Know So Farhttps://www.digitalshadows.com/blog-and-research/the-okta-breach-what-we-know-so-far/Russia’s Second Front: The War On Informationhttps://www.digitalshadows.com/blog-and-research/russias-second-front-the-war-on-information/Okta hack puts thousands of businesses on high alerthttps://www.theverge.com/2022/3/22/22990637/okta-breach-single-sign-on-lapsus-hacker-group?utm_campaign=theverge&utm_content=chorus&utm_medium=social&utm_source=twitterStatement by President Biden on our Nation’s Cybersecurityhttps://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/TransUnion Unveils Enhanced Data Breach Support Service in the UKhttps://newsroom.transunion.co.uk/transunion-unveils-enhanced-data-breach-support-service-in-the-uk/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Special: Russia-Ukraine War Update 22 March 2022

Tue, 22 Mar 2022 13:54:03 -0400

ShadowTalk host Chris alongside Austin, Stefano, and Rick bring you the latest on the war between Russia and Ukraine. This episode they cover:* Putin and the Russian military forces * The cybersecurity realm in the midst of war* Continuation and timeline of the ongoing conflict ***Resources from this special podcast***Statement by President Biden on Our Nation's Cybersecurityhttps://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/News and Updates Related to the Russian Invasion of Ukrainehttps://resources.digitalshadows.com/russian-news-and-updatesDonate to the Ukraine crisis via Red Crosshttps://donate.redcross.org.uk/appeal/ukraine-crisis-appealDigital Forensic Research Labmedium.com/dfrlab

Weekly: New Malware "CaddyWiper", Crypto ATM, Russia to Use TLS Certificates

Fri, 18 Mar 2022 14:35:32 -0400

ShadowTalk host Stefano alongside Kim and Dani bring you the latest in threat intelligence. This week they cover:* New Malware against Ukrainian targets: CaddyWiper* Crypto ATM and cybercriminals' reactions* Russia to start using homegrown TLS certificates***Resources from this week’s podcast***Meet Lapsus$: An Unusual Group In The Cyber Extortion Businesshttps://www.digitalshadows.com/blog-and-research/meet-lapsus-an-unusual-group-in-the-cyber-extortion-business/The Russia-Ukraine War And The Revival Of Hacktivismhttps://www.digitalshadows.com/blog-and-research/the-russia-ukraine-war-and-the-revival-of-hacktivism/Biden’s Executive Order On Crypto: What You Need To Knowhttps://www.digitalshadows.com/blog-and-research/bidens-executive-order-on-crypto-what-you-need-to-know/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Linux Vulnerability "Dirty Pipe", 2022 Ransomware Landscape So Far, Coinbase Blocks Russia

Fri, 11 Mar 2022 13:46:45 -0500

ShadowTalk host Chris alongside Ivan and Austin bring you the latest in threat intelligence. This week they cover:* New Linux Vulnerability "Dirty Pipe"* Ransomware Landscape in 2022 So Far* Coinbase Blocks More than 25,000 Addresses Linked to Russia***Resources from this week’s podcast***Exploring SIM Swapping Services On Cybercriminal Forumshttps://www.digitalshadows.com/blog-and-research/exploring-sim-swapping-services-on-cybercriminal-forums/Can Cryptocurrency Be Used To Bypass The Impact Of Sanctions Being Applied Against Russia?https://www.digitalshadows.com/blog-and-research/can-cryptocurrency-be-used-to-bypass-the-impact-of-sanctions-being-applied-against-russia/New Linux bug gives root on all major distros, exploit releasedhttps://www.bleepingcomputer.com/news/security/new-linux-bug-gives-root-on-all-major-distros-exploit-released/FBI: Ragnar Locker ransomware breached 52 US critical infrastructure orgshttps://www.itpro.co.uk/security/ransomware/365375/fbi-ragnar-locker-ransomware-us-critical-infrastructureCoinbase blocks over 25,000 Russian-linked crypto addresseshttps://www.bleepingcomputer.com/news/security/coinbase-blocks-over-25-000-russian-linked-crypto-addresses/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Special: Russia-Ukraine War Update 07 March 2022

Mon, 07 Mar 2022 12:25:32 -0500

ShadowTalk host Chris alongside Stefano and Rory bring you the latest on the escalating tension between Russia and Ukraine. This episode they cover:* IDNS rejects Ukraine's request to block Russian Internet content* Anonymous claimed to have hacked Russian channels to broadcast footage from Ukraine***Resources from this special podcast***News and Updates Related to the Russian Invasion of Ukrainehttps://resources.digitalshadows.com/russian-news-and-updatesDonate to the Ukraine crisis via Red Crosshttps://donate.redcross.org.uk/appeal/ukraine-crisis-appealDigital Forensic Research Labmedium.com/dfrlab

Especial: Rusia y Ucrania Guerra, SWIFT, y Consejos de Mitigación y Reducción del Riesgo

Fri, 04 Mar 2022 13:01:44 -0500

Bienvenido a ShadowTalk en Español! En este episodio, Stefano y Dani van a discutir:* Rusia y Ucrania crisis* Las reacciones de los cibercriminales a estos eventos* La Sociedad para las Comunicaciones Interbancarias y Financieras Mundiales (SWIFT)* Consejos de mitigación y reducción del riesgoCome siempre, si teneis algún comentario sobre este episodio o si queréis saber mas de algún tema, escribenos a shadowtalk@digitalshadows.com y estaremos muy felices para tomar sus preguntas!

Weekly: Conti Leaks, Reactions from Cybercriminals, & Priority Intelligence Requirements

Thu, 03 Mar 2022 13:19:00 -0500

ShadowTalk host Stefano alongside Kim and Xue bring you the latest in threat intelligence. This week they cover:* Conti Leaks* Reactions from Cybercriminals* Priority Intelligence Requirements***Resources from this week’s podcast***Russian Cyber Threats: Practical Advice For Security Leadershttps://www.digitalshadows.com/blog-and-research/russian-cyber-threats-practical-advice-for-security-leaders/Cybercriminals React To Ukraine-Russia Conflicthttps://www.digitalshadows.com/blog-and-research/cybercriminals-react-to-ukraine-russia-conflict/Intelligence Requirements: Planning Your Cyber Response To The Russia-Ukraine Warhttps://www.digitalshadows.com/blog-and-research/planning-your-cyber-response-to-the-russia-ukraine-war/ Conti Ransomware Group Diaries, Part I: Evasionhttps://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Special: Russia-Ukraine War Update 02 March 2022

Thu, 03 Mar 2022 10:30:19 -0500

ShadowTalk host Chris alongside Stefano, Rory, and Rick bring you the latest on the escalating tension between Russia and Ukraine. This episode they cover:* Recent cyber developments* Malware targeting Ukrainian organizations* New sanctions against Russia***Resources from this special podcast***Donate to the Ukraine crisis via Red Crosshttps://donate.redcross.org.uk/appeal/ukraine-crisis-appealDigital Forensic Research Labmedium.com/dfrlabPhoton BriefingSHAPING YOUR RESPONSE TO THE RUSSIA - UKRAINE WAR SESSION DETAILS: 03 Mar 2022Session 1: 12pm GMT | Session 2: 8:30am PThttps://info.digitalshadows.com/PhotonIntelBriefing-RussiaUkraine.html

Special: Russia and Ukraine - What We Know So Far - 28 February 2022

Mon, 28 Feb 2022 11:28:45 -0500

ShadowTalk host Chris alongside Stefano, Rory, and Rick bring you the latest on the escalating tension between Russia and Ukraine. This episode they cover:* Continuing attacks between Russia and Ukraine* New sanctions against Russian banks* Cybercriminal developments * Nuclear forces on high alert/peace talks***Resources from this special podcast***Donate to the Ukraine crisis via Red Crosshttps://donate.redcross.org.uk/appeal/ukraine-crisis-appealDigital Forensic Research Labhttps://medium.com/dfrlabWar via TikTok: Russia's new tool for propaganda machinehttps://apnews.com/article/russia-ukraine-technology-europe-media-nationalism-2186dbc533560cb666f59655ecf1ee8e

Weekly: Russian Offensive Cyber-Team, Conti-Trickbot, OpenSea NFT Breach, & More!

Fri, 25 Feb 2022 12:54:28 -0500

ShadowTalk host Chris alongside Ivan, Austin, and Rick bring you the latest in threat intelligence. This week they cover:* Russian Offensive Cyber-Team* Conti-Trickbot* OpenSea NFT Breach***Resources from this week’s podcast***Russia Invades Ukraine: What Happens Next?https://www.digitalshadows.com/blog-and-research/russia-invades-ukraine-what-happens-next/Recruitment Fraud In 2022https://www.digitalshadows.com/blog-and-research/recruitment-fraud-in-2022/Of Death And Taxes: File Early To Beat The Scammershttps://www.digitalshadows.com/blog-and-research/of-death-and-taxes-file-early-to-beat-the-scammers/Russia unleashed data-wiper malware on Ukraine, say cyber expertshttps://www.theguardian.com/world/2022/feb/24/russia-unleashed-data-wiper-virus-on-ukraine-say-cyber-expertsConti ransomware gang takes over TrickBot malware operationhttps://www.bleepingcomputer.com/news/security/conti-ransomware-gang-takes-over-trickbot-malware-operation/OpenSea users lose $2 million worth of NFTs in phishing attackhttps://www.bleepingcomputer.com/news/security/opensea-users-lose-2-million-worth-of-nfts-in-phishing-attack/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Special: Russia and Ukraine Conflict

Wed, 23 Feb 2022 13:51:07 -0500

ShadowTalk host Chris alongside Stefano, Rory, and Austin bring you the latest on the escalating tension between Russia and Ukraine. This episode they cover:* The current situation between Russia and Ukraine* Reasons for Russia’s invasions* International reactions to the escalation* Future projections and likely cybersecurity outcomes

Weekly: US DoJ Indictment, Grey Hat & ETH's Bounty, Crypto Ads

Fri, 18 Feb 2022 16:10:21 -0500

ShadowTalk host Stefano alongside Saul, Rory, and Dylan bring you the latest in threat intelligence. This week they cover:* US DoJ Indictment Against Weird-Acting BTC Laundering Couple* Grey Hat and ETH's Phat Bug Bounty* Crypto Superbowl Ads***Resources from this week’s podcast***Automate Alert Investigation And Response With XSOAR And SearchLighthttps://www.digitalshadows.com/blog-and-research/automate-alert-investigation-and-response-with-xsoar-and-searchlight/Initial Access Brokers In 2021: An Ever Expanding Threathttps://www.digitalshadows.com/blog-and-research/initial-access-brokers-in-2021-an-ever-expanding-threat/“No Cards = No Work = No Money”: Russian Law Enforcement’s Assault On Carding Platformshttps://www.digitalshadows.com/blog-and-research/russian-law-enforcements-assault-on-carding-platforms/Two Arrested for Alleged Conspiracy to Launder $4.5 Billion in Stolen Cryptocurrencyhttps://www.justice.gov/opa/pr/two-arrested-alleged-conspiracy-launder-45-billion-stolen-cryptocurrencyDeFi Takes on Bigger Role in Money Laundering But Small Group of Centralized Services Still Dominatehttps://blog.chainalysis.com/reports/2022-crypto-crime-report-preview-cryptocurrency-money-laundering/Hacker could’ve printed unlimited ‘Ether’ but chose $2M bug bounty insteadhttps://protos.com/ether-hacker-optimism-ethereum-layer2-scaling-bug-bounty/Coinbase’s bouncing QR code Super Bowl ad was so popular it crashed the apphttps://www.theverge.com/2022/2/13/22932397/coinbases-qr-code-super-bowl-ad-app-crashSubscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Microsoft to Enable Macros in Office, Russia Arrests Hacking Group, Valentine's Day Concerns

Fri, 11 Feb 2022 16:34:57 -0500

ShadowTalk host Chris alongside Ivan and Austin bring you the latest in threat intelligence. This week they cover:* Microsoft Announces Plans to Enable Macros in Office Applications* Russia Arrests Six People Linking to Hacking Group* Things To Be Aware of This Valentine's Day ***Resources from this week’s podcast***Valentine's Day: Share Your Love, Not Your Credentialshttps://www.digitalshadows.com/blog-and-research/valentines-day-share-your-love-not-your-credentials/Growing Tension Between Russia And Ukraine: Should You Be Concerned?https://www.digitalshadows.com/blog-and-research/growing-tension-between-russia-and-ukraine/CVEs You Might Have Missed While Log4j Stole The Headlineshttps://www.digitalshadows.com/blog-and-research/cves-you-might-have-missed-whilst-log4j-stole-the-headlines/Microsoft plans to kill malware delivery via Office macroshttps://www.bleepingcomputer.com/news/microsoft/microsoft-plans-to-kill-malware-delivery-via-office-macros/Russia arrests third hacking group, seizes carding forumshttps://www.bleepingcomputer.com/news/security/russia-arrests-third-hacking-group-seizes-carding-forums/FBI Warns of Romance Scams Ahead of Valentine’s Dayhttps://www.fbi.gov/contact-us/field-offices/columbia/news/press-releases/fbi-warns-of-romance-scams-ahead-of-valentines-dayWest Mercia Police issue romance fraud warning to online daters in the run up to Valentine's Dayhttps://worcesterobserver.co.uk/news/west-mercia-police-issue-romance-fraud-warning-to-online-daters-in-the-run-up-to-valentines-day-35613/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Cyber Operations As Part of Hybrid Warfare in Russia-Ukraine Context

Fri, 04 Feb 2022 14:11:15 -0500

ShadowTalk host Stefano alongside Saul and Rory bring you the latest in threat intelligence. This week they cover:*Cyber Operations as part of Hybrid Warfare in the Russia-Ukraine context***Resources from this week’s podcast***Beijing 2022: Why You Should Or Shouldn’t Care About The Winter Olympicshttps://www.digitalshadows.com/blog-and-research/beijing-2022-why-you-should-or-shouldnt-care-about-the-winter-olympics/What We’re Reading This Month – January 2022https://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-january-2022/Vulnerability Intelligence: Introducing SearchLight’s Newest Capabilityhttps://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-introducing-searchlights-newest-capability/Destructive malware targeting Ukrainian organizationshttps://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/Putin Says the U.S. Wants to Push Russia into Warhttps://www.nytimes.com/live/2022/02/01/world/russia-ukraine-news#putin-accuses-the-united-states-of-trying-to-goad-russia-into-starting-a-conflict-in-ukraineLessons Learned From Successive Use of Offensive Cyber Operations Against Ukraine and What May Be Nexthttps://www.crowdstrike.com/blog/lessons-from-past-cyber-operations-against-ukraine/Proactive Preparation and Hardening to Protect Against Destructive Attackshttps://www.mandiant.com/resources/protect-against-destructive-attacksSubscribe to our threat intelligence email: info.digitalshadows.com/SubscribetoEm…cast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Malicious QR Codes, Ransomware Insider Attacks, Russia/Ukraine Conflict Escalates

Fri, 28 Jan 2022 12:19:16 -0500

ShadowTalk host Chris alongside Austin and Ivan bring you the latest in threat intelligence. This week they cover:* Maliciously crafted Quick Response (QR) Codes* Ransomware Insider Attacks* Growing Russia/Ukraine Conflict***Resources from this week’s podcast***Life In Prison: The Cybercriminal Perspectivehttps://www.digitalshadows.com/blog-and-research/life-in-prison-the-cybercriminal-perspective/Vulnerability Intelligence: A Best Practice Guidehttps://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-a-best-practice-guide/FBI warns of malicious QR codes used to steal your moneyhttps://www.bleepingcomputer.com/news/security/fbi-warns-of-malicious-qr-codes-used-to-steal-your-money/Ransomware gangs increase efforts to enlist insiders for attackshttps://www.bleepingcomputer.com/news/security/ransomware-gangs-increase-efforts-to-enlist-insiders-for-attacks/Belarusian hacktivist group attacks Belarusian Railways as military frictions mounthttps://www.cyberscoop.com/cyber-partisans-belarus-russia-ukraine/Subscribe to our threat intelligence email: info.digitalshadows.com/SubscribetoEm…cast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Attacks Against Ukrainian Websites, REvil Arrests, and Microsoft Wiper

Fri, 21 Jan 2022 12:32:06 -0500

ShadowTalk host Stefano alongside Kimberley, Dani, Rory, and Xueyin bring you the latest in threat intelligence. This week they cover:* Defacement attack against Ukrainian government websites* REvil arrests* Microsoft Wiper***Resources from this week’s podcast***Navigating The Threat Intelligence Market In 2022https://www.digitalshadows.com/blog-and-research/navigating-the-threat-intelligence-market-in-2022/Ransomware Q4 Overviewhttps://www.digitalshadows.com/blog-and-research/ransomware-q4-overview/More than 70 Ukrainian government websites have been defaced in cyberattackshttps://www.npr.org/2022/01/19/1074172805/more-than-70-ukrainian-government-websites-have-been-defaced-in-cyber-attacks#:~:text=About%2070%20Ukrainian%20government%20websites,system%20for%20all%20those%20websites.Russia arrests 14 alleged members of REvil ransomware gang, including hacker U.S. says conducted Colonial Pipeline attackhttps://www.washingtonpost.com/world/2022/01/14/russia-hacker-revil/Destructive malware targeting Ukrainian organizationshttps://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/Subscribe to our threat intelligence email: info.digitalshadows.com/SubscribetoEm…cast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: H2 Database Vulnerability, DDoS Extortion, and Alternate ransomware techniques

Fri, 14 Jan 2022 14:48:55 -0500

ShadowTalk host Chris alongside Ivan and Austin bring you the latest in threat intelligence. This week they cover: * A Critical H2 Database Vulnerability* DDoS Extortion* Alternate ransomware techniques***Resources from this week’s podcast***Cyber Threats to the Education Systemhttps://www.digitalshadows.com/blog-and-research/cyber-threats-to-education/How Do Ransomware Groups Launder Paymentshttps://www.digitalshadows.com/blog-and-research/how-do-ransomware-groups-launder-payments/JFrog researchers find JNDI vulnerability in H2 database consoles similar to Log4Shellhttps://www.zdnet.com/article/jfrog-researchers-find-jndi-vulnerability-in-h2-database-consoles-similar-to-log4shell/ Extortion DDoS attacks grow stronger and more commonhttps://www.bleepingcomputer.com/news/security/extortion-ddos-attacks-grow-stronger-and-more-commonFBI: Hackers use BadUSB to target defense firms with ransomwarehttps://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Especial: Servicios financieros, ransomware, y ciberdelincuencia

Fri, 07 Jan 2022 13:35:44 -0500

Bienvenido a ShadowTalk en Español! En este episodio, Stefano y Dani van a discutir: Amenazas a los servicios financierosLas tres áreas de riesgo El desarrollo del ransomware El desarollo de la ciberdelincuencia Come siempre, si teneis algún comentario sobre este episodio o si queréis saber mas de algún tema, escribenos a shadowtalk@digitalshadows.com y estaremos muy felices para tomar sus preguntas!

Weekly: Closing out 2021 with Log4j Updates, Karakurt News, and a Cybercriminal Arrest

Fri, 17 Dec 2021 12:13:14 -0500

ShadowTalk host Chris is joined by both the US and UK teams for the last podcast episode of 2021. This episode they cover: * The Log4j vulnerability and what has happened since its discovery* The Karakurt extortion group is making headlines* An individual considered the most prolific cybercriminal to date has been arrestedCheck out the latest Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-17th-dec Don’t forget to sign up for Nifty Gifty 2021 for a chance to win 15 daily prizes (we’re giving away a Microsoft Surface Pro on Dec. 17!). Don’t miss out, register now: https://lp.auvik.com/nifty-gifty/?utm_campaign=L-O-PTNR-U-All-NG2021_DigitalShadows&utm_source=DigitalShadows***Resources from this week’s podcast***Cone of Plausibility: Forecasting Ransomware Scenarios in 2022https://www.digitalshadows.com/blog-and-research/forecasting-ransomware-scenarios-in-2022/Log4j: What’s Happened Sincehttps://www.digitalshadows.com/blog-and-research/log4j-whats-happened-since/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Special: Log4j Zero-day Vulnerability

Mon, 13 Dec 2021 12:11:12 -0500

ShadowTalk host Sean alongside Rick, Chris and Rob bring you the latest on the recent Log4j Zero-day Vulnerability. This episode they cover: * The background of the vulnerability* What’s happening now* Long-tail strategic implications ***Resources from this week’s podcast***Curated List of Log4j IOCs https://github.com/curated-intel/Log4Shell-IOCsLog4j: What We Know So Farhttps://www.digitalshadows.com/blog-and-research/the-log4j-zero-day-what-we-know-so-far/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: NICKEL Targets LATAM and Europe, Quantum Computing, and UK Cyberattack

Fri, 10 Dec 2021 11:04:10 -0500

ShadowTalk host Stefano alongside Chris and Dani bring you the latest in threat intelligence. This episode they cover: * NICKEL’s campaign targets Latin America and Europe* What on earth is Quantum computing and why should we pay attention to it* A cyberattack has paralyzed a UK supermarket infrastructure; would you consider that critical infrastructure?Check out the latest Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10th-dec***Resources from this week’s podcast***2021: An APAC Cybersecurity Odysseyhttps://www.digitalshadows.com/blog-and-research/2021-an-apac-cyber-security-odyssey/ Latin American Financial Services and Cybercrimehttps://www.digitalshadows.com/blog-and-research/latin-american-financial-services-sunny-climes-and-cybercrimes/Outside the Perimeter: The New Digital Risk Landscapehttps://www.digitalshadows.com/blog-and-research/outside-the-perimeter-the-new-digital-risk-landscape/ ALSO: Don’t forget to sign up for Nifty Gifty 2021 for a chance to win 15 daily prizes (we’re giving away a Microsoft Surface Pro on Dec. 17!). Don’t miss out, register now: https://lp.auvik.com/nifty-gifty/?utm_campaign=L-O-PTNR-U-All-NG2021_DigitalShadows&utm_source=DigitalShadowsSubscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: IKEA Hack, Sabbath Ransomware Group, Proofpoint Rich Text Format and More!

Fri, 03 Dec 2021 09:30:27 -0500

ShadowTalk hosts Sean, Alec and Ivan, bring you the latest in threat intelligence. This week they cover: - The rise of Sabbath ransomware group - IKEA email hack- Proofpoint finds the Rich Text Format still delivers

Weekly: GoDaddy Breach, MosesStaff Political Attacks, and Conti Orchestrates Emotet Comeback

Fri, 26 Nov 2021 09:53:29 -0500

ShadowTalk host Chris alongside Rory, Dylan and Xue, bring you the latest in threat intelligence. This episode they cover: * Emotet botnet comeback orchestrated by Conti ransomware gang* GoDaddy Breach* MosesStaff conducting politically motivated attacksCheck out the latest Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-26th-nov***Resources from this week’s podcast***Black Friday: Is there a threat actor in. Your shopping cart?https://www.digitalshadows.com/blog-and-research/black-friday-is-there-a-threat-actor-in-your-shopping-cart/The Patching Nightmarehttps://www.digitalshadows.com/blog-and-research/the-patching-nightmare/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Exploit-as-a-Service, Emotet’s Return, and FBI Fake Email Campaign

Fri, 19 Nov 2021 10:53:21 -0500

ShadowTalk host Stefano alongside Saul, Kim and Xue, bring you the latest in threat intelligence. This episode they cover: * Vulnerability Intelligence: Exploit-as-a-Service* Emotet’s return* FBI fake emails campaign***Resources from this week’s podcast***NEW! Vulnerability Intelligence Reporthttps://resources.digitalshadows.com/whitepapers-and-reports/vulnerability-intelligence-do-you-know-where-your-flaws-are?utm_source=blog&utm_medium=website&utm_campaign=vulnerability-reportEmotet is Back Againhttps://www.digitalshadows.com/blog-and-research/emotet-is-back-again-what-does-it-mean/Vulnerability Intelligence: What’s the Word in Dark Web Forumshttps://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-whats-the-word-in-dark-web-forums/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Special: NCSAM Takeaways and Key Resources

Mon, 15 Nov 2021 10:35:43 -0500

ShadowTalk host Chris alongside Kim and Xue are covering the key takeaways from this year’s NCSAM and share several best-practice pieces released by the security experts at Digital Shadows throughout the month including: * Managing Your Digital Shadow* Phight the Phish * Putting Cybersecurity First***Resources from this week’s podcast***Managing Your Digital Shadow:https://www.digitalshadows.com/blog-and-research/cybersecurity-awareness-month-week-1-managing-your-digital-shadow/ Phight the Phish:https://www.digitalshadows.com/blog-and-research/week-2-ncsam-fight-the-phish/ Explore, Experience, Share: https://www.digitalshadows.com/blog-and-research/cybersecurity-awareness-month-week-3-explore-experience-share/ Putting Cybersecurity First: https://www.digitalshadows.com/blog-and-research/cybersecurity-awareness-month-cybersecurity-first/ ENISA 2021 Threat Landscape: Initial Thoughtshttps://www.digitalshadows.com/blog-and-research/enisa-2021-threat-landscape/IABs in Q3 2021: https://www.digitalshadows.com/blog-and-research/initial-access-brokers-in-q3-2021/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: Robinhood data leak, NSO in US Appeals Court and Iranian-linked hackers target ISPs

Fri, 12 Nov 2021 06:45:31 -0500

ShadowTalk host Sean alongside Austin and Ivan bring you the latest in threat intelligence. This week they cover:* NSO gets dunked on in US appeals court* Iranian-linked hackers go after ISPs and telcos across MENA * Robinhood leaks data for 7 million customers***Resources from this week’s podcast***What We’re Reading This Month: https://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-nov-2021/The dangers of fake blockchains: https://www.digitalshadows.com/blog-and-research/vulnerable-smart-contracts-and-fake-blockchains-what-investors-need-to-know/What is Vulnerability Intelligence?https://www.digitalshadows.com/blog-and-research/what-is-vulnerability-intelligence/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Weekly: NRA under the gun, Groove hoax, and Conti gulf apology

Fri, 05 Nov 2021 14:59:57 -0400

ShadowTalk host Sean alongside Ivan and Austin bring you the latest in threat intelligence. This week they cover:* Grief gets NRA under the gun * Is Groove a hoax?* Conti apologizes to the Gulf & FBI warns against inside data used to target victims***Resources from this week’s podcast***Splunk’s Threat Research Team delivers detections based on CISA’s top exploited vulns list: https://www.splunk.com/en_us/blog/security/cisa-s-known-exploited-vulnerabilities-catalog-and-splunk.html CISA bulletin: https://www.cisa.gov/known-exploited-vulnerabilities-catalog ENISA 2021 Threat Landscape blog: https://www.digitalshadows.com/blog-and-research/enisa-2021-threat-landscape/ Managing your external attack surface with Searchlight: https://www.digitalshadows.com/blog-and-research/managing-your-external-attack-surface-with-searchlight/ Q3 IAB blog: https://www.digitalshadows.com/blog-and-research/initial-access-brokers-in-q3-2021/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes.

Weekly: NOBELIUM is back, Ransomware Decryptors and Employers, and Spooky Halloween Tales

Fri, 29 Oct 2021 12:03:08 -0400

ShadowTalk host Stefano alongside Adam, Kim, Rory, and Dylan bring you the latest in threat intelligence. This week they cover:* NOBELIUM targets Global IT Supply Chain again* A tale of Ransomware Employers and Decryptors * Spooky Halloween tales * PLUS we say goodbye to one of the podcast favs ***Resources from this week’s podcast***NCASM: Cybersecurity First https://www.digitalshadows.com/blog-and-research/cybersecurity-awareness-month-cybersecurity-first/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes.

Weekly: REvil Rep Death, Ransomware Trends, and BlackMatter Advisory

Fri, 22 Oct 2021 11:16:56 -0400

Weekly: REvil Rep Death, Ransomware Trends, and BlackMatter Advisory ShadowTalk host Sean alongside Austin and Ivan bring you the latest in threat intelligence. This week they cover:* REvil rep death* Q3 Ransomware trends* BlackMatter CISA advisory***Resources from this week’s podcast***REvil Domain Hackedhttps://www.digitalshadows.com/blog-and-research/revil-domains-hijacked/ CISA Alertshttps://us-cert.cisa.gov/ncas/alerts/aa21-291a Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes.

Weekly: FIN12 targets healthcare, Google Phishing, and Pentagon Official Resigns

Fri, 15 Oct 2021 12:13:36 -0400

ShadowTalk host Stefano alongside Adam, Kim, and Chris bring you the latest in threat intelligence. This week they cover:* FIN12 targets healthcare sector and make extensive use of IAB* Google alerts 14,000 users about being targets of APT phishing campaign* APT41 use COVID-19 lures in latest phishing attacks* US Official resign over US-Chinese AI & cybersecurity differenceCheck out our latest Weekly Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-15th-oct***Resources from this week’s podcast***NCSAM Week 2: Fight the Phishhttps://www.digitalshadows.com/blog-and-research/week-2-ncsam-fight-the-phish/Strategic Treat Intelligence and You: What Does It All Mean?https://www.digitalshadows.com/blog-and-research/strategic-threat-intelligence-and-you-what-does-it-all-mean/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes.

Weekly: Twitch Hack, Facebook blackout, and Pandora Papers

Fri, 08 Oct 2021 12:04:37 -0400

ShadowTalk host Sean alongside Rick, Ivan, and Austin bring you the latest in threat intelligence. This week they cover:Twitch hacked! Facebook takes a day offRansomware roundup - revelations from REvil, LockBit, and Conti Pandora Papers releasedCheck out our latest Weekly Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-8th-oct***Resources from this week’s podcast***Kick off Cyber Security Awareness Month with our latest blog - Protecting Your Own Digital Shadowhttps://www.digitalshadows.com/blog-and-research/cybersecurity-awareness-month-week-1-managing-your-digital-shadow/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes.

Weekly: NOBELIUM Malware, BEC scheme, and EU Condemns Russian Cyberactivity

Fri, 01 Oct 2021 15:12:01 -0400

ShadowTalk host Adam alongside Kim, and Saul bring you the latest in threat intelligence. This week they cover:* Newly detected NOBELIUM malware creates persistent backdoor* Four individuals charged with wide-ranging BEC scheme* EU condemns Russian cyber activity ahead of electionsCheck out our latest Weekly Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-1st-oct***Resources from this week’s podcast***[Digital Shadows Blog]What We’re Reading This Month[Digital Shadows Blog]Tactical Threat Intelligence and YouSubscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes.

Weekly: FBI under fire, Microsoft goes passwordless, and RaidForums

Wed, 29 Sep 2021 12:18:45 -0400

ShadowTalk host Sean alongside Rick, Alec, and Ivan bring you the latest in threat intelligence. This week they cover:* FBI under fire about decryption keys * Microsoft goes passwordless* RaidForums left restricted area openhttps://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-24th-sept***Resources from this week’s podcast***[Digital Shadows Blog]Ukrainian-language Cybercriminal Markets: Do They Still Exist? https://www.digitalshadows.com/blog-and-research/ukrainian-language-cybercriminal-platforms/ [Digital Shadows Blog]Data Leakage Detection Best Practices: https://www.digitalshadows.com/blog-and-research/data-leakage-detection-best-practices/ [Digital Shadows Blog]Why CISOs Need to Understand IABs: https://www.digitalshadows.com/blog-and-research/why-cisos-and-executives-should-care-about-iabs/[Article]New Malware Attacking South American Organizations: https://thehackernews.com/2021/09/a-new-wave-of-malware-attack-targeting.html Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes.

Special: Dr. Tom Robinson - Threats to Crypto and Tracking Ransomware with Blockchain Analytics

Tue, 14 Sep 2021 20:00:00 -0400

ShadowTalk hosts Sean Nikkel and CISO, Rick Holland sit down with Dr. Tom Robinson, Chief Scientist and Co-Founder of Elliptic. They cover:* Dr. Robinson’s early days as a physicist before getting into the world of cybersecurity* Cyberthreats to Bitcoin and the Cryptocurrency landscape* Tracking Ransomware with Blockchain Analytics ***Resources from this week’s podcast***[Blog] Liquid Exchange Hack https://www.elliptic.co/blog/liquid-exchange-hacked-94-million-stolen[Blog] Cybercriminals Build Blockchain Analytics Toolhttps://www.elliptic.co/blog/cybercriminals-have-built-their-own-blockchain-analytics-tool [Blog] $600M In Cyrpto Stolenhttps://www.elliptic.co/blog/the-poly-network-hack-600-million-in-crypto-stolen-and-returned-in-24-hours [Webinar] Tracking Ransomware with Blockchain Analyticshttps://www.elliptic.co/webinars-events/tracking-ransomware-with-blockchain-analytics Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes. Be sure to follow Dr. Tom Robinson on Twitter @tomrobin!

Weekly: Mozi arrest, Fortinet credentials, and Splunk PowerShell Release

Fri, 10 Sep 2021 11:16:08 -0400

ShadowTalk hosts Sean, Rick, Ivan, and Austin bring you the latest in threat intelligence. This week they cover:* Mozi botnet operators arrested in China, >1.5M devices since 2019* Groove gang releases creds of comp’d Fortinet appliances, ~500k * Splunk releases new PowerShell analytics for threat hunters, includes support for SOAR responsesGet this week's Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10th-september***Resources from this week’s podcast***Microsoft Advisory https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 CISA Advisoryhttps://twitter.com/USCERT_gov/status/1435342618704191491 [Blog] Splunk’s PowerShell Analytics https://www.splunk.com/en_us/blog/security/powershell-detections-threat-research-release-august-2021.html [Digital Shadows Blogs]The Neverending Ransomware Storyhttps://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ Preventing Ransomwarehttps://www.digitalshadows.com/blog-and-research/preventing-ransomware-preventing-the-300-at-thermopylae/ Ransomware and Threat Intelhttps://www.digitalshadows.com/blog-and-research/protecting-against-ransomware-what-role-does-threat-intelligence-play/ What We’re Reading this Month https://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-august-2021/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes.

Weekly: ProxyToken and Lockfile, AlphaBay’s Comeback

Fri, 03 Sep 2021 13:41:15 -0400

ShadowTalk hosts Stefano, Chris, Kim, and Adam bring you the latest in threat intelligence. This week they cover:* The greatest comeback since Ronaldo rejoined UTD* ProxyToken and Lockfile* AlphaBay’s comeback***Resources from this week’s podcast***Social Media Monitoring Solutions Guidehttps://resources.digitalshadows.com/whitepapers-and-reports/social-media-monitoring-solutions-guideThe Never-ending Ransomware Storyhttps://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/LockFile Intermittent Encryption and Evasionhttps://news.sophos.com/en-us/2021/08/27/lockfile-ransomwares-box-of-tricks-intermittent-encryption-and-evasion/ProxyToken Lets Hackers Steal User Emailhttps://www.bleepingcomputer.com/news/security/microsoft-exchange-proxytoken-bug-can-let-hackers-steal-user-email/AlphaBay Rebootshttps://threatpost.com/rogue-marketplace-alphabay-reboots/168648/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes.

Weekly: #tbt Throwback Thursday Edition

Fri, 27 Aug 2021 11:45:27 -0400

ShadowTalk hosts Sean, Ivan, Alec, and Rick Holland bring you the latest in threat intelligence. This week they cover:- Botnets are still the hotness - Mirai is growing again and Mozi’s made new moves- ShinyHunters are back!- Hacktivists take on governmentsGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-august-27***Resources from this week’s podcast***ShinyHuntershttps://www.digitalshadows.com/blog-and-research/the-eeveelution-of-shinyhunters-from-data-leaks-to-extortions/ Criminals weaponize social mediahttps://www.digitalshadows.com/blog-and-research/how-cybercriminals-weaponize-social-media/ Reverse scamshttps://www.digitalshadows.com/blog-and-research/no-honor-among-thieves-scamming-the-scammers/ Mirai & Mozi: https://www.microsoft.com/security/blog/2021/08/19/how-to-proactively-defend-against-mozi-iot-botnet/ https://securingsam.com/realtek-vulnerabilities-weaponized/ https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ https://www.digitalshadows.com/blog-and-research/you-should-consider-forecasts-not-predictions/ HactivistsIran: https://zetter.substack.com/p/hackers-leak-surveillance-camera https://research.checkpoint.com/2021/indra-hackers-behind-recent-attacks-on-iran/ Belarus: https://www.bloomberg.com/news/articles/2021-08-24/belarus-hackers-seek-to-overthrow-local-government https://www.technologyreview.com/2021/08/26/1033205/belarus-cyber-partisans-lukashenko-hack-opposition/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes.

Weekly: Prometheus, Ransomware Updates, and Microsoft Morse Code

Fri, 20 Aug 2021 11:59:45 -0400

ShadowTalk hosts Adam, Chris, and Kim bring you the latest in threat intelligence. This week they cover:- Malicious use of TDS and the newly reported Prometheus TDS- Ransomware updates: Synack release decryption key and Vice Society targets PrintNightmare- The Microsoft phishing campaign that utilized morse code as an encryption mechanism Get this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-august-20***Resources from this week’s podcast***The Phight Against Phishing: https://www.digitalshadows.com/blog-and-research/the-phight-against-phishing/Leveraging Digital Shadows Premium Services: https://www.digitalshadows.com/blog-and-research/leveraging-digital-shadows-premium-services/ Prometheus TDS: https://blog.group-ib.com/prometheus-tdsSync Ransomware Releases Decryption Keys: https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-decryption-keys-after-el-cometa-rebrand/PrintNightmare Attacks: https://www.bleepingcomputer.com/news/security/vice-society-ransomware-joins-ongoing-printnightmare-attacks/Microsoft Attackers Use Morse Code: https://www.microsoft.com/security/blog/2021/08/12/attackers-use-morse-code-other-encryption-methods-in-evasive-phishing-campaign/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes.

Weekly: Phishing Site Targets Scammers, China Pulls False Flag in Israel, $600 Million Crypto Hack

Fri, 13 Aug 2021 11:23:44 -0400

ShadowTalk hosts Sean, Ivan, Charles, and CISO Rick Holland bring you the latest in threat intelligence. This week they cover:- CISO Rick Holland touches on the latest news on AlphaBay - could the forum be back? - The team chat about LockBit’s big hit on Accenture- Charles runs through Krebs Security run-in with a scammer who had been targeted by a phishing site for BriansClub- Ivan talks about the Chinese espionage group that pulled a false flag to Iran and Israel - Sean delves into the latest news on the $600 Million crypto hackGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-13th-august***Resources from this week’s podcast***The State of APTs in 2021https://www.digitalshadows.com/blog-and-research/the-nation-state-of-apts-in-2021/ Understanding Smishing Attackshttps://www.digitalshadows.com/blog-and-research/understanding-smishing-attacks/ Krebs Security Run-in with Scammed Scammer https://krebsonsecurity.com/2021/08/phishing-sites-targeting-scammers-and-thieves/Chinese Espionage Campaign in Israel https://www.fireeye.com/blog/threat-research/2021/08/unc215-chinese-espionage-campaign-in-israel.html$600 Million Crypto Hack https://www.bleepingcomputer.com/news/security/over-600-million-reportedly-stolen-in-cryptocurrency-hack/Other Resources: https://www.bbc.com/news/business-58180692

Weekly: Wiper Malware Targets Tokyo Olympics, MeteorExpress Attack, PwnedPiper, Hopper and More!

Fri, 06 Aug 2021 10:51:13 -0400

ShadowTalk hosts Adam, Dylan and Kim bring you the latest in threat intelligence. This week they cover:- Recent Wiper malware targeting the 2020 Tokyo Olympics - Dylan dives into the MeteorExpress attack, which targeted Iranian transport systems - Kim runs through PwnedPiper vulnerabilities that impact pneumatic tube systems in hospitals - could this lead to a ransomware attack? - Adam and the team discuss a new machine learning security tool called Hopper, which is used to detect lateral movement - before discussing the future of machine learning and AI in cyber security- Plus, the team answers some of your questions!Get this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-6th-august***Resources from this week’s podcast***IAB Q2 roundup https://www.digitalshadows.com/blog-and-research/initial-access-brokers-in-q2-2021/ Supply chain attacks in 2021 https://www.digitalshadows.com/blog-and-research/supply-chain-attacks-in-2021/ MeteorExpress Attackhttps://www.mbsd.jp/research/20210721/blog/ https://labs.sentinelone.com/meteorexpress-mysterious-wiper-paralyzes-iranian-trains-with-epic-troll/PwnedPiperhttps://threatpost.com/pwnedpiper-bugs-hospital-pneumatics/168277/ https://arxiv.org/abs/2105.13442Hopper Security Toolhttps://latesthackingnews.com/2021/08/02/hopper-the-security-tool-that-protects-enterprises-from-lateral-network-movement/Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: CISA guidelines, Q2 Ransomware roundup, and PunkSpider’s back!

Fri, 30 Jul 2021 12:31:58 -0400

ShadowTalk hosts Sean, Alec, Rick, and Ivan bring you the latest in threat intelligence. This week they cover:- CISA guidelines on frequently exploited vulnerabilities- Q2 Ransomware roundup/BlackMatter & Haron (new darkside/revil and avaddon), REvil ACH- With PunkSpider back, what are the implications of using this tech?Get this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-30th-july***Resources from this week’s podcast***Domain monitoring solution guide: https://www.digitalshadows.com/blog-and-research/getting-started-with-domain-monitoring-part-3-remediation/REvil: Analysis of Competing Hypotheses: https://www.digitalshadows.com/blog-and-research/revil-analysis-of-competing-hypotheses/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: Microsoft Exchange attribution, NSO Spyware, Zero-days, and Clippy

Fri, 23 Jul 2021 10:33:57 -0400

ShadowTalk hosts Stefano, Saul, Rory, and Kim bring you the latest in threat intelligence. This week they cover:- Microsoft Exchange server attach attributed to China- At least 180 journalists have been selected as targets by clients of the cybersurveillance company NSO Group- Zero-day exploits in 2021- Tor gets an update***Resources from this week’s podcast**** 2021 Ransomware Roll Up - https://www.digitalshadows.com/blog-and-research/q2-2021-ransomware-roll-up/* Blog: Cyber threats to Tokyo 2020 - https://www.digitalshadows.com/blog-and-research/cyber-threats-to-the-tokyo-2020-olympic-games/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes.

Special: Bryson Bort, Cyber Gandalf and MORE!

Thu, 15 Jul 2021 12:55:25 -0400

Digital Shadow’s CISO Rick Holland and Senior Cyber Threat Intel Analyst Sean Nikkel host this special edition of ShadowTalk. They are joined by special guest CEO and Founder at SCYTHE, Bryson Bort.

Weekly: Kaseya Attack Updates, Fancy Lazarus, and Spyware on Google Play

Fri, 09 Jul 2021 11:08:23 -0400

ShadowTalk hosts Stefano, Dylan, Adam, and Xue, bring you the latest in threat intelligence. This week they cover:- Xue takes us through the Kaseya ransomware supply-chain attack -REvil’s involvement and “Happy Blog” - Adam discusses a new threat group, Fancy Lazarus - where did they come from and what are their methods?- Dylan dives into malicious spyware apps found on Google Play that steal Facebook users’ logins and passwords - what we know so far - Plus, Adam’s malware name of the week and more!Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-9th-july ***Resources from this week’s podcast***Fancy Lazarus: https://www.proofpoint.com/uk/blog/threat-insight/ransom-ddos-extortion-actor-fancy-lazarus-returns Spyware Apps: https://news.drweb.com/show/?i=14244&lng=en Kaseya Blog: https://www.digitalshadows.com/blog-and-research/kaseya-ransomware-supply-chain-attack/ Domain Monitoring Part 2 Blog: https://www.digitalshadows.com/blog-and-research/getting-started-with-domain-monitoring-part-2-detection/ Marketo Blog: https://www.digitalshadows.com/blog-and-research/marketo-a-return-to-simple-extortion/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: LinkedIn Breach, Marketo Marketplace, Playstation Breach, Western Digital MyBook, Nobelium

Fri, 02 Jul 2021 12:03:14 -0400

ShadowTalk hosts Sean, Ivan and Digital Shadows CISO, Rick Holland, bring you the latest in threat intelligence. This week they cover:- The team touch on the most recent LinkedIn breach exposing 700 Million user details- Sean and Rick talk about the latest developments of the PrintNightmare incident- Ivan dives into the Marketo data theft marketplace - What’s the future for this group?- Rick discusses the latest PlayStation 3 console ID’s leak and how it’s different to previous breaches- What we know about the mysterious Western Digital MyBook attack Get this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-2nd-july***Resources from this week’s podcast***What We’re Reading this month: https://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-june-2021/ Why Do Users Get Banned From Cybercriminal Forums https://www.digitalshadows.com/blog-and-research/why-do-users-get-banned-from-cybercriminal-forums/ Typosquatting Protection 101:https://www.digitalshadows.com/blog-and-research/typosquatting-protection-101/ Getting Started with Domain Monitoring: Part 1, Collectionhttps://www.digitalshadows.com/blog-and-research/getting-started-with-domain-monitoring-part-1/ Special guest podcasts:Gert-Jan Bruggink, and presenter at last year’s SANS CTI Summithttps://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/special-cyber-threat-intel-leader-gert-jan-bruggink-legos-and-more Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Special: Cyber Threat Intel Leader Gert-Jan Bruggink, legos, and MORE!

Wed, 30 Jun 2021 11:01:41 -0400

Digital Shadows’ CISO Rick hosts this edition of ShadowTalk. He is joined by special guest Gert-Jan Bruggink. They discuss:●Gert-Jan’s origin story●Legos●Threat intelligence-based pen testing and red-teaming●Writing better threat landscape reports

Weekly: Google Releases Supply-Chain Framework, New NATO Agreements, and More!

Fri, 25 Jun 2021 11:24:36 -0400

ShadowTalk hosts Stefano, Chris, and Kim, bring you the latest in threat intelligence. This week they cover:- Kim dives into Google’s new Supply Chain Attack framework - how will it operate?- Chris discusses South Korea's energy research institute networks being compromised by North Korean threat actors - how did they gain access?- The team talk new NATO agreements that put cybersecurity at the forefrontGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-25-june ***Resources from this week’s podcast***Google Supply Chain Attach Framework - https://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html Supply Chain Awareness: https://www.sonatype.com/hubfs/Corporate/Software%20Supply%20Chain/2020/SON_SSSC-Report-2020_final_aug11.pdf South Korea Energy Compromise: https://www.bleepingcomputer.com/news/security/south-koreas-nuclear-research-agency-hacked-using-vpn-flaw/ VPN Attack Study: https://www.helpnetsecurity.com/2021/06/15/vpn-attacks-up/ NATO Agreements: https://www.nytimes.com/2021/06/15/world/europe/biden-putin-cyberweapons.html Intel Requirements Blog: https://www.digitalshadows.com/blog-and-research/lets-talk-about-intel-requirements/ Threat Actors Blog: https://www.digitalshadows.com/blog-and-research/threat-actors-living-off-the-land/Banned From Cybercriminal Forums Blog: https://www.digitalshadows.com/blog-and-research/why-do-users-get-banned-from-cybercriminal-forums/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Special: Pulsedive Founders Dan and Grace Talk Origins, IOCs, and More

Thu, 24 Jun 2021 10:42:48 -0400

Digital Shadows CISO Rick and Senior Cyber Threat Intel Analyst Sean Nikkel host this edition of ShadowTalk. They're joined by special guests Dan Sherry and Grace Chi, founders of Pulsedive. They discuss:-Dan & Grace's origin stories and how Pulsedive came to be -Grace's LinkedIn “Sides of Cyber” campaign, promoting unknown talents and how they enrich people's lives-IOCs aren't dead - how IOCs can be leveraged as part of a broader program-How to kick the tires on Pulsedive - they even include free API access ***Resources from this special podcast***Find Dan on Twitter: https://twitter.com/netbroom Find Dan on LinkedIn: https://www.linkedin.com/in/netbroom/ Find Grace on Twitter: https://twitter.com/euphoricfall Find Grace on LinkedIn: https://www.linkedin.com/in/graceschi/ Company Homepage: https://pulsedive.com/about/

Weekly: VPN Vulnerabilities, EA Gets Attacked, Plus Clop Deals With Affiliate Arrests

Fri, 18 Jun 2021 10:52:15 -0400

ShadowTalk hosts Sean, Ivan, and Charles bring you the latest in threat intelligence. This week they cover:- The team discusses the most recent EA breach - what’s the history of attacks against software/game developers?- Charles dives into the latest on VPN vulnerabilities - why does this problem persist? - Ivan talks about Clop arrests - how big of a player is Clop in the world of cyber crime?- Predictions for the ransomware scene in the future - can we expect more intervention by law enforcement? Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-18-june ***Resources from this week’s podcast***EA Breach: https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack https://www.vice.com/en/article/wx5xpx/hackers-steal-data-electronic-arts-ea-fifa-source-code VPN Vulnerabilities: https://apnews.com/article/government-and-politics-hacking-technology-business-7350235e07d46ba5afc1238b553ea4b9 Clop arrests: https://krebsonsecurity.com/2021/06/ukrainian-police-nab-six-tied-to-clop-ransomware/#more-55973 Euro 2020 blog - https://www.digitalshadows.com/blog-and-research/cyber-threats-to-the-uefa-euro-2020-championship/ Let’s Talk About Intel Requirements blog - https://www.digitalshadows.com/blog-and-research/lets-talk-about-intel-requirements/ Dark Web Monitoring Blog https://www.digitalshadows.com/blog-and-research/lets-talk-about-intel-requirements/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Special: Anomali’s AJ Nash Talks Origin Story, Building Threat Intel Teams, and More!

Wed, 16 Jun 2021 10:17:14 -0400

Digital Shadows CISO Rick and Senior Cyber Threat Intel Analyst Sean host this guest edition of ShadowTalk. Anomali's Sr. Director of Cyber Intelligence Strategy, AJ Nash, joined them to discuss:- AJ's origin story with the U.S. Air Force - AJ's lessons from building threat intelligence teams - The need for intelligence leaders to be more strategic and move beyond IOCs and the SOC - AJ's new blog where he proposed the Chief Intelligence Officer (CINO)***Resources from this special podcast***Find AJ on LinkedIn: https://www.linkedin.com/in/nashaj/Rise of the Chief Intelligence Officer (CINO): https://www.anomali.com/blog/rise-of-the-chief-intelligence-officer-cino

Weekly: Chinese Cyber Espionage, GitHub Takedowns, and EURO 2020 Predictions

Fri, 11 Jun 2021 10:58:48 -0400

ShadowTalk hosts Stefano, Adam, Chris, and newcomer, Rory, bring you the latest in threat intelligence. This week they cover:-Adam takes us through the latest cyber espionage campaigns attributed to Chinese-state-sponsored APT groups-Rory discusses a sophisticated law enforcement campaign targeting criminal syndicates all over the world-Chris dives into the new GitHub policies - what led to these new guidelines?-The team talks about updates on the Colonial Pipeline incident - what’s the latest?-Plus, the group makes EURO 2020 predictionsGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-11-june ***Resources from this week’s podcast***SharpPanda/Chinese APT - https://research.checkpoint.com/2021/chinese-apt-group-targets-southeast-asian-government-with-previously-unknown-backdoorLaw Enforcement Op - https://www.bleepingcomputer.com/news/security/fbi-and-afp-created-a-fake-encrypted-chat-platform-to-catch-criminals/ GitHub Takedown Policy: https://www.bleepingcomputer.com/news/security/githubs-new-policies-allow-removal-of-poc-exploits-used-in-attacks Colonial Updates: https://www.theverge.com/2021/6/5/22520297/compromised-password-reportedly-allowed-hackers-colonial-pipeline-cyberattack https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside Crypto Blog: https://www.digitalshadows.com/blog-and-research/cryptocurrency-attacks-to-be-aware-of-2021/ Extortion Blog: https://www.digitalshadows.com/blog-and-research/the-business-of-extortion-how-ransomware-makes-money/ Cyber Threats to EURO 2020: https://www.digitalshadows.com/blog-and-research/cyber-threats-to-the-uefa-euro-2020-championship/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: Nobelium Attacks, VMWare Exploits, and the Biden Administration’s Letter on Ransomware

Fri, 04 Jun 2021 11:14:48 -0400

ShadowTalk hosts Sean, Alec, Charles, and Digital Shadows CISO, Rick Holland, bring you the latest in threat intelligence. This week they cover:- Alec dives into Nobelium - who are they and what happened in the latest attack?- Charles takes us through VMWare exploits - how does it compare to earlier vulnerabilities?- Rick discusses the Biden Administration’s open letter to business leaders on the state of ransomware - Plus, check out our latest content including thoughts on the 2021 Verizon DBIRGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-04-june ***Resources from this week’s podcast***Nobelium: https://www.techrepublic.com/article/solarwinds-hackers-resurface-to-attack-government-agencies-and-think-tanks/ VMWare: https://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/ https://www.vmware.com/security/advisories/VMSA-2021-0010.html President’s Note on Ransomware Threats: https://www.documentcloud.org/documents/20796934-memo-what-we-urge-you-to-do-to-protect-against-the-threat-of-ransomwareCyber Attacks: The Problem with Attribution and Response Blog: https://www.digitalshadows.com/blog-and-research/cyber-attacks-the-challenge-of-attribution-and-response/ Verizon DBIR Perspective Blog: https://www.digitalshadows.com/blog-and-research/the-top-three-cybercrime-takeaways-from-the-2021-verizon-dbir/ Ransomware and Law Firms Blog: https://www.digitalshadows.com/blog-and-research/ransomware-and-the-legal-services-sector/ Jeff Stone Podcast: https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/special-jeff-stone-discusses-his-origin-story-interviewing-cybercriminals-and-more Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Special: The State of the APAC Cyber Threat Landscape

Thu, 03 Jun 2021 16:54:45 -0400

ShadowTalk hosts Stefano, Adam, and Xue bring you the latest in threat intelligence for the APAC region. They cover:- Xue take us through how the APAC threat landscape has changed in the last 18 months- What are the prominent ransomware and APT groups and what are they up to?- The team discusses how cybersec institutions are using new regulations to offset some traditional challenges- Adam talks about the Tokyo 2020 threat landscape and how it's been shaped by the event postponement due to COVID-19***Resources from this week’s podcast***State of APAC: https://www.paloaltonetworks.com/blog/2020/03/policy-asia-pacific/ https://techwireasia.com/2019/10/cybersecurity-customer-experience-trust-asia-apac/ https://techwireasia.com/2021/03/apac-is-in-need-for-more-cybersecurity-experts/ https://www.zdnet.com/article/colonial-pipeline-attack-used-to-justify-australias-critical-infrastructure-bill/ https://www.zdnet.com/article/security-crucial-as-5g-connects-more-industries-devices/ https://www.zdnet.com/article/apac-firms-face-growing-cyberattacks-take-more-than-a-week-to-remediate/ Covid-19 and APAC Cyber Security: https://www.computerweekly.com/news/252494801/APAC-firms-grapple-with-cyber-security-amid-pandemicAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: Drug Kingpin Taken Down by Cheese and Ransomware Makes a Comeback

Fri, 28 May 2021 11:43:04 -0400

ShadowTalk hosts Stefano, Adam, Kim, and Dylan bring you the latest in threat intelligence. This week they cover:- Dylan discusses how cheese was the downfall of a drug dealer in the UK and how a cybercriminal messaging forum contributed- Kim talks ransomware - how ransom demands stole the spotlight from supply-chain attacks- Avaddon victims refuse to pay ransom demands - what happened?- Adam dives into politically motivated ransomware Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-28-may ***Resources from this week’s podcast***Stilton Incident: https://en.wikipedia.org/wiki/Geronimo_Stilton https://www.theguardian.com/food/2021/may/24/feeling-blue-drug-dealers-love-of-stilton-leads-to-his-arrest Politically Motivated Ransomware: https://assets.sentinelone.com/sentinellabs/evol-agrius MTNOW: https://blog.malwarebytes.com/cybercrime/malware/2021/05/bizarro-a-banking-trojan-full-of-nasty-tricks/ MTTPOTW: https://attack.mitre.org/techniques/T1568/002/ FUNNIES: https://www.runnersworld.com/runners-stories/a32433537/strava-art/ Cybercriminal Forum Death Blog: https://www.digitalshadows.com/blog-and-research/how-cybercriminal-platforms-meet-their-end/ Intelligence Cycle Blog: https://www.digitalshadows.com/blog-and-research/how-the-intelligence-cycle-can-help-defend-against-ransomware-attack/ What We’re Reading Blog: https://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-may-2021/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Special: Jeff Stone Discusses His Origin Story, Interviewing Cybercriminals, and More!

Tue, 25 May 2021 13:25:33 -0400

Digital Shadows CISO Rick hosts this edition of ShadowTalk. He’s joined by special guest and friend Jeff Stone, Editor at CyberScoop News. They discuss: - Jeff's origin story - Parallels between journalism and threat intelligence - How journalists validate sources - Why "It's better to be right than first"- The go-to defense lawyer for Russian and Eastern European cybercriminals- The nuance around interviewing cybercriminals***Resources from this special podcast*** Find Jeff on Twitter: https://twitter.com/jeffstone500 CyberScoop:https://www.cyberscoop.com/ https://twitter.com/CyberScoopNews CyberScoop CyberTalks Virtual Summit https://www.cyberscoop.com/events/cybertalks/ "How Arkady Bukh, a New York-based immigrant from the former Soviet bloc, emerged as the go-to defense lawyer for the cybercrime underworld."https://www.cyberscoop.com/story/arkady-bukh-man-in-the-middle/

Weekly: Colonial Pipeline Updates, DarkSide Feels the Pressure, and More!

Fri, 21 May 2021 11:20:16 -0400

ShadowTalk hosts Sean, Alec, Ivan, and Charles bring you the latest in threat intelligence. This week they cover:- Ivan takes us through the latest updates on DarkSide and the Colonial Pipeline incident - DarkSide faces consequences - The team talks about new legislation from the US government - better late than never?- Plus, our hosts dive into all things ransomware - what’s happening with the cyber threat landscape?- Alec brings us the latest on Conti ransomware targeting Ireland's Department of Health - what was the impact?- Charles discusses a new web skimmer indicating ongoing Magecart activityGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-21-may ***Resources from this week’s podcast***Colonial Pipeline Updates: https://www.bankinfosecurity.com/2-bills-introduced-in-wake-colonial-pipeline-attack-a-16666 Conti Ransomware: https://www.bleepingcomputer.com/news/security/conti-ransomware-also-targeted-irelands-department-of-health/ PHP Skimmer: https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/ Verizon DBIR: https://enterprise.verizon.com/resources/reports/2021-data-breach-investigations-report.pdfAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: The Colonial Pipeline Incident, BEC Gift Card Campaigns, and More!

Fri, 14 May 2021 11:45:34 -0400

ShadowTalk hosts Stefano, Chris, Kim, and Xue bring you the latest in threat intelligence. This week they cover:- Xue takes us through the Colonial Pipeline ransomware incident - DarkSide’s involvement and more - What does the attack on the Colonial Pipeline indicate for future cyber threats against critical infrastructure?- Chris dives into the BEC incident - what does it mean and what happened? - Kim discusses the Bulletproof Hosting indictment - what is the impact?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-14-may ***Resources from this week’s podcast***Colonial Pipeline: https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-compromise-of-colonial-pipeline-networksDarkSide: https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/ Gift Card Scam: https://www.microsoft.com/security/blog/2021/05/06/business-email-compromise-campaign-targets-wide-range-of-orgs-with-gift-card-scam/ Bulletproof Hosting: https://www.justice.gov/opa/pr/four-individuals-plead-guilty-rico-conspiracy-involving-bulletproof-hosting-cybercriminals Bitcoin Blog: https://www.digitalshadows.com/blog-and-research/bitcoin-and-alternative-cryptos-in-the-cybercriminal-underground/ Colonial Pipeline Blog: https://www.digitalshadows.com/blog-and-research/colonial-pipeline-ransomware-attack/ Vaccine Card Blog: https://www.digitalshadows.com/blog-and-research/how-cybercriminals-can-leverage-your-vaccination-card-selfie/ Mapping MITRE to Wannacry Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attck-to-the-wannacry-campaign/

Special: David Thejl-Clayton Talks Data Driven Incident Response and Verizon DBIR

Fri, 14 May 2021 10:34:15 -0400

Digital Shadows CISO Rick hosts this edition of ShadowTalk. He’s joined by special guest David Thejl-Clayton , Senior Advisor in Cyber Defense at Combitech. They discuss: - David talks origin story, his journey through CTI, and his current role at Combitech - His obsession with data driven response and how that data-love came to be- He and Rick reminisce about favorite speakers at SANS- They discuss the Verizon DBIR - what’s to come?- Purple-teaming - how to bring value to organizations through data***Resources from this week’s podcast***Find David on Twitter: https://twitter.com/DCSecuritydk Find David on LinkedIn: https://www.linkedin.com/in/davidclayton454/ Data Driven Incident Response: https://www.youtube.com/watch?v=Ll60XUJnRTw SANS CTI Summit - VERISIZE your way into CTI: https://www.youtube.com/watch?v=AwMC6INC5TE https://www.sans.org/blog/a-visual-summary-of-sans-cyber-threat-intelligence-summit/ Vocabulary for Event Recording and Information Sharing (VERIS): http://veriscommunity.net/ 2020 Data Breach Investigations Report: https://enterprise.verizon.com/resources/reports/dbir/

Weekly: VPN Vulnerabilities, Supply Chain Attacks, and Babuk Says “Bye”!

Fri, 07 May 2021 11:10:34 -0400

ShadowTalk hosts Alec, Ivan, Sean, and Digital Shadows CISO, Rick, bring you the latest in threat intelligence. This week they cover:- Sean discusses Pulse Secure VPN vulnerabilities - what are the latest updates and who is being targeted?- The team talks about supply chain compromise - what is it?- Sean takes us through the DDoS attack on Belnet - Babuk is hanging up their hat - Ivan brings us the latest- Ryuk gets ahold of bio research through a studentGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-07-may ***Resources from this week’s podcast***Pulse Secure: https://www.bleepingcomputer.com/news/security/pulse-secure-fixes-vpn-zero-day-used-to-hack-high-value-targets/ Belnet: https://www.zdnet.com/article/this-massive-ddos-attack-took-large-sections-of-a-countrys-internet-offline/ Babuk: https://threatpost.com/babuk-ransomware-gang-mulls-retirement/165742/ Ryuk: https://www.zdnet.com/article/ryuk-ransomware-finds-foothold-in-bio-research-institute-through-a-student-who-wouldnt-pay-for-software/#ftag=RSSbaffb68 The Technology Adoption Lifecycle Of Genesis Market Blog: https://www.digitalshadows.com/blog-and-research/the-technology-adoption-lifecycle-of-genesis-market/ The Top 5 Dark Web Monitoring Use Cases Blog: https://www.digitalshadows.com/blog-and-research/the-top-5-dark-web-monitoring-use-cases/ Password Day Blog: https://www.digitalshadows.com/blog-and-research/creating-security-aware-passwords/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Special: Amy Bejtlich Talks Culture of Candor Within Intel Teams and More!

Thu, 06 May 2021 15:53:45 -0400

Digital Shadows CISO, Rick, hosts this edition of ShadowTalk. He’s joined by special guest Amy Bejtlich, Director of Intelligence Analysis at Dragos, Inc. They discuss: - Amy’s origin story and journey from traditional intelligence to cyber intelligence- How to "bloom where you are planted" - Her various SANS cyber threat intel presentations- How to build a "culture of candor" within an intel team - Minimizing burnout and supporting the mental health of teams***Resources from this week’s podcast***Find Amy on Twitter: https://twitter.com/_Silent_J Find Amy on LinkedIn: https://www.linkedin.com/in/amybejtlich/ SANS New to Cyber Summit: "Job Role Spotlight - Cyber Threat Intelligence": https://sansorg.egnyte.com/dl/TjsPnHluNo/? SANS 2019 CTI Summit Video: "Analytic Tradecraft In The Real World": https://www.youtube.com/watch?v=MWJZsW9HooY SANS 2019 CTI Summit slides: Analytic Tradecraft In The Real World": https://sansorg.egnyte.com/dl/MnytUZPcOU/?

Special: ShadowTalk’s 200th Episode!

Fri, 30 Apr 2021 09:54:32 -0400

It’s a full house with ShadowTalk hosts Stefano, Alec, Charles, Kim, Dylan, Adam, and Digital Shadows CISO, Rick! The team is looking back at three years of ShadowTalk and taking us on a journey through changes in the threat landscape. They discuss: - Adam and Alec take us through ransomware heavy hitters from the last few years - Big game hunting, double-extortion, and more- The team reminisce about their first time joining ShadowTalk - Kim and Rick tackle supply-chain attacks - looking back at SolarWinds and the role of trust- Most embarrassing moments in ShadowTalk history- Dylan and Charles talk CVE’s - more on opportunistic attackers taking advantage of Covid-19 and remote work- Final thoughts from the team - what would you tell your 2018 self?Check out the video recording of the podcast here: https://resources.digitalshadows.com/digitalshadows/special-shadowtalk-s-200th-episode Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-30-april***Resources from this week’s podcast***Phineas Fisher And The Hacking Team Investigation:https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/episode-51-phineas-fisher-and-the-hacking-team-investigationSolarWinds Supply Chain Attack Round-Up:https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/weekly-solarwinds-supply-chain-attack-round-upElectricFish Malware Attributed To “Lazarus Group” :https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/electricfish-malware-attributed-to-lazarus-groupThreat Report ATT&CK Mapping (TRAM) with MITRE’s Sarah Yoder And Jackie Lasky:https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/threat-report-attck-mapping-tram-with-mitre-sarah-yoder-and-jackie-laskyCVE 2019-0708 RDP Vulnerability and GDPR’s Anniversary:https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/cve-2019-0708-rdp-vulnerability-and-gdpr-s-anniversaryAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: Supply Chain Attacks Rule The Day, Plus The FBI Takes On Web-Shells

Fri, 23 Apr 2021 11:17:50 -0400

ShadowTalk hosts Alec, Ivan, Charles, and newcomer, Sean, bring you the latest in threat intelligence. This week they cover:- Ivan dives into FBI actions against web-shells from compromised Exchange servers- Codecov supply chain attacks - Charles brings us the latest - The team discuss the Pulse Secure VPN bug - Plus, don’t forget our special 200th episode next week! Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-23-april ***Resources from this week’s podcast***FBI Web Shells: https://www.welivesecurity.com/2021/04/14/fbi-removes-malware-compromised-exchange-servers/Codecov: https://www.bleepingcomputer.com/news/security/hundreds-of-networks-reportedly-hacked-in-codecov-supply-chain-attack/REvil vs. Apple: https://www.bleepingcomputer.com/news/security/revil-gang-tries-to-extort-apple-threatens-to-sell-stolen-blueprints/Pulse Secure VPN: https://www.bleepingcomputer.com/news/security/pulse-secure-vpn-zero-day-used-to-hack-defense-firms-govt-orgs/https://www.bleepingcomputer.com/news/security/cisa-orders-federal-orgs-to-mitigate-pulse-secure-vpn-bug-by-friday/ Q1 Vulnerability Blog: https://www.digitalshadows.com/blog-and-research/q1-vulnerability-roundup/Emotet Shutdown Blog: https://www.digitalshadows.com/blog-and-research/the-emotet-shutdown-explained/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: Q1 Ransomware Round-Up - Looking Back at Early 2021

Fri, 16 Apr 2021 14:37:18 -0400

ShadowTalk hosts Stefano, Adam, Kim, and Chris bring you the latest in threat intelligence. This week they cover:- Kim takes us back to SolarWinds, the Centreon breach, the Accellion incident, and the Microsoft Exchange supply chain attack- The team discusses attributing attacks - state sponsored threat actors leverage sophisticated tactics, allowing lower level cybercriminals to ride their coattails - Chris takes the teams through mitigating risks and proxy logon vulnerabilities- How Covid-19 and WFH has affected the threat landscape - VPN vulnerabilities - Advice for security teams - what to prioritize- Adam discusses ransomware trends in Q1 2021- The team touches on law enforcement activity and more! Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/20210416-ds-weekly-intsum-updated ***Resources from this week’s podcast*** Q1 Ransomware Blog: https://www.digitalshadows.com/blog-and-research/q1-ransomware-roundup/ IABs Q1 Blog: https://www.digitalshadows.com/blog-and-research/initial-access-brokers-listings-increasing-in-2021/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: Facebook Data Breach, Ransomware Cartel, and More!

Fri, 09 Apr 2021 12:28:30 -0400

ShadowTalk hosts Alec, Ivan, Charles, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- Ivan talks through the latest updates on the Facebook data breach - threat actors selling old data for cheap and what was potentially exposed- Charles discusses Fortinet vulnerabilities - what are the technical details and how do defenders protect their data?- The team dives deeper into the ransomware cartel - Clop updates - what’s the latest and who are they targeting?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-09-april ***Resources from this week’s podcast***Facebook Breach: https://www.theguardian.com/technology/2021/apr/06/facebook-breach-data-leak Fortinet Vulnerabilities: https://www.ic3.gov/Media/News/2021/210402.pdfhttps://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-attacking-fortinet-fortios-servers/ Ransomware Cartel: https://analyst1.com/file-assets/RANSOM-MAFIA-ANALYSIS-OF-THE-WORLD%E2%80%99S-FIRST-RANSOMWARE-CARTEL.pdf https://www.scmagazine.com/home/security-news/ransomware/ransomware-cartel-model-didnt-fulfill-potential-yet-but-served-as-cybercrime-proving-ground/ Stanford Breach: https://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-from-stanford-maryland-universities/ Actionable Threat Intel: https://www.digitalshadows.com/blog-and-research/new-release-actionable-threat-intelligence-with-searchlight/ MITRE and CTI: https://www.digitalshadows.com/blog-and-research/applying-mitre-attck-to-your-cti-program/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: It’s A Ransomware Round-Up - CNA , Clop, and Much More!

Fri, 02 Apr 2021 11:13:08 -0400

ShadowTalk hosts Stefano, Dylan, Kim, and Chris bring you the latest in threat intelligence. This week they cover:- Kim and her recent ransomware round-up - insurance company CNA suffers attack, Clop holds victims for ransom, and more- Chris takes the team through the PHP Git Server backdoor - Dylan and the group talk pandemic, remote-working, and cyber hygiene Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-02-april ***Resources from this week’s podcast***Tax Fraud 2021 Blog: https://www.digitalshadows.com/blog-and-research/tax-and-unemployment-fraud-in-2021/ Microsoft Exchange Hafnium Blog: https://www.digitalshadows.com/blog-and-research/microsoft-exchange-server-exploit-what-happened-next/ Cyber Threat Intelligence: Solutions Guide and Best Practices: https://resources.digitalshadows.com/digitalshadows/cyber-threat-intelligence-solutions-guide Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Special: Dr. Chase Cunningham Talks Zero Trust, His Book on Cyber Warfare, and More!

Tue, 30 Mar 2021 12:01:07 -0400

Digital Shadows CISO Rick hosts this edition of ShadowTalk. He’s joined by special guest Dr. Chase Cunningham, author, Retired Navy Chief Cryptologist, and Chief Strategy Officer at Ericom Software. They discuss: -Dr. Chase's origin story -How to use Zero Trust to take back initiative from the adversary -How the VPN is the Palm Pilot of your network infrastructure -Why there is no Zero Trust easy button -Chase's romance novel on cyber warfare -Threat modeling vacations***Resources from this week’s podcast***Find Dr. Chase Cunningham on LinkedIn: https://www.linkedin.com/in/dr-chase-cunningham-54b26243/ Find Dr. Chase Cunningham on Twitter: https://twitter.com/CynjaChaseCCyber Warfare – Truth, Tactics, and Strategies: Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare: https://www.amazon.com/gp/product/B084ZN2HBD/ref=dbs_a_def_rwt_bibl_vppi_i0Ericom Software: https://www.ericom.com/r/dr-zero-trust/ZT Edge: https://www.zerotrustedge.com/

Weekly: More on Microsoft and Acer Receives $50 Million in Ransom Demands

Fri, 26 Mar 2021 12:27:18 -0400

ShadowTalk hosts Alec, Austin, Charles, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:-The team discusses the latest on Exchange Servers vulnerabilities - should guards still be up? -Austin takes us through the timeline of ransomware taking advantage of vulnerabilities regarding Microsoft -Austin talks $50 million ransom against Acer - biggest known ransom request in modern history. What does this mean for the threat landscape going forward? -A phishing campaign has stolen 400,000 OWA/O365 creds - how to make yourself the hardest target possibleGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-26-march ***Resources from this week’s podcast***Microsoft Vulnerabilities: https://www.bleepingcomputer.com/news/security/microsoft-92-percent-of-exchange-servers-safe-from-proxylogon-attacks/ Acer Ransom: https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/Black Kingdom Ransomware: https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-now-targeted-by-black-kingdom-ransomware/ Office 365 Phishing: https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-bypassing-email-gateways/ 2021 Tax Blog: https://www.digitalshadows.com/blog-and-research/tax-and-unemployment-fraud-in-2021/ Cybercriminal Perspective Blog: https://www.digitalshadows.com/blog-and-research/the-cybercriminal-perspective/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Special: Creator of Zero Trust John Kindervag Talks Origins and the Future of Zero Trust!

Tue, 23 Mar 2021 15:29:03 -0400

Digital Shadows CISO Rick hosts this edition of ShadowTalk. He’s joined by special guest John Kindervag, creator of Zero Trust and Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow at ON2IT Cybersecurity. They discuss: -John’s origin story and influences - what led to the creation of Zero Trust?- Zero Trust - origin, design principles, and terminology - What are your protect surfaces? - using Zero Trust- John’s new position at ON2IT***Resources from this week’s podcast***Find John Kindervag on LinkedIn: https://www.linkedin.com/in/john-kindervag-40572b1/ Find John Kindervag on Twitter: https://twitter.com/Kindervag Understanding Zero Trust Terminology: https://www.paloaltonetworks.com/resources/zero-trust Antifragile: Things That Gain from Disorder: https://www.amazon.com/Antifragile-Things-That-Disorder-Incerto/dp/0812979680

Weekly: Ransomware Resurgence - The Return of FIN8, DarkSide, and More!

Fri, 19 Mar 2021 12:21:25 -0400

ShadowTalk hosts Stefano, Adam, Kim, and first-timer Chris bring you the latest in threat intelligence. This week they cover:-Kim takes us through the return of FIN8 - what are the updates to the “BadHatch” backdoor-Chris discusses DarkSides recent resurgence after a quiet period - what’s the latest?-Microsoft Exchange exploit update - the team discuss -How are threat actors and cybercriminals using ProxyLogon vulnerabilities?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-19-march ***Resources from this week’s podcast***FIN8: https://labs.bitdefender.com/2021/03/fin8-group-is-back-in-business-with-improved-badhatch-kit/ DarkSide: https://www.infosecurity-magazine.com/news/darkside-20-ransomware-fastest/ ProxyLogon: https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/ https://www.vice.com/en/article/n7vpaz/researcher-publishes-code-to-exploit-microsoft-exchange-vulnerabilities-on-github AC Features: https://www.vice.com/en/article/pkdnkz/escape-zoom-meetings-by-faking-technical-issues-and-crying-with-this-apphttps://attack.mitre.org/techniques/T1090/003/https://attack.mitre.org/software/S0398/Mapping MITRE to Microsoft Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attack-to-microsoft-exchange-zero-day-exploits/Revisiting Spectre Blog: https://www.digitalshadows.com/blog-and-research/revisiting-the-spectre-and-meltdown-vulnerabilities/ Monitoring for Supplier Risks Blog: https://www.digitalshadows.com/blog-and-research/monitoring-for-risks-coming-from-suppliers/FBI IC3 Blog: https://www.digitalshadows.com/blog-and-research/fbi-ic3-2020/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: Supply Chain Compromise Round-Up - Microsoft, Verkada, and More!

Fri, 12 Mar 2021 13:01:04 -0500

ShadowTalk hosts Alec, Ivan, Charles, and Austin bring you the latest in threat intelligence. This week they cover:- The team discuss HAFNIUM and Microsoft Servers Exchange- Updates on the Accellion incident - what’s the latest regarding Flagstar?- The Verkada compromise - who were the victims affected by the breach of private video footage?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-12-march ***Resources from this week’s podcast***Hafnium: https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/Microsoft Exchange Compromise: https://www.ic3.gov/Media/News/2021/210310.pdfFlagstar: https://www.cyberscoop.com/flagstar-bank-accellion-breach-clop/Verkada: https://www.washingtonpost.com/technology/2021/03/10/verkada-hack-surveillance-risk/ Mapping MITRE ATT&CK To The DPRK Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attack-to-dprk-financial-crime-indictment/ Year In Review: COVID-19 Concerns For Cybersecurity Blog: https://www.digitalshadows.com/blog-and-research/covid-19-concerns-for-cybersecurity/ Mapping MITRE ATT&CK To The Microsoft Exchange Exploits Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attack-to-microsoft-exchange-zero-day-exploits/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: New Australian Legislature, VMware Bugs, and More!

Fri, 05 Mar 2021 11:21:40 -0500

ShadowTalk hosts Stefano, Adam, Dylan, and Kim bring you the latest in threat intelligence. This week they cover:- The Australian Criminal Intelligence Commission (ACIC) issues three new warrants for dealing with cybercrime - how does this new legislation increase law enforcement powers?- VMware has revealed a critical-rated bug - what should security teams know?- Adam covers ICEDID Infection and ransomware - The team discuss the DPRK IndictmentGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-05-march ***Resources from this week’s podcast***New Australian Legislature: https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6623https://www.zdnet.com/article/australias-new-hacking-powers-considered-too-wide-ranging-and-coercive-by-oaic/ Vulnerability Round-Up: https://www.vmware.com/security/advisories/VMSA-2021-0002.html https://www.bleepingcomputer.com/news/security/working-windows-and-linux-spectre-exploits-found-on-virustotal/ ICEDID: https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html DPRK: https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and Law Enforcement Blog: https://www.digitalshadows.com/blog-and-research/cybercriminal-law-enforcement-crackdowns-in-2021/No Time For Threat Intel Noise Blog: https://www.digitalshadows.com/blog-and-research/no-time-for-threat-intel-noise/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: When Initial Access Brokers Attack

Fri, 26 Feb 2021 12:31:00 -0500

ShadowTalk hosts Alec, Ivan, Charles, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- The team talks Initial Access Brokers (IAB) - what role do these middle- men play in the ransomware game?- How can your company mitigate risks against IABs?- The latest on the Accellion incident - Third party attacks - where does the blame fall?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-26-february ***Resources from this week’s podcast***Accellion: https://www.zdnet.com/article/fireeye-links-0-day-attacks-on-fta-servers-extortion-campaign-to-fin11-group/https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.htmlIAB Report: https://resources.digitalshadows.com/whitepapers-and-reports/initial-access-brokers-report Monitoring IABs in SearchLight: https://www.digitalshadows.com/blog-and-research/how-to-monitor-initial-access-broker-listings/ 5 Ways To Take Action Blog: https://www.digitalshadows.com/blog-and-research/5-ways-to-optimize-threat-intelligence/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: Egregor Arrests, SIM-Swapping, and Oldsmar Updates!

Fri, 19 Feb 2021 11:36:33 -0500

ShadowTalk hosts Stefano, Adam, Dylan, and Kim bring you the latest in threat intelligence. This week they cover:- Adam takes us through the latest on Egregor and related arrests - is the threat group down but not out?- Dylan talks SIM-swapping - who was targeted?- Kim brings us the most recent news on the Centreon breach- Plus, the team reviews the Oldsmar water treatment facility attackGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-19-february ***Resources from this week’s podcast***Egregor operators arrested: https://www.zdnet.com/article/egregor-ransomware-operators-arrested-in-ukraine/SIM Swapping: https://www.europol.europa.eu/newsroom/news/ten-hackers-arrested-for-string-of-sim-swapping-attacks-against-celebrities https://www.youtube.com/watch?v=fHhNWAKw0bY Centreon breach: https://www.zdnet.com/article/france-russian-state-hackers-targeted-centreon-servers-in-years-long-campaign/ Oldsmar updates: https://www.mass.gov/service-details/cybersecurity-advisory-for-public-water-suppliers Threat Intel Can Be Noisy Blog: https://www.digitalshadows.com/blog-and-research/threat-intelligence-can-be-noisy-searchlight-helps/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: Ransomware Updates - CDPR Victimized, Ziggy’s End, and the Oldsmar Water Incident

Fri, 12 Feb 2021 13:04:02 -0500

ShadowTalk hosts Alec, Ivan, Austin, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- Cyberpunk and Witcher fans beware - threat actors target the CD Projekt Red source code- Ziggy ransomware calls it quits - is law enforcement activity driving this impact?- Oldsmar, FL water treatment facility gets hacked - could other critical infrastructure be at risk?- Researcher impacts dozens of tech firms through a supply chain attack, winning a $130,000 ‘bug bounty’Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-12-february ***Resources from this week’s podcast***Cyberpunk hack: https://www.theverge.com/2021/2/10/22276664/cyberpunk-witcher-hackers-auction-source-code-ransomware-attack Ziggy: https://www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/ Oldsmar: https://www.cnn.com/2021/02/08/us/oldsmar-florida-hack-water-poison/index.html Security researcher wins award: https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 Valentine’s Blog: https://www.digitalshadows.com/blog-and-research/cybercrime-and-valentines-day/ Exposed Credential Guide: https://resources.digitalshadows.com/whitepapers-and-reports/exposed-credentials-solutions-guide Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: Lebanese Cedar, Nefilim Ghost Credentials, and More on SolarWinds and Emotet

Fri, 05 Feb 2021 12:05:27 -0500

ShadowTalk hosts Stefano, Adam, and Kim bring you the latest in threat intelligence. This week they cover:- More threat actors and attack vectors are being investigated in the SolarWinds compromise- Law enforcement officials in the Netherlands are delivering an Emotet update that will remove it from infected devices- Kim talks Lebanese Cedar - What’s new in their latest attack?- Adam reviews Nefilim ransomware - how were they able to gain access and why it reinforces the need for securing employee accounts - Plus, don’t miss the malware name of the week! Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-05-february ***Resources from this week’s podcast***SolarWinds Update: https://www.wsj.com/articles/suspected-russian-hack-extends-far-beyond-solarwinds-software-investigators-say-11611921601 Lebanese Cedar: https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf Nefilim Ghost Credentials: https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/ Zinc Attacks: https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/ Emotet Disruption: https://www.digitalshadows.com/blog-and-research/emotet-disruption/ DarkMarket Seizure: https://www.digitalshadows.com/blog-and-research/darkmarkets-seizure/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: Law Enforcement Wins the Week - The Fall of NetWalker and Emotet!

Fri, 29 Jan 2021 14:04:34 -0500

ShadowTalk hosts Alec, Charles, Austin, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- Mimecast confirms SolarWinds attackers breached security certificate the latest updates- The rise and fall of Emotet plus unique video footage of the takedown- NetWalker ransomware targeted and taken down by US and Bulgarian Law Enforcement - Avaddon adopts a new tactic - could it become the MO of other threat groups?- North Korean threat actors go phishing for security researchers with fake social media profilesGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-29-january ***Resources from this week’s podcast***Mimecast SolarWinds Update: https://www.mimecast.com/blog/important-security-update/ 23 Sunburst Targets Identified: https://www.netresec.com/?page=Blog&month=2021-01&post=Twenty-three-SUNBURST-Targets-Identified Emotet: https://www.zdnet.com/article/emotet-worlds-most-dangerous-malware-botnet-disrupted-by-international-police-operation/ Emotet Takedown Video: https://youtu.be/_BLOmClsSpc NetWalker: https://www.zdnet.com/article/us-and-bulgarian-authorities-dirsupt-netwalker-ransomware-operation/ Avaddon: https://www.bleepingcomputer.com/news/security/another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay/ NK Activity: https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-targeting-security-researchers-with-malware-0-days/ Ransomware 2020 Blog: https://www.digitalshadows.com/blog-and-research/ransomware-analyzing-the-data-from-2020/Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: CISA Security Advisory, IObit Attack, and more SolarWinds!

Fri, 22 Jan 2021 13:07:42 -0500

ShadowTalk hosts Stefano, Adam, Kim, and Dylan bring you the latest in threat intelligence. This week they cover:- Adam and the team discuss more SolarWinds updates - what’s the latest?- Kim talks CISA security advisory - trends in recent attacks and cyber hygiene- Dylan dives into new ransomware attack on IObit - how threat actors spread the malware to its membersGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-22-january ***Resources from this week’s podcast***Cryptocurrency: https://www.bleepingcomputer.com/news/security/iobit-forums-hacked-to-spread-ransomware-to-its-members/https://twitter.com/BleepinComputer/status/1351261442536861697 Lokibot: https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html 3 Takeaways from Forrester: https://www.digitalshadows.com/blog-and-research/top-3-takeaways-from-forrester-ti-nowtech-2020/ AzureAD: https://www.digitalshadows.com/blog-and-research/azure-ad-auto-validate-exposed-credentials/Asset and Wealth Management: https://www.digitalshadows.com/blog-and-research/threats-to-asset-and-wealth-management-in-2020-2021/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Weekly: Sunburst, Sunspot, and more on SolarWinds!

Fri, 15 Jan 2021 12:20:29 -0500

ShadowTalk hosts Alec, Charles, Austin, and Ivan bring you the latest in threat intelligence. This week they cover:- Significant updates to the SolarWinds incident- Overlaps of the "Sunburst" backdoor and malware known to be used by the believed Russia-affiliated APT "Turla"- Possible SolarWinds scam - SolarLeaks claiming to sell data stolen in SolarWinds attacks- The newly identified Sunspot malware- Mimecast reporting of a compromised certificate possibly related to SolarWinds - the team dives deeper- DarkSide ransomware decryptor keys being released and how DarkSide respondedGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-15-january ***Resources from this week’s podcast***Sunburst: https://securelist.com/sunburst-backdoor-kazuar/99981/SolarLeaks: https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/SolarWinds updates: https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/ https://www.cyberscoop.com/mimecast-email-breach-solarwinds-russia/?category_news=technology Sunspot: https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/Covid-19 threat landscape updates: https://www.digitalshadows.com/blog-and-research/targets-and-predictions-for-the-covid-19-threat-landscape/Dark Web Marketplaces And Cybercriminal Forums: https://www.digitalshadows.com/blog-and-research/tracing-dark-web-marketplaces-and-cybercriminal-forums/ ShadowTalk Email: shadowtalk@digitalshadows.com

Weekly: SolarWinds Updates, TicketMaster Fraud, Apex Cyber Attack, and More!

Fri, 08 Jan 2021 12:00:37 -0500

ShadowTalk hosts Stefano, Kim, Adam, and Dylan bring you the latest in threat intelligence. This week they cover:- Post-holiday updates on SolarWinds - what have we missed? - Ticketmaster gets fined $10 million for illegally accessing the internal systems of a competitor, using the credentials of a former employee- Apex Laboratory announced that it was the victim of a cyber attack - what we know so far- 2020 in review: What will the new year bring in the world of cyber security?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-08-january ***Resources from this week’s podcast***SolarWinds:https://www.solarwinds.com/securityadvisorySolarWinds Blog: https://www.digitalshadows.com/blog-and-research/solarwinds-compromise-what-security-teams-need-to-know/ SolarWinds Update Blog: https://www.digitalshadows.com/blog-and-research/solarwinds-compromise-update/ TicketMaster Fraud: https://www.justice.gov/usao-edny/pr/ticketmaster-pays-10-million-criminal-fine-intrusions-competitor-s-computer-systems-0APT27: https://www.scmagazine.com/home/security-news/ransomware/chinese-espionage-group-apt27-moves-into-ransomware/ 2020 Lookback Blog: https://www.digitalshadows.com/blog-and-research/lookingback-at-2020/ 2021 Forecasts Blog: https://www.digitalshadows.com/blog-and-research/2021-forecasts/ ShadowTalk Email: shadowtalk@digitalshadows.com

Weekly: SolarWinds Supply-Chain Attack Round-Up

Fri, 18 Dec 2020 12:24:55 -0500

ShadowTalk hosts Kacey, Charles, Alec, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover all things SolarWinds:- An overview of the campaign and event timelines- SolarWinds' SEC filing and its implications- Early indicators of compromise, including public FTP creds and an access listing- What we can expect from this attack as time goes onGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-18-december ***Resources from this week’s podcast***Microsoft: https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/SolarWinds:https://www.solarwinds.com/securityadvisoryFireEye: https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.htmlDomainTools: https://www.domaintools.com/resources/blog/unraveling-network-infrastructure-linked-to-the-solarwinds-hack?utm_source=Social&utm_medium=twitter&utm_campaign=SUNBURST#FTP Creds (2019):https://savebreach.com/solarwinds-credentials-exposure-led-to-us-government-fireye-breach/ SEC Filinghttps://portal.pannus.uk/client/intelligence/incident/67083793 https://www.sec.gov/ix?doc=/Archives/edgar/data/1739942/000162828020017451/swi-20201214.htm Dark Halo: https://portal.pannus.uk/client/intelligence/incident/67128769https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/SolarWinds Blog: https://www.digitalshadows.com/blog-and-research/solarwinds-compromise-what-security-teams-need-to-know/

Weekly: FireEye Breach, Phishing for the Covid-19 Vaccine, and More!

Fri, 11 Dec 2020 12:53:00 -0500

ShadowTalk hosts Stefano, Kim, and Adam bring you the latest in threat intelligence. This week they cover:- FireEye, a top security firm, suffers a breach caused by a state-sponsored attacker- Phishing campaigns target the distribution of the Covid-19 vaccine- Ransomware gangs resort to cold-calling victims in order to cash in - Plus, the very festive ‘Malware name of the week’Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-11-december ***Resources from this week’s podcast***FireEye breach: https://arstechnica.com/information-technology/2020/12/security-firm-fireeye-says-nation-state-hackers-stole-potent-attack-tools/ FireEye breach: https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html Phishing targeting the vaccine: https://portal-digitalshadows.com/search/intelligenceincident/66425527 Phishing targeting the vaccine: https://securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/ Ransomware cold calls: https://www.zdnet.com/article/ransomware-gangs-are-now-cold-calling-victims-if-they-restore-from-backups-without-payingMalware name of the week: https://www.pcrisk.com/removal-guides/10819-merry-christmas-ransomware Egregor blog: https://www.digitalshadows.com/blog-and-research/egregor-the-new-ransomware-variant-to-watch/Holiday Cybercrime blog: https://www.digitalshadows.com/blog-and-research/holiday-cybercrime-retail-risks-and-dark-web-kicks/ Podcast email: shadowtalk@digitalshadows.com

Special: Guest Brian Wrozek Talks Origin Story, Planning for 2021, and More!

Mon, 07 Dec 2020 18:03:19 -0500

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick chat with Brian Wrozek of Optiv. They cover: - Brian’s origin in cybersecurity - Looking forward to 2021 - what should we be focusing on and what do we need to be prepared for?- Threat modeling and tabletop exercises - how do we prepare for the worst?- Brian and the team talk degrees - how big of a role do they play when recruiting? ***Resources from this week’s podcast***Find Brian Wrozek on LinkedIn: https://www.linkedin.com/in/brianwrozek Find Brian Wrozek on Twitter: https://twitter.com/bdwtexas?lang=en University of Dallas link: https://udallas.edu/cob/about/adjunct-faculty/wrozek-brian.phpOptiv: https://www.optiv.com/

Weekly: Gootkit & REvil, Spam Haus Findings, and More!

Fri, 04 Dec 2020 10:29:59 -0500

ShadowTalk hosts Kacey, Charles, Alec, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- REvil ransomware breathes new life into Gootkit malware - C-level email credentials listed for sale on a cybercriminal marketplace- Does REvil have ties to Maze and Egregor? A conversation about source evaluation and attribution.- Spam Haus reports that thousands of IPV4 addresses are suddenly coming alive - is more BGP abuse on the horizon?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-4-december ***Resources from this week’s podcast***Gootkit: https://www.bleepingcomputer.com/news/security/gootkit-malware-returns-to-life-alongside-revil-ransomware/Threat actor sells accounts: https://www.zdnet.com/article/a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives/REvil: https://twitter.com/campuscodi/status/1333462999105998848Spam Haus: https://www.reddit.com/r/blueteamsec/comments/k42sk7/suspicious_network_resurrections_spamhouse/?utm_source=share&utm_medium=web2x&context=32021 Predictions blog: https://www.digitalshadows.com/blog-and-research/2021-forecasts/2021 Predictions webinar: https://info.digitalshadows.com/2020Dec09-Live-Webinar-Predictions.htmlEgregor blog: https://www.digitalshadows.com/blog-and-research/egregor-the-new-ransomware-variant-to-watch/

Weekly: Egregor Ransomware, IoT Regulations, Black Friday Threats and More!

Mon, 30 Nov 2020 07:06:00 -0500

ShadowTalk hosts Stefano, Adam and Dylan bring you the latest in threat intelligence. This week they cover: - QBot drops Prolock for Egregor ransomware- IoT new regulations - Black Friday threats and opportunities- Plus: The team discuss the malware name of the weekGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-27-november***Resources from this week’s podcast***Holiday Cybercrime Blog: https://www.digitalshadows.com/blog-and-research/holiday-cybercrime-retail-risks-and-dark-web-kicks/Egregor: https://www.digitalshadows.com/blog-and-research/egregor-the-new-ransomware-variant-to-watch/

Weekly: FunnyDream, Ragnar Locker on Facebook, and Egregor Ransom Notes

Fri, 20 Nov 2020 11:51:43 -0500

ShadowTalk hosts Kacey, Alec, and Charles, bring you the latest in threat intelligence. This week they cover: - New Chinese APT group, FunnyDream, conducts a sophisticated cyber espionage campaign targeting SE Asian government entities.- Ransomware operators want to be heard - Ragnar Locker turns to Facebook and Egregor begins printing ransom notes.- Is Egregor the new Maze? Let's unpack this.- Plus, the team talks about their favorite Thanksgiving dish, plus a side of footballGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-20-november ***Resources from this week’s podcast***FunnyDream: https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT.pdfRagnar Locker: https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/Egregor: https://www.bleepingcomputer.com/news/security/retail-giant-cencosud-hit-by-egregor-ransomware-attack-stores-impacted/Darkside Blog: https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/Triangle InfoSecCons - Cybercrime Trends with Digital Shadows CISO Rick: https://www.youtube.com/watch?v=owBgVgiWFXMRansomware Trends in Q3 Webinar: https://resources.digitalshadows.com/webinars/ransomware-trends-in-q3Holiday Cybercrime Blog: https://www.digitalshadows.com/blog-and-research/holiday-cybercrime-retail-risks-and-dark-web-kicks/Digital Shadows in Security Mag: https://www.securitymagazine.com/articles/93950-cybercriminal-forum-offers-wisconsin-voter-data-for-free

Weekly: RegretLocker, OceanLotus, Millions Seized in Cryptocurrency, and more!

Fri, 13 Nov 2020 12:17:42 -0500

ShadowTalk hosts Stefano, Kim, Dylan, and Adam bring you the latest in threat intelligence. This week they cover: - RegretLocker’s approach to quickly encrypting files - how their efficiency compares to counterpart Ryuk - Vx Underground’s code used in ransomware attacks- APT32, or OceanLotus, using social media and news sites to draw in users and redirect them to phishing pages - U.S. DoJ seizes $24 Million in cryptocurrency, assisting the Brazilian governmentGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-13-november ***Resources from this week’s podcast***RegretLocker Ransomware: https://www.bleepingcomputer.com/news/security/new-regretlocker-ransomware-targets-windows-virtual-machines/Vx Underground: https://twitter.com/smelly__vx/status/1323849544145211392https://twitter.com/vxunderground/status/1326055110292729856OceanLotus: https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/U.S. Seizes Virtual Currency: https://www.justice.gov/opa/pr/us-seizes-virtual-currencies-valued-24-million-assisting-brazil-major-internet-fraud)https://www.cyberscoop.com/silk-road-bitcoin-billion-wallet/Bitcoin vs. Monero Blog: https://www.digitalshadows.com/blog-and-research/bitcoin-vs-monero/ Evolution of DDoS: https://www.digitalshadows.com/blog-and-research/the-evolution-of-ddos-activity-in-2020

Weekly: Election Update, Kimsuky Activity, Maze Group Announces Closing, Wroba Mobile Malware

Fri, 06 Nov 2020 16:50:04 -0500

ShadowTalk hosts Kacey, Alec, Charles and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- Election update - Because that’s what’s on many people’s minds right now- North Korean Group Kimsuky Targets Government Agencies With New Malware - Maze Group announces closing of its operations- Wroba mobile malware targets US smartphones - Plus: Group discusses Guy FawkesGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-06-november-2020***Resources from this week’s podcast***Clickbait to Checkmate: https://www.digitalshadows.com/blog-and-research/sms-based-scam-targets-us-smartphones-and-accesses-victim-locations/Glossary: https://www.digitalshadows.com/blog-and-research/a-glossary-of-cybercriminal-access-offerings/Phillip Wylie Podcast: https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/special-guest-phillip-wylie-talks-origin-story-bear-wrestling-and-much-more

Special: Guest Phillip Wylie Talks Origin Story, Bear Wrestling, and Much More!

Fri, 30 Oct 2020 13:06:27 -0400

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick chat with Phillip Wylie about his origin story, his brief foray into professional wrestling, and so much more. This isn’t one to miss!***Resources from this week’s podcast***Grab Phillip’s Book - The Pentester BluePrint: Your Guide to Being a Pentester: https://www.amazon.com/Pentester-BluePrint-Your-Guide-Being/dp/1119684307 Innocent Lives Foundation (@innocentorg): https://www.innocentlivesfoundation.org/donate/ Pwn School project: https://twitter.com/schoolpwn Follow Phillip on Twitter: https://twitter.com/PhillipWylie

Weekly: The Team Gets Spooky with Fancy Bear, Ryuk, and More!

Fri, 30 Oct 2020 12:25:18 -0400

ShadowTalk hosts Stefano, Dylan, Adam, and Kim bring you the latest in threat intelligence. This week they cover:- EU slaps sanctions on GRU leader, Fancy Bear- Kim discusses the latest on Ryuk and provides insight on its evolution- Breach against Finnish psychotherapy giant Vastaamo - patients getting targeted for ransom- Plus, a little Halloween fun! Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-30-october-2020 ***Resources from this week’s podcast***Sanctions on Fancy Bear: https://www.cyberscoop.com/eu-gru-fancy-bear-bundestag-russia/Ryuk: https://labs.sentinelone.com/an-inside-look-at-how-ryuk-evolved-its-encryption-and-evasion-techniques/ and https://www.soprasteria.com/newsroom/press-releases/details/cyberattack-information-update Hackers blackmailing patients: https://threatpost.com/vastaamo-hackers-blackmailing-therapy-patients/160536/ NCSAM - Future of Connected Devices: https://www.digitalshadows.com/blog-and-research/cybersecurity-awareness-month-week-4-the-future-of-connected-devices/

Weekly: SandWorm Indicted by DOJ, Darkside Has A Soft Spot, and Ryuk's Super Speedy Attack!

Fri, 23 Oct 2020 12:48:36 -0400

ShadowTalk hosts Kacey, Alec, Austin, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- SandWorm and its link to Russia’s GRU - what’s their history and what does this mean?- The Darkside ransomware group takes a philanthropic approach to cybercrime- Ryuk leverages Bazar Loader and Zerologon vulnerability in their recent (and very speedy) attack- Plus: The group discusses their favorite WiFi namesGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-23-october-2020 ***Resources from this week’s podcast***GRU Indictment: https://www.justice.gov/opa/press-release/file/1328521/downloadDarkside: https://www.zdnet.com/article/ransomware-gang-donates-part-of-ransom-demands-to-charity-organizations/Ryuk: https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/Charitable Cybercriminals Blog: https://www.digitalshadows.com/blog-and-research/charitable-endeavors-on-cybercriminal-forums/Digital Shadows Darkside Blog: https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/High Profile Arrests Blog: https://www.digitalshadows.com/blog-and-research/recent-arrests-and-high-profile-convictions-what-does-it-mean-for-the-cyber-threat-landscape/Ransomware Trend Q3 Blog: https://www.digitalshadows.com/blog-and-research/ransomware-trends-in-q3/Dark Pathways Into Cybercrime Blog: https://www.digitalshadows.com/blog-and-research/dark-pathways-into-cybercrime-minding-the-threat-actor-talent-gap/

Weekly: Microsoft Derails Trickbot, Ransomware Running Rampant, Fitbit Customers At Risk, and More!

Fri, 16 Oct 2020 11:17:23 -0400

ShadowTalk hosts Viktoria, Adam, Stefano, and Dylan bring you the latest in threat intelligence. This week they cover:- Microsoft: Derailing trickbot, which threatened the US election- Ransomware: The stories that go unreported and why we should care- Fitbit: Customers data at risk following spyware creation by researchers- “Data” - Can the team resist saying it?Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-16-october-2020 ***Resources from this week’s podcast***Microsoft Take Down: https://www.microsoft.com/security/blog/2020/10/12/trickbot-disrupted/Europol: https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2020Fitbit: https://threatpost.com/fitbit-personal-data-watch-face/160003/ Europol Analysis: https://www.digitalshadows.com/blog-and-research/digital-shadows-analysis-of-europols-cybercrime-report/ NCSA Month Week 2 - Security Devices at Home: https://www.digitalshadows.com/blog-and-research/cybersecurity-awareness-month-week-2-security-devices-at-home-and-work/ US SMS Scam: https://www.digitalshadows.com/blog-and-research/sms-based-scam-targets-us-smartphones-and-accesses-victim-locations/

Special: Guest Marcus Carey Talks Origin Story, BBQ, Diversity, and More!

Tue, 13 Oct 2020 11:05:43 -0400

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick are joined by special guest Marcus Carey. In this episode they cover:- Marcus’s origin story including his time in the Navy and the NSA- The Austin food scene - BBQ is always on the menu- Marcus talks mentoring and helping others find their “superpower”- The team discusses Marcus’s books for children and how to ensure diversity in the workplaceVisit the blog for this episode by Digital Shadows CISO Rick: www.digitalshadows.com/blog-and-research/marcus-carey-joins-shadowtalk/***Resources from this week’s podcast***Twitter: https://twitter.com/marcusjcareyLinkedIn: https://www.linkedin.com/in/marcuscarey/Tribe of Hackers: https://www.tribeofhackers.comAn Anti-Racism Checklist: Supporting Black Employees in Tech https://venturebeat.com/2020/09/19/an-anti-racism-checklist-supporting-black-employees-in-tech/Marcus’s Books on Amazon: https://www.amazon.com/Marcus-J-Carey/e/B07MFWJPGV/ref=dp_byline_cont_book_1

Weekly: Sanctions from the DOT, Fancy Bear Targets the US Government, and Foreign Spies in Disguise!

Fri, 09 Oct 2020 11:10:57 -0400

ShadowTalk hosts Kacey, Alec, Charles and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover: - The US Department of Treasury sends a message about negotiating with ransomware operators - APT28 compromises a US federal agency- Foreign spies use fronts to hide cyber espionage operations- Iranian nation-state threat actors leverage Zerologon flaw to carry out attacksGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-09-october-2020 ***Resources from this week’s podcast***Sanctions for ransomware: https://threatpost.com/mixed-sanctions-ransomware-negotiators/159795/APT28: https://www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/Foreign spies: https://www.cyberscoop.com/chinese-iranian-hackers-front-companies/Zerologon: https://threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/Bitcoin vs. Monero Blog: https://www.digitalshadows.com/blog-and-research/bitcoin-vs-monero/

Weekly: It’s A Ransomware Roundup: Mount Locker, Old Gremlin, REvil, and More!

Fri, 02 Oct 2020 09:33:01 -0400

ShadowTalk hosts Adam, Kim, Stefano and Dylan bring you the latest in threat intelligence. This week they cover:- Mount Locker trying to extort 7+ figures from its victims- Old Gremlin - the team talks new activity attributed to this group- REvil looking for new affiliates and flexing with bitcoin - Healthcare hack has severe repercussions - Attackers exploit Zerologon vulnerability - Joker Trojan infects Google Play Store for Android - what we know- Celebrating Cyber Awareness Month with games and moreGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-02-october-2020***Resources from this week’s podcast***Old Gremlin: https://www.group-ib.com/blog/oldgremlin Mount Locker Ransomware: https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game/ REvil Ransomware: https://www.bleepingcomputer.com/news/security/revil-ransomware-deposits-1-million-in-hacker-recruitment-drive/ Zerologon: https://www.infosecurity-magazine.com/news/zerologon-windows-server-flaw/ Joker Trojan: https://threatpost.com/joker-trojans-android/159595/ Most Hacked Passwords: https://www.ncsc.gov.uk/news/most-hacked-passwords-revealed-as-uk-cyber-survey-exposes-gaps-in-online-security Pwned Websites: https://haveibeenpwned.com/PwnedWebsites Darkside blog: https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/

Weekly: Law Enforcement Cracks Down On Cybercriminals, Fancy Bear Goes Phishing, And More

Fri, 25 Sep 2020 14:12:59 -0400

ShadowTalk hosts Kacey, Charles, Alec and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:-A member of TheDarkOverlord was sentenced to multiple years in prison, APT41 members have been charged with computer crimes, and 179 cybercriminals have been arrested for pushing illicit drugs and weapons on criminal marketplaces.-Fancy Bear activity uses NATO training documents for a phishing campaign-Activision suffers a potential data breach - what we know-University Hospital targeted by ransomware attack - the team discusses the falloutGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-25-september-2020 ***Resources from this week’s podcast***Dark Overlord: https://securityaffairs.co/wordpress/108599/cyber-crime/the-dark-overlord-group-member-sentence.html?utm_source=rss&utm_medium=rss&utm_campaign=the-dark-overlord-group-member-sentenceAPT41: https://techcrunch.com/2020/09/16/justice-department-charges-apt41-chinese-hackers/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAANj1ao-t2OsjXeOqgLz3US1ZkDpaX5RiLvv2kDHGEQV5BemCfHZcLxOmEja-NawLGOwxwCL8IwjIc5HN2Gl0gPjqYzRVUxyK8_vrC5XleANawX6KANKYzLUmnl9OSYTFtSOu6CGWx-pRNK12tKqvbvi5dsVEcQHotxktiwUv0DtaDark Web Drug Raid: https://www.bbc.com/news/technology-54247529 Fancy Bear: https://www.bleepingcomputer.com/news/security/russian-hackers-use-fake-nato-training-docs-to-breach-govt-networks/Activision Hack: https://www.forbes.com/sites/daveywinder/2020/09/21/activision-accounts-hacked-500000-call-of-duty-players-could-be-affected-report/#12ed502c7bbeUniversity Hospital Hack: https://www.cyberscoop.com/germany-ransomware-homicide-duesseldorf-hospital/

Special: Discussing Deception with Chris Sanders

Thu, 24 Sep 2020 15:08:14 -0400

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick are joined by Information Security Analyst and author Chris Sanders. The team talk BBQ and Chris’s new book Intrusion Detection Honeypots: Detection through Deception. Resources from the podcast:-Read Rick's Blog Recap: www.digitalshadows.com/blog-and- research/discussing-deception-with-chris-sanders/-Chris’s Book Intrusion Detection Honeypots: Detection through Deception: https://www.amazon.com/Intrusion-Detection-Honeypots- through-Deception-ebook/dp/B08GP8X86L -Rural Tech Fund: https://ruraltechfund.org/mission/ -The Cuckoo’s Egg Course: https://chrissanders.org/training/cuckoosegg/ -Chris's Website: https://chrissanders.org/ -Chris’s Twitter: https://twitter.com/chrissanders88 -Chris’s LinkedIn: https://www.linkedin.com/in/chrissanders88/ -Email Chris at chrissanders.orgAdditional Links:-SANS CTI Summit Keynote Cliff Stoll: https://www.youtube.com/watch? v=1h7rLHNXio8 -The Cuckoo’s Egg by Cliff Stoll: https://www.amazon.com/Cuckoos-Egg- Tracking-Computer-Espionage/dp/1416507787

Weekly: Ed Merrett Joins To Talk HackableYou And The Latest In Threat Intel

Fri, 18 Sep 2020 13:09:59 -0400

This week, Viktoria is joined by ShadowTalk residents Adam and Kim, and on this episode, they speak to guest Ed Merrett, founder of HackableYou, the cybersecurity podcast. Viktoria speaks to Ed Merrett about why he set up HackableYou, then together the team unpack the latest stories, including:-Magento Online Stores: 1,000 stores affected by card skimming-ZeroLogon (CVE-2020-1472) - Critical severity Vulnerability: Impact & Mitigation-US Election: New campaigns observed targeting political candidatesGet our Weekly Intelligence Summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-18-september-2020To listen to Ed’s podcast, visit HackableYou: https://hackableyou.com/podcast/

Weekly: The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again

Fri, 11 Sep 2020 10:39:28 -0400

This week’s host Kacey is joined by Charles and Alec to bring you the latest in threat intelligence. In this episode they cover: - Visa issues a warning about new credit card skimmer “Baka”- Epic Manchego - Atypical malicious document delivery- What is Smaug and how does it operate?- Emotet - are there new developments and why did France send an advisory?Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-11-september-2020 ***Resources from this week’s podcast***Baka: https://www.bleepingcomputer.com/news/security/visa-warns-of-new-baka-credit-card-javascript-skimmer/Epic Manchego: https://blog.nviso.eu/2020/09/01/epic-manchego-atypical-maldoc-delivery-brings-flurry-of-infostealers/Smaug: https://labs.sentinelone.com/multi-platform-smaug-raas-aims-to-see-off-competitors/France warns of Emotet: https://www.bleepingcomputer.com/news/security/france-warns-of-emotet-attacking-companies-administration/ Similar Advisories from Japan & NZ: https://www.zdnet.com/article/france-japan-new-zealand-warn-of-sudden-spike-in-emotet-attacks/Cyber Espionage Blog: https://www.digitalshadows.com/blog-and-research/cyber-espionage-how-to-not-get-spooked-by-nation-state-actors/Not Another Ransomware Blog: https://www.digitalshadows.com/blog-and-research/not-another-ransomware-blog-initial-access-brokers-and-their-role/

Weekly: New Zealand Stock Exchange faces DDoS, Tesla avoids cyberattack, and Pioneer Kitten updates

Fri, 04 Sep 2020 11:12:13 -0400

Adam, Kim, Demelza and Stefano discuss the latest threat intel updates. On this episode, they cover:- New Zealand Stock Exchange DDoS attacks: Services affected & extent of impact- Tesla employee thwarts cyberattack: Developments & internal threats- Pioneer Kitten observed monetizing cyber activity- Information about Slack vulnerability:- Tor projects launch membership program: why & what does this mean?Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-04-september-2020***Resources from this week’s podcast***DDos Extortion: https://www.welivesecurity.com/2020/08/27/ddos-extortion-campaign-targets-financial-firms-retailers/Russian National Arrest: https://www.justice.gov/opa/press-release/file/1308766/downloadPioneer Kitten: https://www.crowdstrike.com/blog/who-is-pioneer-kitten/Remote Code Execution: https://hackerone.com/reports/783877 The Tor Project: https://blog.torproject.org/tor-project-membership-programSunCrypt: https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-sheds-light-on-the-maze-ransomware-cartel/ Dread Take on Spammers: https://www.digitalshadows.com/blog-and-research/dread-takes-on-the-spammers-who-will-come-out-on-top/

Weekly: Photon Team Talks BeagleBoys, DarkSide, and DeathStalker, oh my!

Fri, 28 Aug 2020 11:53:45 -0400

ShadowTalk hosts Kacey, Alec, Charles, and Rick bring you the latest in threat intel. In this week’s episode they cover:- The Department of the Treasury, FBI, and the US Cyber Command issue an alert about North Korea's BeagleBoyz - what do we know and what does it mean?- DarkSide operation discovered attacking companies with ransom demands up to $2 Million- Charles discusses DeathStalker kill chain and their targets- Alec talks spy stories and potential internal threats to companiesGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-28-august-2020 ***Resources from this week’s podcast***BeagleBoyz: https://us-cert.cisa.gov/ncas/alerts/aa20-239aDarkSide: https://www.bleepingcomputer.com/news/security/darkside-new-targeted-ransomware-demands-million-dollar-ransoms/DeathStalker: https://securelist.com/deathstalker-mercenary-triumvirate/98177/Spy Story: https://www.zdnet.com/article/russian-arrested-for-trying-to-recruit-an-insider-and-hack-a-nevada-company/ Cybercriminal Forum Rankings Blog: https://www.digitalshadows.com/blog-and-research/alexa-who-is-the-number-one-cybercrminal-forum-to-rule-them-all/Empire Exit Scam Blog: https://www.digitalshadows.com/blog-and-research/cybercriminal-underground-rocked-by-empires-apparent-exit-scam/

Special: Guest David Bianco Talks Origin Story, Pyramid of Pain, and More

Tue, 25 Aug 2020 14:24:37 -0400

ShadowTalk hosts Alex and Digital Shadows CISO, Rick, talk to special guest David about his beginnings in the cybersecurity space, the Pyramid of Pain, and threat hunting.Pyramid of Pain: https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.htmlDavid’s Twitter: https://twitter.com/DavidJBiancoDavid’s Sans Profile: https://www.sans.org/profiles/david-bianco/

Weekly: Emotet Gets a Vaccine, NSA Drovorub Advisory, and North Korean Activity plus Bureau 121

Fri, 21 Aug 2020 11:50:29 -0400

ShadowTalk hosts Viktoria, Adam, Dylan, and Stefano bring you the latest in threat intel. In this week’s episode they cover:- The ever-popular Emotet - does this dangerous malware have a vaccine? Adam and the team discuss how researchers found a cure.- What is the Drovorub malware and what is it trying to achieve?- Takeaways from the U.S. Army’s report on North Korean tactics - what do we know about North Korea’s cyber activity and Bureau 121?Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-21-august-2020***Resources from this week’s podcast***Emotet: https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/Drovorub: https://www.fbi.gov/news/pressrel/press-releases/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecurity-advisoryBureau 121: https://www.documentcloud.org/documents/7038686-US-Army-report-on-North-Korean-military.htmlOptiv CTIE Report: https://resources.digitalshadows.com/digitalshadows/optivctiereport2020

Weekly: Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

Fri, 14 Aug 2020 14:07:47 -0400

Alex, Kacey, and Charles host this week’s ShadowTalk, bringing you the latest in threat intelligence. In this episode they cover:- Defaced subreddits - which accounts were impacted and what was the cause?- An Intel Leak was exposed by a Twitter user - what was exposed and how did it happen?- Troy Hunt's announcement on open-sourcing HIBP - our take on how it will improve the community at largeGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-14-august-2020***Resources from this week’s podcast***Reddit: https://www.reddit.com/r/ModSupport/comments/i5hhtf/ongoing_incident_with_compromised_mod_accounts/ https://www.bleepingcomputer.com/news/security/reddit-hit-by-coordinated-hack-promoting-trumps-reelection/Twitter Intel Leak: https://www.infosecurity-magazine.com/news/intel-investigates-20gb-internal/HIBP: https://www.troyhunt.com/im-open-sourcing-the-have-i-been-pwned-code-base/Escrow Systems On Cybercriminal Forums Blog: https://www.digitalshadows.com/blog-and-research/escrow-systems-on-cybercriminal-forums/

Weekly: CWT pays ransom, data leaked for 900+ Pulse Secure Servers, EU issues first cyber sanctions

Fri, 07 Aug 2020 13:09:50 -0400

In this week’s episode, Viktoria is joined by Kim, Dylan and Demelza to discuss:- Ransomware negotiations between CWT and cyberattackers- Impact and severity of passwords leaked for 900+ pulse secure enterprise servers to criminal forum- The Ghostwriter/disinformation campaign overview: series of disinformation campaigns, aligned to Russian security interests - activity and attribution- EU issues first sanctions against Russian and Chinese cyber actors: Impact, effectiveness and reasoning behind thisGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-07-august-2020***Resources from this week’s podcast***CWT: https://uk.reuters.com/article/uk-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUKKCN24W26PPulse Secure VPN: https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/#ftag=RSSbaffb68EU Sanctions: https://www.gov.uk/government/news/foreign-secretary-welcomes-first-eu-sanctions-against-malicious-cyber-actorshttps://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32020D1127&from=EN

Special: Guest Geoff White Talks Best-Selling Book Crime Dot Com

Fri, 31 Jul 2020 12:09:50 -0400

On this ShadowTalk hosts Viktoria and James talk to special guest Geoff about his best selling book Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global and beyond that, themes within cybercrime, from the commodification of personal data to cybercrime tactics and tools. Find Geoff’s book here: https://www.amazon.co.uk/Crime-Dot-Com-Viruses-Rigging/dp/1789142857Visit Geoff’s website: https://geoffwhite.tech/

Weekly: Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

Fri, 31 Jul 2020 11:50:32 -0400

This week it’s a full house with ShadowTalk hosts Alex, Kacey, Charles, Alec and Rick. During this episode they cover:- Garmin ransomware attacks - what happened?- Kacey talks QSnatch malware - history and new alerts- Stage 2 from ShinyHunters and the 50 high profile organizations that had information leakedGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-31-july-2020***Resources from this week’s podcast***Garmin ransomware: https://www.zdnet.com/article/garmins-outage-ransomware-attack-response-lacking-as-earnings-loom/ QSnatch malware: https://www.zdnet.com/article/cisa-says-62000-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware/#ftag=RSSbaffb68 ShinyHunters: https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/

Weekly: Trickbot trojan mishaps, Emotet resurgence, Twitter takeovers, and APT group updates

Fri, 24 Jul 2020 10:00:07 -0400

This week’s ShadowTalk hosts Adam, Demi, Stefano and Kim discuss the latest threat intelligence stories. In this episode they cover:-Trickbot trojan mishap causes wide-spread warnings, alerting users of threatening activity-Dangerous malware Emotet resurges and partners with Trickbot to infect a large number or users-Twitter takeover updates - what we know so far-NCSC advisory about APT29 targeting Covid-19 vaccine research -APT35 footage surfaces, exposing the group’s informationGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-24-july-2020***Resources from this week's podcast***NCSC: https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development Twitter Updates: https://www.bleepingcomputer.com/news/security/coinbase-blocked-twitter-hackers-from-stealing-an-extra-280k/ Emotet: https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/APT35: https://www.wired.com/story/iran-apt35-hacking-video/

Weekly: Twitter takeovers, Data Viper breached by NightLion, and a look at CryptBB

Fri, 17 Jul 2020 14:22:13 -0400

This week’s ShadowTalk hosts Alex, Kacey, and Alec discuss the latest threat intelligence stories. In this epic episode they cover:-Top Twitter accounts that were accessed to promote a Bitcoin scam -Threat Intel platform Data Viper gets breached in revenge attack by threat actor NightLion -Updates on cybercriminal forum CryptBB - where are they now and what does the future hold?Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-17-july-2020***Resources from this week’s podcast***Twitter attack https://twitter.com/TwitterSupport/status/1283518038445223936?s=20 Data Viper breach https://krebsonsecurity.com/2020/07/breached-data-indexer-data-viper-hacked/ CryptBB blog by DS Photon Team https://www.digitalshadows.com/blog-and-research/cryptbb-demystifying-the-illusion-of-the-private-forum/

Weekly: PAN-OS Vulnerability, Lazarus Group, BEC scammer “Hushpuppi”, and New Photon ATO Research

Fri, 10 Jul 2020 14:30:49 -0400

This week, Digital Shadows team Viktoria, Demelza, Adam and Stefano cover:-PAN-OS Vulnerability (CVE-2020-2021): Impact & Mitigation-Magecart Developments: Lazarus Group tied to Magecart-FBI arrests “Hushpuppi” for alleged BEC Cybercrime Scheme-Photon ATO Research: Overview + Key takeawaysGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10-july-2020

Weekly: Torigon, Nulledflix, and BlueLeaks, Plus DevSecOps Insights From DS CISO Rick

Fri, 26 Jun 2020 15:10:59 -0400

Alex, Kacey, Charles and Rick host this week’s ShadowTalk to bring you the latest threat intelligence stories. This week they cover: Torigon - What was Torigon and how did it fail to survive?Nulledflix - The Nulled-focused streaming service taken down immediately for maintenanceBlueLeaks exposing private law enforcement filesDevSecOps and how it can be useful to your organizationGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-26-june-2020Plus, check out this page for more on DevSecOps: https://www.digitalshadows.com/blog-and-research/devsecops-modern-software-development/To learn more about DevSecOps product updates in SearchLight, check out the webinar at: https://resources.digitalshadows.com/webinars/outside-in-intelligence-for-devsecops-digital-shadows***Resources From This Week***Torigon: https://www.digitalshadows.com/blog-and-research/torigon-forum/Nulledflix: https://www.digitalshadows.com/blog-and-research/nulledflix-nulled-forum-streaming-service/BlueLeaks: https://krebsonsecurity.com/2020/06/blueleaks-exposes-files-from-hundreds-of-police-departments/

SPECIAL: Guest Speaker Tom Schmitt Talks About His Origins in Cyber Threat Intel and TITO

Tue, 23 Jun 2020 18:29:23 -0400

CISO Rick Holland and Host Alex Guirakhoo chat with this week's special guest Tom Schmitt, Global Director of Threat Intelligence at Anheuser-Busch InBev. They discuss Tom’s origin in the Cyber Threat Intelligence space and get his insight on TITO (or “Threat, Infrastructure, Targets, and Outcomes”), a platform and data-agnostic threat intelligence framework.Learn more about TITO at https://github.com/TITO-Threat-Intel/TITO-Framework

WEEKLY: Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack

Fri, 19 Jun 2020 16:33:25 -0400

Demelza, Viktoria, Adam, and Stefano host this week’s ShadowTalk to bring you the latest threat intelligence stories from the week. This week they cover:- Honda technical details - cyber attack- LookBack, FlowCloud similarities point to a single perpetrator of utility attacks - TA410- Delivery of malware through cloud storage Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Recruiting Moderators on Cybercriminal Forums: https://www.digitalshadows.com/blog-and-research/recruiting-moderators-on-cybercriminal-forums/Reducing Technical Leakage: https://www.digitalshadows.com/blog-and-research/reducing-technical-leakage-detecting-software-exposure-from-the-outside-in/

SPECIAL: What Goes Into The Verizon DBIR With Alex Pinto

Wed, 17 Jun 2020 19:10:22 -0400

CISO Rick Holland and Host Alex Guirakhoo chat with Alex Pinto from Verizon around the Verizon DBIR. They talk through Pinto’s background, how the Verizon DBIR gets put together, findings from this year’s report, and of course, the best jokes found (or not found) in this year’s report.Get the full DBIR at https://enterprise.verizon.com/resources/reports/dbir/And check out Rick’s Blog here: https://www.digitalshadows.com/blog-and-research/2020-verizon-data-breach-investigations-report-dbir-ciso-view/

WEEKLY: Maze Ransomware Alliance, EndGame DDoS Protection Tool, And Ransomware Disguises

Sun, 14 Jun 2020 23:53:48 -0400

Alex is joined by Kacey and Charles this week to chat through the top threat intel stories of the week. This week’s highlights include: - Zorab Ransomware Disguised as STOP Djvu Ransomware- Endgame: New DDoS protection tool advertised on the dark web- Sodinokibi Ransomware Group updates and Maze ransomware allianceGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-12-june-2020***Resources From this Week***Endgame DDoS tool on dark web: https://www.digitalshadows.com/blog-and-research/ddos-attacks-dark-web-endgame/

WEEKLY: Hacktivist Chooses Destruction Over Profit w/ Ransomware and Collection 1 Hacker Identified

Thu, 28 May 2020 18:18:28 -0400

Pietro, Viktoria, Adam, and Demelza cover this week’s top threat intelligence stories, including a Hacktivist group choosing destruction over profit with ransomware.Other stories this week include- EasyJet breach- Collection 1 Hacker Identified- Fin7 Member Arrested- iOS Mail App VulnerabilityCheck out more in this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-29-may-2020***Resources From this Week***Dark Web Digest Recording: https://resources.digitalshadows.com/webinars/dark-web-digest-gaining-valuable-threat-intel-from-cybercriminal-forums-webinar

WEEKLY: Verizon DBIR, ShinyHunters, Sodinokibi Ransomware, And More Phishing

Sat, 23 May 2020 19:57:27 -0400

CISO Rick Holland kicks off this episode walking us through key findings and his take from the just-released 2020 Verizon DBIR.Then the team covers other top stories from the week including:- The new threat group, ShinyHunters, exposing at least 18 companies- Phishing trends organizations should watch out for - Sodinokibi targets Grubman, Shire, Meiselas & Sacks law firm, threatens to release data unless a USD 24 million extortion payment is metShout-out to this week’s ShadowTalk-ers: Kacey, Charles, Rick, and AlexGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-22-may-2020***Resources from this Week***Rick’s DBIR Blog: https://www.digitalshadows.com/blog-and-research/2020-verizon-data-breach-investigations-report-dbir-ciso-view/Kacey’s Phishing Blog: https://www.digitalshadows.com/blog-and-research/3-phishing-trends-organizations-should-watch-out-for/Ecosystem of Phishing: https://www.digitalshadows.com/blog-and-research/the-ecosystem-of-phishing/

SPECIAL EPISODE: Contact Tracing and COVID-19

Thu, 21 May 2020 19:48:15 -0400

Physician-Scientist, Dr. Pratik Sinha, joins CEO and co-founder, Alastair Paterson, and CISO, Rick Holland, for this special guest episode of ShadowTalk. The group walks through Al and Pratik’s recent research together around contact tracing. They look at:- What is contact tracing and how does it work?- How have we done contact tracing in previous pandemics and will it work for COVID-19?- Privacy Risks and balancing the tradeoff between health and privacy- Big TechRead the full blog from Al and Pratik at https://www.digitalshadows.com/blog-and-research/contact-tracing-can-big-tech-come-to-the-rescue-and-at-what-cost/You can find Pratik on Twitter @progdoctalk or at https://profiles.ucsf.edu/pratik.sinha

SPECIAL EPISODE: Remote Worker Security: Tech & ISP Providers, Data Security, And The Future

Wed, 20 May 2020 20:15:19 -0400

We're pleased to have a special guest, Steve Marshall, CISO and Head of Cyber Consulting at Bytes- a Software Licensing Reseller & IT Security Services.in this special episode, Steve Marshall, Viktoria Austin, and James Chappell look at the industry at a macro level - delving into stories and themes that have changed how we communicate, how we work, securely, but also what the future of remote working looks like. In the UK and across the world, remote working has become - for many - the new norm. But how prepared were organizations for this change? Likewise, on the supplier side, were the technologies - such as video communications, ISP providers - prepared for this? What does the future of working look like now? For more threat intelligence resources around COVID-19, please visit https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesThanks for listening and special shout out to Steve for joining. Cheers!

WEEKLY: WannaCry Anniversary, Wordpress Plugin Vuln, WeLeakData Compromised

Sun, 17 May 2020 13:26:25 -0400

The team starts this week’s episode with a retrospective look at WannaCry, discussing some core lessons learned from this ransomware attack. Viktoria, Demelza, Adam, and Jamie then dig through other top stories including:- A wordpress plugin vulnerability - WeLeakData[.]com compromised with the hackers’ messages leaked- BitBazaar Dark Web Market deception and manipulationGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources this Week***BitBazaar: https://www.digitalshadows.com/blog-and-research/bitbazaar-market-deception-and-manipulation-on-the-dark-web/

WEEKLY: Competitions On English Forums, Purple Teaming, & Hacker Bribes 'Roblox' Insider

Fri, 08 May 2020 18:45:22 -0400

This week Alex chats with Kacey, Charles, and Rick around competitions we’ve been seeing on English-language cybercriminal forums and how they compare to the ones on Russian-language forums, purple teaming, and how a hacker bribed a ‘Roblox’ insider to access user data. And finally… our thoughts on Elon Musk’s new baby’s name. Thanks for listening and stay safe out there!***Resources from This Week***Competitions on English-Language Forums: https://www.digitalshadows.com/blog-and-research/competitions-english-language-cybercriminal-forums/Hacker Bribed 'Roblox' Insider to Access User Data: https://www.vice.com/en_us/article/qj4ddw/hacker-bribed-roblox-insider-accessed-user-data-reset-passwordsSANs Webinar: https://www.sans.org/webcasts/security-leadership-managing-turbulent-times-presented-summits-113310

SPECIAL EPISODE: The Human Element Of Cybersecurity Programs With Hacker Valley Studio

Fri, 08 May 2020 00:02:36 -0400

We’ve got a very special episode for you this week with Hacker Valley Studio guests Ron Eddings and Chris Cochran. CISO Rick Holland and Threat Researcher Alex Guirakhoo chat with Ron and Chris about their backstories and how they got into cybersecurity, their favorite topics from Hacker Valley Studio, and the human element of cybersecurity programs. You can find Ron and Chris at hackervalley.studio or on Twitter @TheHackerValley. And be sure to check out their LinkedIn to give them a vote for the Best New Cybersecurity Podcast for the EU Cybersecurity Blogger Awards! Thanks for listening and have a great week.

WEEKLY: Microsoft Teams ATO Vulnerability, APT32, & Uptick In Ransomware

Fri, 01 May 2020 14:16:33 -0400

Jamie, Adam, and Demelza join Viktoria for this week’s threat intelligence updates.Top stories this week include:- Vulnerability allowed hijacking of Microsoft Teams account with a GIF- APT32 seeks pandemic intel from Wuhan government, Chinese ministry- Microsoft Intelligence team report on uptick in ransomwareCheck out our intelligence summary for more details here: https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this week***Charitable Endeavors on Cybercriminal Forums: https://www.digitalshadows.com/blog-and-research/charitable-endeavors-on-cybercriminal-forums/Krebs article that features our blog: https://krebsonsecurity.com/2020/04/how-cybercriminals-are-weathering-covid-19/SANS Webinar with Rick Holland: https://www.sans.org/webcasts/security-leadership-managing-turbulent-times-presented-summits-113310Microsoft Blog on Uptick in Ransomware: https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/

WEEKLY: Maze Ransomware Infiltrates Cognizant, Czech NCISA Warning, And Third Party Risk Assessment

Fri, 24 Apr 2020 14:36:42 -0400

Maze Ransomware Infiltrates Cognizant, Czech NCISA Warning, And Third Party Risk Assessment PrioritiesAlex, Kacey, Charles, and Harrison host this week’s ShadowTalk for threat intel updates including Maze ransomware updates, a warning of an imminent threat from the Czech NCISA, priorities for third party risks assessments, and the Nulled Cracking Forum going mobile. Finally, Harrison passes the torch to Alex for hosting ShadowTalk. We’ll miss you, HVR! Grab this week’s full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Top Priorities for 3rd Party Risk Assessments: https://www.digitalshadows.com/blog-and-research/top-priorities-for-3rd-party-risk-assessments/Zoom Security and Privacy Issues: https://www.digitalshadows.com/blog-and-research/zoom-security-privacy-issues/Nulled Cracking Forum Going Mobile: https://www.digitalshadows.com/blog-and-research/nulled-modern-cybercriminal-forum-mobile/What the Wire Can Teach us About Cybersecurity: https://www.digitalshadows.com/blog-and-research/what-the-wire-can-teach-us-about-cybersecurity/

WEEKLY: SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

Fri, 17 Apr 2020 13:42:42 -0400

This week we have new ShadowTalk guest joining us from London, Demelza! She joins Viktoria and Jamie for our threat intel update this week to cover a data breach at the San Francisco airport, Fin6 updates, and how Sodinokibi is attempting to hide their money trail by switching form Bitcoin to Monero.Check out this week’s Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summaryThanks for tuning in, and stay safe out there!***Resources This Week***Remote Working Threat Model Webinar: https://resources.digitalshadows.com/webinars/threat-model-of-a-remote-worker-recorded-webinar SFO Breach: https://threatpost.com/sfo-websites-hacked-airport-discloses-data-breach/154709/Remote Working and the Future of Cyber Security [Blog]: https://www.digitalshadows.com/blog-and-research/covid-19-remote-working-and-the-future-of-cyber-security/ More COVID19 Threat Intel Resources: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources

WEEKLY: COVID-19 Third Party App Risks, Zoom, And DarkHotel Hackers

Fri, 10 Apr 2020 14:33:44 -0400

Coming to you from Dallas this week - we have Kacey, Harrison, Alex, and Charles. This week the team talks through third party app risks as they relate to COVID-19, as well as touch on security considerations for video conferencing platforms. We also talk through the latest story around the DarkHotel hackers using a VPN zero-day to compromise Chinese government agencies. Check out this week’s Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summaryAnd for all of our threat intel resources around COVID-19: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources***Resources from this week***Third party app risks blog from Kacey: https://www.digitalshadows.com/blog-and-research/covid-19-risks-of-third-party-apps/Webinar: Threat Model of a Remote Worker (April 16th): https://info.digitalshadows.com/Webinar-Threat-Model-of-a-Remote-Worker.html?Source=podcastSANS webinar recording with Alex: https://www.sans.org/webcasts/archive/2020DarkHotel news: https://www.zdnet.com/article/darkhotel-hackers-use-vpn-zero-day-to-compromise-chinese-government-agencies/

WEEKLY: Zoom Zero-Day Vulnerabilities and Fin7 Delivering Malware Via Snail Mail

Fri, 03 Apr 2020 12:23:04 -0400

Hey all you cool cats and kittens! We’ve got a brand-new threat intel episode for you coming from our virtual podcast studio with Adam, Jamie, and Viktoria.The team chat through the latest Zoom zero-day flaws discovered, and the story around Fin7 delivering malware via USB sticks and teddy bears in the mail. Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryStay safe out there!***Resources From this Week***Digital Risk Remediation blog: https://www.digitalshadows.com/blog-and-research/the-digital-risk-underdog-remediation/Webinar ‘Operationalizing Alerts: The Problem with Sitting in Triage’: https://info.digitalshadows.com/Operationalizing-Alerts_Reg.html?Source=podcastMore COVID-19 Content: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources

WEEKLY: Remote Worker Threat Model And Cybercrime Updates

Fri, 27 Mar 2020 14:55:32 -0400

This week the team looks at some Coronavirus threat intel updates including a Threat Model of the Remote Worker and the top businesses and industries most likely to be targeted by cyber attacks. Then the team looks at some cybercrime stories including how the Kapusta service is using marketing tactics, and a story around FSB arresting a cybercrime group. Finally … an advanced persistent… cow?Hear this and more from Kacey, Alex, Harrison, and Rick in this week’s episode!***Resources from this week***COVID-19 (Coronavirus) Resources: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesThreat Model of a Remote Worker: https://www.digitalshadows.com/blog-and-research/threat-model-of-a-remote-worker/Phishing Research Webinar Recording: https://resources.digitalshadows.com/webinars/beware-of-phishers-research-webinarKapusta: https://www.digitalshadows.com/blog-and-research/kapusta-world-exemplifying-cybercriminal-marketing-in-the-modern-era/FSB Arrests Cybercrime Group: https://www.cyberscoop.com/buybest-hackers-arrested-fsb-russia/

WEEKLY: Slack Vulnerability, Apollon Dark Web Exit Scam, And Online Brand Protection

Fri, 20 Mar 2020 16:42:52 -0400

We’ve got Adam and Jamie joining Viktoria remotely for this week’s ShadowTalk! The London crew chats through the Slack vulnerability story, the news around the Dutch government losing hard drives with data of 6.9 million registered donors, the Apollon Dark Web Exit Scam, and who should own brand protection within an organization. Don’t miss our special episode this week with CISO Rick Holland, Alex, and Harrison on Coronavirus Threat Intel updates and advice. Thanks for listening and stay safe out there! ***Resources from this week***Coronavirus Threat Intel Resources: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesApollon Dark Web Exit Scam: https://www.digitalshadows.com/blog-and-research/apollon-dark-web-marketplace-exit-scams-and-ddos-campaigns/Online Brand Protection Guide (from Viktoria herself!): https://www.digitalshadows.com/blog-and-research/the-complete-guide-to-online-brand-protection/We’ve also got a few webinars coming up if you’re interested in our online events. Check them out at https://resources.digitalshadows.com/webinars

SPECIAL EPISODE: Coronavirus: Cybercrime Reactions And CISO Advice

Thu, 19 Mar 2020 19:43:33 -0400

CISO and VP of Strategy, Rick Holland, joins Alex and Harrison for this special episode to discuss how cybercriminals are exploiting Coronavirus (COVID-19). With regards to Coronavirus, the team looks at:- What kinds of discussions are taking place right now on the dark web and other criminal outposts?- What should organizations be on the lookout for right now?- Advice for other CISOs and security practitioners For more information, check out our Coronavirus threat intelligence resources at https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesWe’ll continue to update this page with new content as we see further developments, so check back for more. Thanks for listening and stay safe!

WEEKLY: Necurs Botnet, SMB Vulnerability, Coronavirus Scams, And Dark Web Updates

Fri, 13 Mar 2020 14:14:11 -0400

Dallas is packing up the podcast… don’t fret. The team is just moving offices. RIP (rest in podcast).The team also packs a ton of news updates in this week. (Yeah, we went there). Here’s this week’s highlights:- Necurs Botnet Indictment- TA505- SMB Vulnerability: Cve 2020 0796- Coronavirus Scams, Fraud, and Misinformation- New cybercrime findings from the team on Envoy and KilosRounding up this week, we have some Pi Day history (and jokes of course!). Thanks for listening. Check out this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary. ***Resources From this Week***Coronavirus Scams, Fraud, and Misinformation Findings: https://www.digitalshadows.com/blog-and-research/how-cybercriminals-are-taking-advantage-of-covid-19-scams-fraud-misinformation/Envoy Addressing Suicide Awareness: https://www.digitalshadows.com/blog-and-research/how-one-cybercriminal-forum-is-helping-to-address-suicide-awareness-envoy/Kilos Dark Web Search Engine: https://www.digitalshadows.com/blog-and-research/dark-web-search-engine-kilos/

WEEKLY: Banking Trojan Steals Google Authen Codes, Ransomware Attacks Epiq, & Tesco Clubcard Fraud

Fri, 06 Mar 2020 12:00:00 -0500

Lots of threat intelligence news updates in this week’s ShadowTalk episode with Jamie Collier, Adam Cook, and Viktoria Austin. Top stories this week include:- NCSC advising consumers on security precautions around smart cameras and baby monitors- Banking Trojan steals Google Authenticator app codes- Ransomware Attack on Epiq Legal Services- Tesco Clubcard fraud warning- Boots Advantage Card hit by cyber attack Get this week’s Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From This Week***NCSC smart camera and baby monitor warning: https://www.bbc.com/news/technology-517066312FA in Review: https://resources.digitalshadows.com/whitepapers-and-reports/two-factor-in-review Dark Web Search Engine Kilos: https://www.digitalshadows.com/blog-and-research/dark-web-search-engine-kilos/

SPECIAL EPISODE: FBI Releases Its Internet Crime Complaint Center (IC3) Report 2019

Tue, 03 Mar 2020 13:49:29 -0500

Alex, Harrison, and Rick discuss this year’s FBI IC3 (Internet Crime Complaint Center) report. In 2019, the FBI responded to over 460,000 complaints and observed estimated losses of over $3.5 billion across all instances of reported cybercrime. In comparison, there were over 350,000 complaints and $2.7 billion in losses, as reported in the previous year’s 2018 IC3 report. That’s a 33% increase in the number of reports and a 30% increase in total reported losses from 2018 to 2019.The team covers:- Business Email Compromise- Phishing- Reported Financial Losses skyrocketing for victims under 20- RansomwareCheck out our blog for more here: https://www.digitalshadows.com/blog-and-research/Check out the full FBI IC3 report here: https://pdf.ic3.gov/2019_IC3Report.pdf

WEEKLY: Data Breaches, Stalkerware, and Dopplepaymer ransomware

Fri, 28 Feb 2020 01:26:36 -0500

Coming to you from Dallas this week - we’ve got Charles, Kacey, Harrison, and Alex.First up - 3 data breaches this week:1. Decathlon Spain (and also potentially their UK entity)2. Clevguard3. Department of Defense’s Defense Information Systems Agency (DISA)Then we look at the Dopplepaymer ransomware, who launched a site this week. Finally Harrison shares some details around his new blog mapping MITRE ATT&CK to the Equifax Indictment. To check out this week’s intelligence summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Equifax Indictment Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attck-to-the-equifax-indictment/

WEEKLY: OurMine hacks FC Barcelona & Olympics twitter handles, Adsense email extortion, & phishing

Fri, 21 Feb 2020 11:27:47 -0500

Adam and Phil join Viktoria to ‘cause a storm’ on this week’s episode. But first - we get a rundown of the brand new Photon research blog this week around phishing from Harrison and Alex. This Week’s Agenda:1. New phishing ecosystem research we just dropped this week - check it out for some interesting new data findings: https://www.digitalshadows.com/blog-and-research/the-ecosystem-of-phishing/2. OurMine Hacks FC Barcelona and Olympics Twitter Handles 3. Google AdSense Email Extortion Scam4. FBI IC3 ReportCheck out this week’s Intelligence Summary (INTSUM) at https://resources.digitalshadows.com/weekly-intelligence-summaryIf you’re headed to RSA Conference, don’t miss meeting the team! Stop by Booth 4617 or our Security Leaders Party Wednesday night! ***Resources From this Week***Phishing Research: https://www.digitalshadows.com/blog-and-research/the-ecosystem-of-phishing/RSA party registration: https://info.digitalshadows.com/RSASecurityLeadersParty2020.html?source=DS-team

WEEKLY: yOurMine, Equifax Indictment, and SWIFT POC attack

Fri, 14 Feb 2020 10:39:04 -0500

Roses are red, violets are blue, here’s our threat intel podcast, just for you!Kacey, Charles, Alex, and Harrison have a Valentine’s special for you all. This week the team covers:- OurMine hacks- The Equifax Indictment- SWIFT POC attackGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this Week***ACH paper: https://resources.digitalshadows.com/whitepapers-and-reports/applying-the-analysis-of-competing-hypotheses-to-the-cyber-domain

SPECIAL EPISODE: Threat Report ATT&CK Mapping (TRAM) With MITRE’s Sarah Yoder & Jackie Lasky

Tue, 11 Feb 2020 07:00:30 -0500

Sarah Yoder and Jackie Lasky from MITRE join Rick Holland and Harrison Van Riper in this guest episode to talk through their tool, Threat Report ATT&CK Mapping (TRAM). Both Sarah and Jackie are Cyber Security Engineers at The MITRE Corporation and presented this new tool at the recent SANS CTI Summit. During the discussion, they talk through:- What brought them to MITRE- TRAM - what it is, goals that the project was designed to address, and how to get involved- Highlights and key takeaways from the SANS CTI SummitHuge thanks to Sarah and Jackie for joining! ***Resources From this Episode***Slides from SANS Session: https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1579547257.pdfGithub page: github.com/mitre-attack/tram Sarah’s Twitter: https://twitter.com/sarah__yoder

WEEKLY: CTI Frameworks, Wawa Breach Updates, APT34, And Coronavirus Phishing Scams

Fri, 07 Feb 2020 10:52:50 -0500

January was a looooong year. Anyone else? In this week’s episode, Jamie starts by talking about his recent blog, Cyber Threat Intelligence Frameworks, with 5 rules for integrating these frameworks within your organization. Viktoria and Jamie also discuss:- APT34, where Iranian hackers targeted U.S. Gov vendor, Westat- Wawa Breach Developments- Coronavirus Phishing Scams- Winnti Group targeting Hong Kong universitiesCheck out this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Jamie’s CTI Blog: https://www.digitalshadows.com/blog-and-research/cyber-threat-intelligence-frameworks-5-rules-for-integrating-these-frameworks/

WEEKLY: SANS CTI Summit, Snake Ransomware, CacheOut, And Citrix Vuln Update

Fri, 31 Jan 2020 10:38:04 -0500

Rick Holland jumps in to kick-off this week’s episode to recap the 2020 SANS CTI Summit with Harrison. Then Harrison, Alex, Kacey, and Charles talk through other top stories of the week including: - Snake Malware- Competitions we’re seeing on Russian-language cybercriminal forums- Citrix Vulnerability Update - New ‘CacheOut’ Attack Targets Intel CPUsRounding off the episode, the team shares their favorite infosec twitter post of the week to spice up the episode. Have a great week! ***Resources From this Week*** - SANS CTI Summit Recap: https://www.digitalshadows.com/blog-and-research/sans-cyber-threat-intelligence-summit-2020-a-recap/- Competitions on Russian-language cybercriminal forums blog: https://www.digitalshadows.com/blog-and-research/competitions-on-russian-language-cybercriminal-forums-sharing-expertise-or-threat-actor-showboating/- Cyber Threat Intel Frameworks blog: https://www.digitalshadows.com/blog-and-research/cyber-threat-intelligence-frameworks-5-rules-for-integrating-these-frameworks/- CVE-2019-19781: Analyzing the Exploit: https://www.digitalshadows.com/blog-and-research/cve-2019-19781-analyzing-the-exploit/

WEEKLY: Citrix Vulnerability, Microsoft Data Breach, and Telnet Credentials Published

Sun, 26 Jan 2020 21:00:15 -0500

Following on from last week, Citrix released a first set of patches to fix a vulnerability (CVE-2019 -19781) affecting the company’s NetScaler ADC Application Delivery Controller and it’s Citrix Gateway. Viktoria and Richard Gold discuss how organizations can mitigate the risk.Adam and Phil then join Viktoria to discuss other top stories of the week including 250 million Microsoft customer service and support records exposed on the web. The team also discusses a story where a list of Telnet credentials for more than 515,000 servers, home routers, and IoT devices was published on a hacking forum last week and how this story demonstrates the risk posed when threat actors are able to compromise large collections of IoT devices. ***Resources from this week***Charles’ Blog: https://www.digitalshadows.com/blog-and-research/cve-2019-19781-analyzing-the-exploit/Weekly Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-24-jan-2020

WEEKLY: NSA Vulnerability Disclosure, Ransomware News, And Iran Updates

Fri, 17 Jan 2020 11:28:21 -0500

Kacey, Charles, Alex, and Harrison host this week’s threat intelligence update from Dallas. We kick off with vulnerabilities from the week. This includes both the NSA CVE and Citrix CVE. The team talks through what the vulnerabilities are and why they’re important. Then the team talks through ransomware updates including Cryptonite ransomware as a service, Sodinokibi operators threatening to release Travelex data, and Nemty operators threatening to release victim data. Finally Harrison gives a quick update around Iran.To access this week’s intelligence summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this Week***Rick’s Blog on NSA Vulnerability Disclosure: https://www.digitalshadows.com/blog-and-research/nsa-vulnerability-disclosure-pros-and-cons/CVE-2019-19781: Analyzing the Exploit: https://www.digitalshadows.com/blog-and-research/cve-2019-19781-analyzing-the-exploit/Cryptonite Ransomware as a Service: https://www.digitalshadows.com/blog-and-research/cryptonite-ransomwares-answer-to-superman/

WEEKLY: Iranian Cyber Threats, Travelex Ransomware Attack, And Exploit Forum Updates

Fri, 10 Jan 2020 11:49:52 -0500

We’re back with our weekly ShadowTalk episodes! Viktoria hosts this week and introduces the episode bringing Sammy on to provide some regional insight and context around the Iranian cyber threat and discusses whether a cyber response is likely. Then Adam and Viktoria discuss other tops stories from the week including a ransomware outage for Travelex, Xiaomi Mijia camera data exposed, and bc[.]monster updates on Exploit forum.Check out our Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summaryExcited for what 2020 will bring - thanks for listening! ***Resources from this Week***Practical Advice around Iranian Cyber Threats: https://www.digitalshadows.com/blog-and-research/iranian-cyber-threats-practical-advice-for-security-professionals/Iranian APT Groups’ Tradecraft Styles: https://www.digitalshadows.com/blog-and-research/iranian-apt-groups-tradecraft-styles-using-mitre-attck-and-the-asd-essential-8/Iran and Soleimani: Monitoring the Situation: https://www.digitalshadows.com/blog-and-research/iran-and-soleimani-monitoring-the-situation/

SPECIAL EPISODE: Iranian Cyber Threats: Practical Advice From CISO Rick Holland

Mon, 06 Jan 2020 19:20:46 -0500

Rick Holland (CISO at Digital Shadows) joins Harrison to share his thoughts on the Iranian cyber threat and what it means for cyber defenders. What should security practitioners be concerned with within the cyber sphere? Rick and Harrison discuss:- How threat du jour thinking isn’t an adequate defense model- Communicating up the chain of command effectively - Attack Techniques used by Iranian State Actors - What you can do proactively as a Security Practitioner- Why haven’t we seen any significant cyberattacks yet? We’re continuing to monitor the situation, so check back at https://www.digitalshadows.com/blog-and-research/ for more info from our team. ***Resources This Episode***Rick’s blog on the topic: https://www.digitalshadows.com/blog-and-research/iranian-cyber-threats-practical-advice-for-security-professionals/ Rich Gold’s blog on Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework: https://www.digitalshadows.com/blog-and-research/mapping-the-asd-essential-8-to-the-mitre-attck-framework/

Jingle Bell Ryuk: NOLA Ransomware, Ring Doorbells, And 2020 Predictions

Wed, 18 Dec 2019 11:53:52 -0500

CISO Rick Holland joins our ShadowTalk hosts (Viktoria, Alex, and Harrison) for our holiday special! This week the team covers:- Ring Doorbell security- New Orleans victim of Ryuk Ransomware- Predictions for 2020 in cybersecurity- A lightning round of holiday questionsThanks to all of you listeners for tuning in each week in 2019. We’ve had a great time chatting each week across the globe, and we’re looking forward to another great year of ShadowTalk in 2020!Cheers!P.S. Check out our holiday photo on Twitter @digitalshadows! ***Resources From the Week***2020 Cybersecurity Forecasts blog from Alex: https://www.digitalshadows.com/blog-and-research/2020-cybersecurity-forecasts-5-trends-and-predictions-for-the-new-year/Download our intelligence summaries at https://resources.digitalshadows.com/weekly-intelligence-summary

Tochka Dark Web Market Offline, Market.ms Closes, And Data Leakage Stories

Fri, 13 Dec 2019 14:24:46 -0500

Alex, Harrison, Kacey, and Charles chat this week on some dark web and cybercriminal updates, data leakage stories that have hit the news, plus a GDPR story where an ISP was hit with a €9.6 Million Fine.We’ve got a new format for our weekly intelligence summary report. Check it out at https://resources.digitalshadows.com/weekly-intelligence-summaryThanks for listening and look out for our special (holiday-themed) final ShadowTalk episode of the year next week! ***More Resources This Week***TMI blog on data leakage: https://www.digitalshadows.com/blog-and-research/2-billion-files-exposed-across-online-file-storage-technologies/ Over One Billion Email-Password Combos Leaked Online: -https://www.infosecurity-magazine.com/news/one-billion-email-password-combos/ Data Leak Exposes 750K Birth Certificate Applications https://www.infosecurity-magazine.com/news/data-leak-exposes-750k-birth-cert/ Microsoft: 44 Million User Passwords Have Been Breached https://www.infosecurity-magazine.com/news/microsoft-44-million-passwords/ ISP 1&1 Hit With €9.6 Million GDPR Fine: https://www.infosecurity-magazine.com/news/isp-11-hit-with-96-million-gdpr/

Cybercriminal Forum Research, Mixcloud Breach, and International Crackdown On RAT Spyware

Thu, 05 Dec 2019 16:09:25 -0500

Viktoria invites Stewart Bertram to kick-off this week’s episode around new cybercrime research we put out on the Modern Cybercriminal Forum and how the rise of alternative technologies hasn’t spelled the end of forums, which seem to be prospering against all odds.You can check out the research findings here: https://www.digitalshadows.com/blog-and-research/forums-are-forever-part-1-cybercrime-never-dies/Next Adam Cook joins to discuss the weekly highlights including the Mixcloud Breach and an international crackdown on RAT spyware. Finally, our Intelligence team gives a wider analytical piece on the topic of social media exposure and security standards in this week’s intelligence summary report (INTSUM), so make sure to check out that piece in this week’s report. Weekly Intelligence Summary (INTSUM): https://resources.digitalshadows.com/weekly-intelligence-summary***More Resources From this Week***Modern Cybercriminal Forum Research Report: https://resources.digitalshadows.com/whitepapers-and-reports/the-modern-cybercriminal-forumMixcloud Breach: https://www.infosecurity-magazine.com/news/mixcloud-breach-hits-millions-of/International Crackdown on RAT Spyware: https://www.europol.europa.eu/newsroom/news/international-crackdown-rat-spyware-which-takes-total-control-of-victims%E2%80%99-pcs

Black Friday Deals On The Dark Web, Phineas Fisher Manifesto, And DarkMarket

Fri, 22 Nov 2019 13:48:54 -0500

Adam Cook and Viktoria Austin talk through the security and threat intelligence stories of this week including an update around Phineas Fisher, where the hacker offered up to $100k in what they called the “Hacktivist Bug Hunting Program”. The team also chats through a recent ransomware attack on Veterinary hospitals in the U.S., and some other ransomware updates. Then Viktoria and Adam touch upon some research from our own threat intelligence team (Photon Research), specifically around the dark web, including research into Black Friday deals on the dark web, and a look at DarkMarket. To see more threat intelligence updates from the week, make sure to check out this week’s intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary.Heads-up! We’re taking a break next week with the U.S. Holiday, so we’ll be back in 2 weeks. Have a great Thanksgiving! ***Resources From this Week***Phineas Fisher Manifesto - https://www.vice.com/en_us/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companiesVeterinary Hospitals Ransomware Attacks: https://krebsonsecurity.com/2019/11/ransomware-bites-400-veterinary-hospitals/DarkMarket: https://www.digitalshadows.com/blog-and-research/darkmarkets-feminist-flight-towards-equality-and-the-curious-case-of-canaries/Black Friday Deals on the Dark Web: https://www.digitalshadows.com/blog-and-research/black-friday-deals-on-the-dark-web-a-cybercriminal-shopper-paradise/

BSidesDFW Recap, Dynamic CVV Analysis, And The Facebook Camera Bug

Sat, 16 Nov 2019 14:13:11 -0500

Dallas is sound effects and all this week with Kacey, Charles, Alex, and Harrison. The team discusses their recent OSINT workshop at BSidesDFW and how you can access the training materials, plus Harrison reviews his latest research into dynamic CVVs within the security realm. Finally the team looks at the recent news around the Facebook camera bug and how the public is reacting. Download the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryHave a great week, everyone, and check out our resources below for more details. ***Resources from this week****BSidesDFW 2019 Recap: https://www.digitalshadows.com/blog-and-research/bsidesdfw-2019-osint-workshop-recap/* BSidesDFW OSINT GitHub: https://github.com/digitalshadows/virtualwhale-osint-ctf * Orca: https://github.com/digitalshadows/orca Dynamic CVV Blog* https://www.digitalshadows.com/blog-and-research/dynamic-cvvs-2fa-2furiousFacebook Camera Bug* https://www.scmagazine.com/home/security-news/vulnerabilities/system-bug-gives-facebook-access-to-iphone-cameras/

BlueKeep Attacks, Megacortex Ransomware, and Web.com Breach

Fri, 08 Nov 2019 13:40:51 -0500

This week the London team looks at the following stories:- BlueKeep Exploit Could Rapidly Spread- Megacortex Ransomware Changes Windows Passwords- Japanese Media Company Nikkei - $29 million lost to BEC scam- Web.com Breach- 21 million employee accounts for Fortune 500 companies offered on the dark web Get the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this week***https://www.bleepingcomputer.com/news/security/new-megacortex-ransomware-changes-windows-passwords-threatens-to-publish-data/https://www.cyberscoop.com/nikkei-email-scam-bec-29-million/https://krebsonsecurity.com/2019/10/breaches-at-networksolutions-register-com-and-web-com/

7.5M Adobe Creative Cloud User Records Exposed, City Of Joburg Ransomware Attack, and APT28 Updates

Fri, 01 Nov 2019 13:41:37 -0400

Adam Cook, Philip Doherty, and Viktoria Austin host this week’s ShadowTalk update around an unsecured Elasticsearch database exposing account information of about 7.5 million Adobe Creative Cloud users. The team then looks at the news story around the City of Johannesburg experiencing a ransomware attack as well as APT28 (aka Fancy Bear) targeting anti-doping authorities and sporting organizations. ***Resources from this week’s episode***- BriansClub Blog from Viktoria: https://www.digitalshadows.com/blog-and-research/cybercriminal-credit-card-stores-is-brian-out-of-the-club/ - Understanding Different Cybercriminal Platforms: https://www.digitalshadows.com/blog-and-research/understanding-the-different-cybercriminal-platforms-avcs-marketplaces-and-forums/- Too Much Information - The Sequel: https://resources.digitalshadows.com/whitepapers-and-reports/too-much-information-the-sequel- Adam’s World Cup Blog: https://www.digitalshadows.com/blog-and-research/threats-to-the-2018-football-world-cup/ News Stories:https://www.zdnet.com/article/adobe-left-7-5-million-creative-cloud-user-records-exposed-online/https://www.ccn.com/johannesburg-shuts-down-bitcoin-ransomware-attack/

Avast Breach Attempt, NordVPN Breach, And Wifi Security Risks

Fri, 25 Oct 2019 16:51:36 -0400

We’ve got all 3 ShadowTalk hosts in Dallas this week: Harrison Van Riper, Viktoria Austin, and Alex Guirakhoo. The team first looks at Avast, which encountered a cyber espionage attempt. Then NordVPN announced that a hacker had breached servers used by NordVPN. And finally Dr. Richard Gold put out a new blog this week on dispelling the myths around using public wifi, so the team helps summarize some of the key points. Check out the full blog at https://www.digitalshadows.com/blog-and-research/wifi-security-dispelling-myths-of-using-public-networks/To check out our weekly intelligence summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-17-oct-24-oct-2019More Resources from this week’s episode:- Avast breach attempt: https://blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss- NordVPN breach & PR nightmare: https://nakedsecurity.sophos.com/2019/10/23/hacker-breached-servers-used-by-nordvpn/- Krebs: https://krebsonsecurity.com/2019/10/avast-nordvpn-breaches-tied-to-phantom-user-accounts/

Singapore Cyber Threat Landscape Updates 1H 2019

Wed, 23 Oct 2019 13:41:19 -0400

Adam Cook, Philip Doherty, and Xueyin Peh join Viktoria Austin for a special ShadowTalk episode around the Singapore Cyber Threat Landscape. The team looks at the heightened threat level for Singapore, why it’s being targeted, and the types of organizations being impacted. Read the full analysis in our blog post here: https://www.digitalshadows.com/blog-and-research/singapore-cyber-threat-landscape-report-h1-2019/

Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability

Fri, 18 Oct 2019 11:54:06 -0400

Fall is upon us! Kacey, Charles, Harrison, and Alex kick off this week’s episode talking about our Fall Dallas team event (an amateur version of Chopped). We’re now all professional chefs. Then the team dives into this week’s hot topics:- Typosquatting and the 2020 Elections: https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/- Honeypots: https://www.digitalshadows.com/blog-and-research/honeypots-tracking-attacks-against-misconfigured-or-exposed-services/- The Sudo Vulnerability: https://threatpost.com/sudo-bug-root-access-linux/149169/- Security Bsides Workshop Talk: http://www.securitybsides.com/w/page/134870340/DFW_2019- Orca: https://github.com/digitalshadows/orcahttps://twitter.com/maxdose_/status/1184429401338982401?s=12 Finally with the Chopped event on our minds, we round off the episode with our favorite dishes we want to learn to cook. Thanks for listening and don’t forget to rate us on iTunes and let us know how we’re doing.

Iran-Linked APT35, Skimming By Magecart 4, Rancour, And Emotet Resurgence

Fri, 11 Oct 2019 12:58:39 -0400

We’re back in London this week! Viktoria chats with Adam Cook, Philip Doherty, and Josh Poole on this week’s top stories:- APT35 Targets Email of US political figures & prominent Iranians - Skimming activity by Magecart 4 reveals potential link to Cobalt Group- Chinese threat group Rancour casts phishing line to South-East Asian government- Emotet Resurgence Resources From This Week: Account Takeover Kill Chain 5 Step Analysis: https://www.digitalshadows.com/blog-and-research/the-account-takeover-kill-chain-a-five-step-analysis/Weekly Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summaryMake sure to subscribe to us wherever you listen to your podcasts for the latest episodes. Thanks for listening!- ShadowTalk team

The Tyurin Indictment- Mapping To The Mitre ATT&CK™ Framework

Wed, 09 Oct 2019 18:58:32 -0400

Director of Security Engineering, Richard Gold, joins Viktoria Austin in this special episode of ShadowTalk to look at the attacker goals, their TTPs, and map this to the Mitre PRE-ATT&CK and ATT&CK framework.Some Background…Between 2012 to mid-2015, U.S. financial institutions, financial services corporations and financial news publishers fell victim to one of the largest computer hacking crimes. The hacking resulted in the theft of information belonging to 100 million customers of the victim companies (including the theft of personal data from 83 million customer accounts at JPMorgan Chase), and securities fraud, in the form of stock market manipulation. While the crimes committed date back to 2015, this week, one of the hackers involved, identified as Andrei Tyurin, pleaded guilty to the following charges: computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with his involvement in a massive computer hacking campaign targeting U.S. financial institutions, brokerage firms, financial news publishers, and other American companies.Learn more in Richard Gold’s blog here: https://www.digitalshadows.com/blog-and-research/mapping-the-tyurin-indictment-to-the-mitre-attck-framework/

Magecart Five Widens Attack Vectors, Targeting of Airbus Suppliers, & Tortoiseshell Developments

Fri, 04 Oct 2019 14:33:05 -0400

Coming to you from London this week, Jamie Collier, Philip Doherty, and Josh Poole join Viktoria Austin for our weekly threat intelligence updates. The team kicks off with a discussion around the top story of the week - Magecart Five Widens Attack Vectors.Recent Magecart Five activity has included loading malicious Javascript files onto commercial-grade Layer 7 routers, injecting malicious code into a free, open-source app module, distributing phishing emails via an unspecified spamming service containing the KPOT trojan, embedding compromised websites with redirect code that results in the download of the RIG or Fallout exploit toolkits onto a target machine, and creating a phishing website imitating “G-Cleaner”, a w Windows garbage cleanup tool. The team also discussed the other top stories of the week including:- Suspected Chinese Threat Actor Targets Airbus Suppliers- Tortoiseshell Lures American military-veteran job seekers- Zendesk discloses 2016 data breachCheck out the full threat intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary

Tortoiseshell Targets IT Providers, The Tyurin Indictment, And Emotet’s Return

Fri, 27 Sep 2019 14:01:03 -0400

Viktoria hosts this week’s episode in London with Phillip Doherty and Adam Cook. After a quick debate around the top trending sports at the moment, the team digs into the first story of the week: Tortoiseshell Group (a newly identified threat group) has reportedly conducted some supply chain attack campaigns against 11 IT providers in Saudi Arabia. Next they look at two new malware variants that have emerged, attributed to North Korean-associated Lazarus Group. Emotet botnet has been hot in the news lately, so the team also talks about its emergence. Finally the team rounds up the week with the Tyurin indictment, where Andrei Tyurin pleaded guilty to one of the largest computer hacking crimes involving US financial institutions, financial services, and news publishers. Our own Richard Gold published a blog mapping the indictment to the MITRE ATT&CK framework - definitely worth a read below. To learn more, check out our weekly intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary. Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework: https://www.digitalshadows.com/blog-and-research/mapping-the-tyurin-indictment-to-the-mitre-attck-framework/

NCSC Threat Trends And Ransomware Updates

Fri, 20 Sep 2019 13:58:29 -0400

It’s Harrison and Alex this week for your threat intelligence updates. The guys first dig into the NCSC’s recent threat trends report, the first of these that the NCSC has put out. It’s UK-specific, so just like we’ve shared thoughts around the FBI IC3 annual report in the past, which is heavily geared toward the US, it’s good to look across the pond as well. The team digs into 3 main areas: - Office365- Ransomware trends including updates on Emotet, Ryuk, LockerGoga, Bitpaymer, Nemty, and GandCrab- Supply Chain AttacksThe team also digs into some recent research around B.Wanted. A few weeks ago, there was a story that Brian Krebs reported on: essentially a user on a dark web forum was offering to sell access to a federal contractor who managed 20+ different federal agencies. Specifically we were looking into the threat actor responsible for selling the access, who goes by the name B.Wanted. The guys dig into some different theories.Finally we round out the episode with some top shows on Netflix to add to your lists. Enjoy your weekends! Get the weekly intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryResources from this week:NCSC Cyber Threat Trends: https://www.digitalshadows.com/blog-and-research/ncsc-cyber-threat-trends-report-analysis-of-attacks-across-uk-industries/Nemty Ransomware: https://www.digitalshadows.com/blog-and-research/nemty-ransomware-slow-and-steady-wins-the-race/Purple Teaming podcast episode with Eliza May Austin: https://dts.podtrac.com/redirect.mp3/podcasts.apple.com/us/podcast/purple-teaming-an-interview-with-eliza-may-austin/id1326304686?i=1000450023564

Purple Teaming: An Interview With Eliza May Austin

Mon, 16 Sep 2019 16:05:35 -0400

In this episode, Viktoria interviews Eliza May Austin (CEO & Co-Founder of th4ts3cur1ty.company), and our own Richard Gold and James Chappell on Purple Teaming, a security assessment that combines both blue teaming and red teaming. The team discusses:- How do we make the blue and red teams collaborate better?- Is purple teaming a cost-effective measure when it comes to a less mature organization?- Why Purple Teaming needs to be at the forefront- What systems would you start testing with the purple team approach? - And more! We end the discussion with a quick overview of Eliza’s other passion: Ladies of London Hacking Society.To learn more, check out this episode’s resources:- https://th4ts3cur1ty.company/- Ladies Hacking Society: https://llhs.com/- Purple Team like you’re preparing for war: https://medium.com/@always0ddba1l/purple-team-like-your-preparing-for-war-ea17cd4d4a91- Purple Teaming with Vector, Cobalt Strike, and MITRE ATT&CK: https://www.digitalshadows.com/blog-and-research/purple-teaming-with-vectr-cobalt-strike-and-mitre-attck/

Metasploit Project Publishes Exploit For Bluekeep, plus APT3 and Silence Cybercrime Group Updates

Fri, 13 Sep 2019 01:09:35 -0400

Viktoria Austin is joined by Adam Cook and Phil Dohetry this week in the London office to talk about the top story this week: Metasploit Project publishes exploit for Bluekeep bug. Our Photon Research Team tested the Metasploit exploit in their lab environment and has successfully exploited an unpatched Windows 7 machine. “The exploit not only gives the attacker remote access to a target system, but also gives the attacker the highest level of privilege on the target.” - Dr. Richard GoldThe team then shares updates around APT3 and the Silence cybercrime group.To learn more, check out the full weekly intelligence report at https://resources.digitalshadows.com/weekly-intelligence-summary. Interested in more threat intelligence updates? Sign up to receive our weekly updates at https://info.digitalshadows.com/EmailSubscription-Podcast_Reg.html.

Ryuk Ransomware, Twitter Rids SMS Tweets, And Facebook Records Exposed

Sat, 07 Sep 2019 01:48:55 -0400

Alex, Alec, and Harrison are in the room today discussing 3 top stories from the week. First up - a hacker deploys Ryuk ransomware against the city of New Bedford, Massachusetts, demanding $5.3 million. What was interesting, though, was that the city tried to negotiate with the attackers for a lower ransom of $400k, but the attackers didn’t want it and ended up cutting off communications. Next the guys chat through the suspension of Twitter’s SMS-based tweet function after the news of Twitter CEO Jack Dorsey’s Twitter account was “hacked”. An interesting attack surface incident for phone numbers. Finally the team discusses an exposure incident where 419 million Facebook records were exposed. So “Come on down” and listen to this week’s ShadowTalk. (The guys thought it would be fun to play The Price is Right at the end … do we like it? Let us know what fun questions you want answered each week).Get the weekly intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryResources from this week:https://www.bleepingcomputer.com/news/security/hackers-ask-for-53-million-ransom-turn-down-400k-get-nothing/https://www.bleepingcomputer.com/news/security/twitter-suspends-sms-based-tweeting-after-high-profile-account-hacks/https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/

More Sodinokibi Activity, Imperva Breach, And Weirdest Food At The Texas State Fair

Fri, 30 Aug 2019 17:05:44 -0400

Rick Holland and Alex Guirakhoo join Harrison Van Riper this week to talk through more Sodinokibi activity. Just yesterday, a cloud hosting provider for Digital Dental Records was hit with Sodinokibi, apparently affecting around 400 different dental providers around the US. It seems like were hearing about more and more people actually paying out these ransom demands. Do we think it’s just a reporting bias or do we think they’re actually paying out more often? Then the team looks at the Imperva breach, where its Incapsula Web Application Firewall product was inadvertently exposing some data, including email addresses, hashed and salted passwords, API keys and SSL certificates. Google’s Project Zero also discovered a series of 0-day exploits being actively used in the wild targeting iPhones. The team discuses how this will factor into risk models moving forward. We close out with everyone’s top (and weirdest) choices at the Texas State Fair. Yummmmm. Enjoy :) Resources From this Week’s Episode:More Sodinokibi activityhttps://www.scmagazine.com/home/security-news/dentist-offices-nationwide-hit-with-revil-ransomware-attacks/ https://krebsonsecurity.com/2019/08/ransomware-bites-dental-data-backup-firm/ https://www.bleepingcomputer.com/news/security/a-look-inside-the-highly-profitable-sodinokibi-ransomware-business/Imperva breachhttps://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/iOS exploits discovered https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html?m=1

Approaching Cybersecurity As A Third Party Defense Contractor

Tue, 27 Aug 2019 11:27:04 -0400

Brian Neely, CIO and CISO at American Systems and Rick Holland, CISO at Digital Shadows join Harrison for a discussion around how Brian approaches cybersecurity as a defense contractor. American Systems has been delivering complex IT and engineering solutions to national priority programs since 1975 and has some interesting use cases.The group discusses:- Top cybersecurity concerns as a third party defense contractor - Advice for listeners with similar threat models where sophisticated, well-resourced adversaries are targeting your environment- Where digital risk protection comes into play including asset exposure, site impersonation, phishing campaigns, and brand misuse online- Managing 2FA company-wide- And more! Resources from this Episode: 2FA research: https://resources.digitalshadows.com/whitepapers-and-reports/two-factor-in-review

Texas Ransomware Outbreaks And Phishing Attacks Using Custom 404 Pages

Fri, 23 Aug 2019 01:10:44 -0400

Charles Ragland (a brand new ShadowTalk-er!) and Christian Rencken join Harrison this week to discuss an outbreak of ransomware attacks impacting local government entities across Texas. The team also discusses some phishing attacks that are using custom 404 pages and how Google is starting to remove FTP support from Chrome. They wrap up this episode with the question of the week: Which future technology most worries you from a cyber security perspective? Check out this week’s full intelligence summary at resources.digitalshadows.com Share feedback with us! DM us @digitalshadows on Twitter or email us at messages@digitalshadows.com. Some resources to check out this week:- https://www.bleepingcomputer.com/news/security/hackers-want-25-million-ransom-for-texas-ransomware-attacks/ - https://www.us-cert.gov/ncas/current-activity/2019/08/21/cisa-insights-ransomware-outbreak - https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-using-custom-404-pages/- https://www.bleepingcomputer.com/news/google/google-has-started-removing-ftp-support-from-chrome/

Breach! Exploring The Modern Digital Breach With Cyber Defense Lab’s CEO Bob Anderson: Part 2

Tue, 20 Aug 2019 12:00:28 -0400

What practical steps should organizations and the professionals within them be thinking about in this new world? We have a special two-part series where Rick Holland, VP Intelligence and CISO at Digital Shadows, interviews Bob Anderson, CEO at Cyber Defense Labs and James Chappell, co-founder and Chief Innovation Officer at Digital Shadows.In part 2, the team looks at:- Steps you can take into your programs today as a security or business leader- Advice for boards on how to do to deal with breaches- Knowing your data - What do organizations need to be doing when it comes to understanding and protecting their digital footprint? - Mistakes organizations make in the response stage Bob Anderson’s Bio:Anderson is a former national security executive, serving 20+ years with the Federal Bureau of Investigation (FBI). During this time, Anderson served in several senior level positions, ultimately rising to become executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch where he oversaw all FBI criminal and cyber investigations worldwide, international operations, critical incident response, and victim assistance. Anderson has directed strategic initiatives and operations for high-profile international investigations in partnership with several Fortune 50 companies, along with U.S. Departments of Defense, Justice, Energy, and Treasury, the U.S. Intelligence Community, and other federal agencies.Having been directly involved in investigating and prosecuting some of the most famous spies in U.S. history as part of his law enforcement career, Anderson is an expert in cybercrimes, counterintelligence, economic espionage, theft of proprietary information and trade secrets, critical incident management, and has been retained as an expert witness in several ongoing litigations.

Nightmare Market In Disarray And SEC Investigation Into Data Leak At First American Financial Corp

Fri, 16 Aug 2019 13:52:56 -0400

Harrison is back! Alex and Christian join this week to discuss how Black Hat and DEFCON went last week, analyze the irregularities of the dark web criminal market, Nightmare, and explore the story reported by Krebs on the SEC investigation into the data leak at First American Financial Corp. Shout-out to all of our new listeners - thanks for your interest and let us know what we can do to continue improving the podcast! Check out the blog on Nightmare Market at https://www.digitalshadows.com/blog-and-research/fresh-blow-for-dark-web-markets-nightmare-market-in-disarray/KrebsonSecurity article: https://krebsonsecurity.com/tag/first-american-financial-corp/Find the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-08-aug-15-aug-2019

Breach! Exploring The Modern Digital Breach With Cyber Defense Lab’s CEO Bob Anderson - Part 1

Tue, 13 Aug 2019 10:46:31 -0400

It seems like we read about new breaches every day. What’s changing? How is exposure and the adoption of digital technology changing the breach landscape? We have a special two-part series where Rick Holland, VP Intelligence and CISO at Digital Shadows, interviews Bob Anderson, CEO at Cyber Defense Labs (https://cyberdefenselabs.com/) and James Chappell, co-founder and Chief Innovation Officer at Digital Shadows. In Part 1, the team looks at:- How the breach landscape has evolved- The role of the dark web in a data breach- Are we seeing more breaches or are they getting reported more?- And other war stories from the folks in the room In Part 2, the team will give guidance and suggestions for enterprises trying to deal with the threat landscape. Stay tuned! ***About Bob Anderson:Anderson is a former national security executive, serving 20+ years with the Federal Bureau of Investigation (FBI). During this time, Anderson served in several senior level positions, ultimately rising to become executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch where he oversaw all FBI criminal and cyber investigations worldwide, international operations, critical incident response, and victim assistance. Anderson has directed strategic initiatives and operations for high-profile international investigations in partnership with several Fortune 50 companies, along with U.S. Departments of Defense, Justice, Energy, and Treasury, the U.S. Intelligence Community, and other federal agencies.Having been directly involved in investigating and prosecuting some of the most famous spies in U.S. history as part of his law enforcement career, Anderson is an expert in cybercrimes, counterintelligence, economic espionage, theft of proprietary information and trade secrets, critical incident management, and has been retained as an expert witness in several ongoing litigations.

Capital One Breach, Ransomware Trends, and Threat Actors

Fri, 02 Aug 2019 12:55:00 -0400

Move out of the way, Harrison! We have a brand new host this week: Viktoria Austin, Strategy and Research Analyst, and Photon Research Team member. Viktoria is joined this week by Rose Bernard and Xueyin Peh in the London office. In a malspam campaign, “Sodinokibi” targeted users in Germany using a spoofed Federal Office for Information Security (BSI) email domain and a data breach-themed lure, while in other countries ransomware attacks have been conducted against local government networks and a utility provider.Capital One reported a data breach after an individual accessed an Amazon Web Services (AWS) server used by the organization, cyber espionage operations associated with China-linked “Winnti Group” reportedly targeted chemical and manufacturing organizations in Germany, and a campaign by Chinese state-affiliated threat actor “TA428” dubbed Operation LagTime IT has targeted government entities in East Asia since early 2019.All this and more fun in this week’s ShadowTalk. *Apologies for some audio issues this week - we are working on a fix! The content is still just as great, though :)Read this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryHeading to Black Hat or DEF CON? Stop by our booth #1014 or catch our party Wednesday night. RSVP at https://info.digitalshadows.com/BlackHat-SecurityLeadersParty2019.html?SourceCode=shadowtalk

2FA - Advice For Deployment & A Technical Assessment

Tue, 30 Jul 2019 15:14:40 -0400

Thinking about deploying 2FA? In this special interview, our Head of Cyber Security & IT, Craig Ellis, and our Head of Security Engineering, Dr. Richard Gold, chat with Harrison around how they implemented 2FA internally. The guys discuss proper ways to go about implementing 2FA, some of the issues with implementing 2FA, what happens when things break, and other advice they wish they were given before implementing 2FA. Then Rich and Harrison deep dive into our latest paper, Two-Factor in Review, a technical assessment of the most popular mitigation for account takeover attacks. Check out the full report below to read for yourself. Blog on 2FA: https://www.digitalshadows.com/blog-and-research/the-account-takeover-kill-chain-a-five-step-analysis/Report on Account Takeover: https://resources.digitalshadows.com/whitepapers-and-reports/two-factor-in-review

More BlueKeep updates, FSB contractor hacked, and the Enigma Market

Fri, 26 Jul 2019 14:51:49 -0400

Christian (@Chrencken14) and Travis (@puppyozone) sit down with Harrison (@pseudohvr) to discuss even more BlueKeep updates since last week, as a technical presentation gets uploaded to Github, inching us closer to a full-blown public PoC. the breach and subsequent release of documents from a contractor working with Russia’s FSB intelligence services, and research from the Digital Shadows team about a new marketplace we’ve had our eye on for a few months called Enigma. **Housekeeping note** We’re trying out a new format for the show, and we are keen to get some feedback from you listeners. Tweet @pseudohvr for comments or email messages@digitalshadows.com**Party alert** If you’re heading to Black Hat or Def Con - listen up. We have a party happening Wednesday night of Black Hat at Mandalay Bay you won’t want to miss. It’s right in the middle of the hotel, at Eyecandy Sound Lounge on August 7th, from 7-10pm. Make sure to get on the list before so you avoid the lines: https://info.digitalshadows.com/BlackHat-SecurityLeadersParty2019.html?SourceCode=podcast https://arstechnica.com/information-technology/2019/07/explainer-for-exploiting-wormable-bluekeep-flaw-posted-on-github/https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708 https://www.zdnet.com/article/us-company-selling-weaponized-bluekeep-exploit/https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/https://www.digitalshadows.com/blog-and-research/a-growing-enigma-new-avc-on-the-block/

Interview With Dir Of Threat Intelligence At McDonalds, Brian Hillegas

Wed, 24 Jul 2019 19:49:14 -0400

Director of Threat Intelligence at McDonald’s, Brian Hillegas, speaks with Harrison (@pseudohvr) and CISO Rick Holland (@rickhholland) about where to align your security priorities, the importance of operating cross-functionally in your organization, what the biggest threats are in the cyber landscape at the moment, and what they’re looking forward to at Black Hat and DEF CON this year. The team will be at both events in Vegas this year! Check out what we have planned and RSVP for our party Wednesday night here: https://info.digitalshadows.com/BlackHat2019-Hub.html

FaceApp Overblown, BlueKeep Updates, And Libra’s Lawmaker Showdown

Fri, 19 Jul 2019 20:34:19 -0400

Harrison (@pseudohvr), Alex, and Travis (@puppyozone) talk about the recent FaceApp shenanigans and why they’re actually not that shocking as some reports indicate. Researchers indicate that thousands of systems are still vulnerable to the BlueKeep RDP vulnerability. With a public proof of concept yet to be released, could this be the reason why? Finally, Harrison loves some cryptocurrency news, so the guys chat about Facebook’s cryptocurrency head speaking to US lawmakers about Libra and having a not-so-great time.Cyberwire article with Alex:https://thecyberwire.com/podcasts/cw-podcasts-daily-2019-07-17.html Download this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-11-jul-18-jul-2019FaceApp: https://techcrunch.com/2019/07/17/faceapp-responds-to-privacy-concerns/ **Housekeeping note** We’re trying out a new format for the show, and we are keen to get some feedback from you listeners. Tweet @pseudohvr for comments or email messages@digitalshadows.com**Party alert** If you’re heading to Black Hat or Def Con - listen up. We have a party happening Wednesday night of Black Hat at Mandalay Bay you won’t want to miss. It’s right in the middle of the hotel, at Eyecandy Sound Lounge on August 7th, from 7-10pm. Make sure to get on the list before so you avoid the lines: https://info.digitalshadows.com/BlackHat-SecurityLeadersParty2019.html?SourceCode=podcast

Interview With Deputy CISO At Accenture, Jason Lewkowicz

Tue, 16 Jul 2019 20:28:05 -0400

Harrison interviews Deputy CISO at Accenture, Jason Lewkowicz, and CISO at Digital Shadows, Rick Holland. The group discusses the importance of working functionally as a security team, cyber response plans, and how to keep your security playbooks up to date. Jason also discusses how his team uses Digital Shadows SearchLight™ within their day to day processes. Heading to Black Hat and/or DefCon? Meet the ShadowTalk team at our party Wednesday night at Eyecandy Sound Lounge. Details and guest list here: https://info.digitalshadows.com/BlackHat-SecurityLeadersParty2019.html?SourceCode=shadowtalk

TA505 Global Attacks, Zoom 0-Day, and New Magecart Activity

Fri, 12 Jul 2019 16:14:15 -0400

Kacey (@sudosu_kacey) and Alex join Harrison (@pseudohvr) to walk through this week’s threat intelligence stories. Alex walks us through the highlight story this week: TA505 uses new tools, old tactics in global attacks. Kacey then digs into the zero-day vulnerability identified in Zoom’s macOS software. We also discuss new Magecart activity, the Sodinokibi ransomware, and what our ShadowTalk-ers would name their own ransomware. Get the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-04-jul-11-jul-2019

Marriott Faces GDPR Fines - A DPO and CISO Discussion

Fri, 12 Jul 2019 00:43:00 -0400

Harrison (@pseudohvr) is joined by Digital Shadows co-founder and Data Privacy Officer, James Chappell (@jimmychappell), as well as CISO Rick Holland (@rickhholland), to discuss the news this week around Marriott’s GDPR fines. The team talks through initial thoughts and observations, what it means for global privacy and regulation, and what we can expect moving forward. And if you have examples of best practices around breach notification, hit up our Photon Research team on twitter (@photon_research). Look out for a blog post in the coming weeks around this.

Operation Soft Cell, Libra Cryptocurrency Impersonations, and New Cyber Espionage Activity

Fri, 28 Jun 2019 14:28:53 -0400

This week Alex and Phil join Harrison to discuss Operation Soft Cell, a campaign that has been actively compromising telecommunications organizations since early 2017. Other highlights from the week include focus on a new cyber espionage campaign, known as Operation BouncingGolf, targeting Middle Eastern individuals’ mobile devices; the Russia-associated threat group “Turla”, which has demonstrated new tools and capabilities in three campaigns; and media allegations that the United States Cyber Command has targeted Iranian espionage groups. The team ends the week with a discussion around some new research Alex put out around Libra cryptocurrency impersonations. Check out Alex’s blog at https://www.digitalshadows.com/blog-and-research/facebooks-libra-cryptocurrency-cybercriminals-tipping-the-scales-in-their-favor/Full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-20-jun-27-jun-2019.Heads-up, we’ll be off for the 4th of July next week, but check out our intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary.

Google Calendar Phishing, Exim Email Server Vulnerability, and Diversity in Cybersecurity

Fri, 21 Jun 2019 10:41:07 -0400

This week Alex and Jamie (@TheCollierJam) chat with Harrison (@pseudohvr) on a cyber-threat campaign involving the abuse of legitimate features in Google Calendar. Then they dive into other highlights from the week including the expansion of sector targeting by destructive threat group “Xenotime”, exploitation of a vulnerability affecting Exim email servers, and continued targeting of the transportation sector by the Iran-associated threat group “APT39”. Then we hear Part II of Rick Holland (@rickhholland) and Harrison’s interview with Ryan Kovar (@meansec) of Splunk. This time they talk about badass women in cybersecurity, mentorship, and how to become a bigger advocate for diversity in infused. A must listen. Get the weekly intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-13-jun-20-jun-2019.

XMRig Cryptocurrency Mining, FIN8 Backdoor, and Attacks Against Office 365

Fri, 14 Jun 2019 15:34:59 -0400

This week Harrison (@pseudohvr) is joined by Travis (@puppyozone) and Alec to discuss the security stories of the week including a fileless malware attack delivers cryptocurrency miner to China, a return from FIN8 with a backdoor for the hospitality industry, a popular flaw exploited in a tailored spam campaign, and MuddyWater expanding tactic repertoire in Middle Eastern attacks. Then Digital Shadows CISO Rick Holland (@rickhholland) joins Harrison to chat with principal security strategist at Splunk, Ryan Kovar (@meansec) on Ryan's research around machine learning and attacks against Office 365. Download the full Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-06-jun-13-jun-2019Blog on Infosec Burnout: https://www.digitalshadows.com/blog-and-research/managing-infosec-burnout-the-hidden-perpetrator/

“HiddenWasp” and “BlackSquid” malware, TA505 and Turla actvity, and Too Much Information: The Sequel

Fri, 07 Jun 2019 12:55:27 -0400

Alex and Christian join HVR this week to discuss the Linux malware “HiddenWasp” (along with HVR’s hatred of the insect), the BlackSquid malware, and updated campaign activity from TA505 and Turla threat groups. Then, Harrison sits down with Dr. Richard Gold, head of Security Engineering at Digital Shadows, to discuss Photon Research’s most recent report Too Much Information: The Sequel. Be sure to download the full report at https://info.digitalshadows.com/TooMuchInfoTheSequel-podcast.html and the intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-30-may-06-jun-2019

JasperLoader, APT28 URL shortening, and RDP vulnerability discussion

Fri, 31 May 2019 11:16:59 -0400

Alex Guirakhoo and newcomer to the pod Travis Randall (@puppyozone) join HVR this week to discuss updates to the JasperLoader malware loader, APT28’s newly observed link shortening technique, Gnosticplayers allegedly stole information from an Australian graphics design companies, and APT10 malware loaders. After that, Richard Gold (@drshellface) and Simon Hall (@5ecur1tySi) discuss the Remote Desktop Protocol vulnerability that everyone has been hyped up about in the last couple of weeks. Be sure to download the full intelligence summary at resources.digitalshadows.com. In more news, Photon Research Team has published a new report! The overall main finding of the paper is that Photon found there were 2.3 billion files currently being exposed online via file shares like SMB or Amazon S3 buckets. We are going to do a deep dive episode about that for next week’s episode. (Report) Too Much Information: The Sequel: https://info.digitalshadows.com/TooMuchInfoTheSequel-podcast.html(Blog) 2.3 billion files exposed across online file storage technologies: https://www.digitalshadows.com/blog-and-research/2-billion-files-exposed-across-online-file-storage-technologies/

CVE-2019-0708 RDP vulnerability and GDPR’s anniversary

Fri, 24 May 2019 15:38:32 -0400

Jamie Collier and Phil Doherty join HVR on this week’s ShadowTalk, discussing the RDP vulnerability that has everyone sweating, CVE-2019-0708. Patch those systems, because there’s a few different proof of concept exploits circulating around online. Then, the guys discuss a new MuddyWater obfuscation technique, updates to the Trickbot banking trojan, and there’s some sad MongoDB owners out there following a wipe of over 12,000 databases by an extortionist. Then, happy anniversary, GDPR! Digital Shadows’ Chief Innovation Officer James Chappell sits down with James Boyle of Taylor Vinters, a law firm who focuses on supporting technology rich businesses and the entrepreneurs who make great things happen, for an extended discussion of the current state of GDPR one year on and all things data privacy related. Follow @digitalshadows, @photon_research, @pseudohvr, @thecollierjam, and @jimmychappell on Twitter. Be sure to download the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-16-may-23-may-2019.

ElectricFish malware attributed to "Lazarus Group"

Fri, 17 May 2019 17:47:23 -0400

Alex and Christian join Harrison this week to discuss the attribution of the ElectricFish malware to the "Lazarus Group" and the highlights from this week included the exploited vulnerability in WhatsApp, the dark web sale offering access to major antivirus companies, and the "Plead" malware being distributed via ASUS software updates. Then, Dr. Richard Gold and Simon Hall join the show to discuss the NCSC's password expiration guidance and share their opinions on the topic. Read the full findings athttps://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-09-may-16-may-2019.

“Buckeye” APT group used Equation Group tools before 2017 leak

Fri, 10 May 2019 17:26:19 -0400

Kacey and Alex join HVR to talk through the key stories this week including a new threat group called “Mirrorthief” conducting “Magecart”-like digital skimming attacks against university websites, various code-sharing repositories being targeted and held for ransom by an unknown threat actor; and new ransomware, “Sodinokibi”, which used a zero-day vulnerability in Oracle WebLogic. Simon Hall and Dr. Richard Gold then join to dive deeper into the “Buckeye” APT group, which has recently been said to develop its own version of a tool that was likely created by the U.S. National Security Agency (NSA) prior to being leaked by the “ShadowBrokers” in 2017. Read the full findings at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-02-may-09-may-2019.

Weekly Intelligence Summary: Ep 17

Fri, 03 May 2019 13:05:19 -0400

Phil and newcomer Benjamin Newman join Harrison for another edition of the Weekly Intelligence Summary. The guys cover two distinct attack campaigns which used uncommon and underreported social engineering and malware delivery techniques, as well as attempts to automate these attacks in the future. Other highlights from this week include a cryptojacking campaigns using the ETERNALBLUE and DOUBLEPULSAR exploits, new reports of Magecart activity, and more extortionists leaking sensitive information following failed ransom attempts. To download the full intelligence summary, please visit resources.digitalshadows.com.

Weekly Intelligence Summary: Ep 16

Fri, 26 Apr 2019 17:10:39 -0400

Jamie and Alex are back with Harrison this week to talk about the leak of information related to APT34 on Telegram, including victim data, personally identifiable information and the group's tools. Other highlights from this week include a phishing campaign delivering RevengeRAT, more information about the Wipro breach, and details about the threat actors responsible for the previously reported ASUS server compromise. Get the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary.

Weekly Intelligence Summary: Ep 15

Fri, 19 Apr 2019 10:11:12 -0400

This week the team discusses an unidentified threat actor that has obtained data from various personal Outlook, MSN, and Hotmail email accounts by compromising a Microsoft customer support account. Also, the “Triton” malware was detected at a critical infrastructure facility, an IT outsourcing company experienced a potential network intrusion linked to a supply-chain attack, and a new trojan referred to as Hoplight has been attributed to the “Lazarus Group”. Check out the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-11-apr-18-apr-2019

Weekly Intelligence Summary: Ep 14

Fri, 12 Apr 2019 15:33:45 -0400

Christian and Jamie join Harrison for another week of ShadowTalk to discuss the FIN6 threat actor reportedly widening its range of attacks to include ransomware, potentially inciting the threat group to extend targeting beyond retail and hospitality entities. The highlights from this week include a Chinese advanced persistent threat (APT) campaign against a German pharmaceutical company, likely to steal intellectual property; a mass phishing campaign that used US servers to host malware; and a Domain Name Server (DNS) hijacking campaign aimed at online services and Brazilian financial institutions. No Zuko this week unfortunately, and we ask Christian what his theory is for Game of Thrones which starts up on Sunday.Download the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-04-apr-11-apr-2019.

Weekly Intelligence Summary: Ep 13

Fri, 05 Apr 2019 12:40:51 -0400

Jamie, Alex and Zuko sit down with Harrison to talk about a story that flew a little under the radar this week; Russia has allegedly been conducting a widespread satellite spoofing campaign since 2016, sending false positional data to ships and planes. Other highlights from this week include APT33 activity targeting engineering and manufacturing organizations, popular restaurant chains report some point of sale malware attacks, and South Korean websites being used in watering hole attacks. Also, Game of Thrones theories, Alex realizes he’s way late to the #GoT party, and more on this week’s ShadowTalk. Download the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-28-mar-04-apr-2019.

Weekly Intelligence Summary: Ep 12

Fri, 29 Mar 2019 15:00:07 -0400

Christian and Jamie sit down with Harrison to talk about the compromised Asus server used to distribute backdoor malware to at least 500,000 users’ devices, more LockerGoga ransomware attacks, a new Magecart skimming attack, and FIN7 back in the news. Busy week! Also, Jamie gives hair product tips and the guys discuss what Twitter handle they would choose in an ideal world.Read this week’s intelligence summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-21-mar-28-mar-2019

Episode 60: Cyber Risks and High-frequency Trading

Mon, 25 Mar 2019 16:16:38 -0400

With new research this week warning that state-sponsored cyber attacks against financial systems are on the rise, the ShadowTalk team focus on one area of the financial services sector in particular: high-frequency trading (HFT). Richard Gold and Rafael Amado are joined by a guest HFT expert to discuss mergers and acquisition information, sharing insider secrets, and manipulating stock prices. The team look at what attacks are possible, what the consequences would be for the financial services industry at large, and why attacks against trading platforms and the industry itself have been so few and far between.

Weekly Intelligence Summary: Ep 11

Fri, 22 Mar 2019 16:14:38 -0400

Harrison chats with Jamie and Alex this week on an attack on Norwegian aluminum and renewable-energy company Norsk Hydro ASA. The team also looks at threat group “APT-C-27” exploiting a flaw in WinRAR software, a fourth batch of breached data offered for sale on the dark web by “Gnosticplayers”, and a spam campaign exploiting the recent events surrounding the grounding of multiple Boeing 737 aircraft. Download the full intelligence summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-14-mar-21-mar-2019

Weekly Intelligence Summary: Ep 10

Fri, 15 Mar 2019 18:47:57 -0400

Harrison sits down with Rose and Christian for a quick chat about APT40 targeting educational maritime research, as well as other highlights from this week. Rose also gives us the breakdown of an inspiring trip to NASA; also space vampires make a brief appearance. Download the entire intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-07-mar-14-mar-2019.

Episode 59: Practitioner’s Guide to Email Spoofing

Mon, 11 Mar 2019 13:04:12 -0400

Senior security engineer, Simon Hall joins Rafael Amado to explain how IT teams and defenders can combat email spoofing, one of the most popular techniques used by phishers. Simon discusses why spoofing is so prevalent and relatively simple for attackers to carry out, as well as how measures such as SPF, DMARC, and DKIM can be used to reduce spoofing risks. For more on this topic, read our Security Practitioner’s Guide to Email Spoofing and Risk Reduction, available at https://www.digitalshadows.com/blog-and-research/security-practitioners-guide-to-email-spoofing-and-risk-reduction/

Weekly Intelligence Summary: Ep 9

Fri, 08 Mar 2019 16:49:40 -0500

In this week’s episode, the team looks at Fin6, who has begun regularly targeting card-not-present data on e-commerce websites. Other highlights from this week include Topps disclosing a data breach incident linked to Magecart, the Farseer malware, and more. Read the full intelligence summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-28-feb-07-mar-2019

Weekly Intelligence Summary: Ep 8

Fri, 01 Mar 2019 14:02:58 -0500

This week Rose and Phil join Harrison to discuss a three-stage cryptocurrency mining attack using Mimikatz and Radmin in tandem. The team also discusses the Cr1ptTor ransomware, an unknown North Korean threat actor targeting US universities, and MarioNet. Some of the team is heading to RSA Conference next week so make sure to stop by Booth 4421 in the North Hall to say hello. Get the Intellgence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-22-feb-01-mar-2019.

Weekly Intelligence Summary: Ep 7

Fri, 22 Feb 2019 16:26:37 -0500

This week, Phil and Alex join Harrison to discuss a new malware delivery technique using the Outlook preview panel. Also, threat actor Gnosticplayers was offering large data sets for sale on Dream Market, the Blind Eagle APT group swooped into the news, and Gandcrab is back trying to pinch its victims in new ways. Finally, the guys try to find a new nickname for Alex. Full Intelligence Summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-14-feb-21-feb-2019

Episode 58: A Tale of Epic Extortions

Thu, 21 Feb 2019 14:31:41 -0500

The Photon Research Team’s Rafael Amado, Richard Gold and Harrison Van Riper get together to discuss Digital Shadows’ latest research report, A Tale of Epic Extortions: How Cybercriminals Monetize Our Online Exposure. Whereas many of the cyber security issues covered by researchers may seem obscure and irrelevant to the majority of businesses and individuals out there, extortion is a topic with a real human impact, and one that can have physical, psychological and financial consequences. The team look at how extortionists are diversifying their methods, emboldened by the credentials, sensitive documents and technical vulnerabilities that we leave exposed online. Download the latest report at https://info.digitalshadows.com/ExtortionResearchReport-Podcast.html, and listen to the podcast to learn how to properly manage your online exposure and reduce extortion risks.

Weekly Intelligence Summary: Ep 6

Fri, 15 Feb 2019 16:00:18 -0500

Alex and Jamie matched with Harrison in this Valentine’s week episode of ShadowTalk. We discuss why four different APT groups were observed using the same tooling, vulnerabilities in Apple’s iOS, and what everyone did for Valentine’s Day. Also, we have launched the Photon Research Team at Digital Shadows! Visit our announcement blog to learn more (https://www.digitalshadows.com/blog-and-research/photon-research-team-shines-light-on-digital-risks/) and follow the team on Twitter @photon_research!Full intelligence summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-07-feb-14-feb-2019

Weekly Intelligence Summary: Ep 5

Fri, 08 Feb 2019 15:51:14 -0500

Alex and Jamie join Harrison to discuss how the United Arab Emirates (UAE) intelligence services compromised iPhones through the “Karma” malware. They also look at a spam campaign targeting American users, distributing the “Trickbot” banking trojan; Vietnamese threat group “OceanLotus” deploying a new custom downloader; and a distributed denial of service (DDoS) campaign displaying record-breaking power by combining techniques.Read the full intelligence summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-31-jan-07-feb-2019

CISO Spotlight: Security Goals and Objectives for 2019

Thu, 07 Feb 2019 03:14:02 -0500

In this episode of ShadowTalk: CISO Spotlight, Digital Shadows’ Chief Information Security Officer, Rick Holland, joins Rafael Amado to discuss his security goals and wish list for 2019. We cover: how CISO’s typically plan and spend their security budgets; why auditing and maximizing your existing capabilities is often better than splurging on new technology; and how to best invest and empower your most valuable resource, your workforce. Of course, with Rick on the podcast, there’s the customary smoked meat and barbeque discussion as well. Spoiler alert: Rick’s barbeque goal for 2019 is to cook more vegetables.

Weekly Intelligence Summary: Ep 4

Fri, 01 Feb 2019 12:36:44 -0500

This week, Alex Guirakhoo and Jamie Collier join Harrison to discuss APT39, a new Iran-linked espionage group, as well as other highlights from this week involving updated information about exploiting an authentication error at GoDaddy, malicious uses of the Google Cloud platform, and some excellent steganography being used to target Apple users. The guys also chat about their pups, and imagine a new battle royale game “BorkNite”.Full weekly intelligence summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-24-jan-31-jan-2019‘An arm of the Chinese state’: What’s behind the Huawei indictments: https://www.nbcnews.com/tech/security/arm-chinese-state-what-s-behind-huawei-indictments-n963776

Weekly Intelligence Summary: Ep 3

Fri, 25 Jan 2019 15:06:45 -0500

This week Rose, Jamie, and Alex talk with Harrison on a huge data dump called "Collection #1", containing over 770 million email addresses and passwords. The team also looks at other stories including DarkHydrus observed using a new method to communicate with command and control servers, technology and social networking companies continuing to remove accounts associated with influence campaigns, and threat actors observed uninstalling cloud protection services in order to distribute cryptocurrency mining malware. Read the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-17-jan-24-jan-2019.

Weekly Intelligence Summary: Ep 2

Fri, 18 Jan 2019 17:04:47 -0500

This week Alex and Philip join Harrison to discuss two recent, unrelated, financially motivated cyber attack campaigns involving the use of culturally specific social engineering lures. The team also looks at three new phishing campaigns attributed to the threat group TA505 and decide(in a perfect world) which 1 cyber threat they would choose to rid forever.Download this week's Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10-jan-17-jan-2019.

Episode 57: Singapore Healthcare Breach

Tue, 15 Jan 2019 20:39:37 -0500

For this week’s ShadowTalk deep dive, we called in Doctor Richard Gold to discuss the major healthcare breach affecting SingHealth, Singapore’s largest group of healthcare organizations. Richard and Rafael Amado discuss how threat actors might use the 1.5million patient records that were stolen, how the attack occurred and where the incident response process failed. To view the report in full, visit: https://www.mci.gov.sg/coireport

Weekly Intelligence Summary: Ep 1

Fri, 11 Jan 2019 13:48:28 -0500

Harrison Van Riper hosts this week’s Intelligence Summary with guests Rose Bernard (Strategic Intelligence Manager) and Alex Guirakhoo (Strategic Intelligence Analyst). Our main story involves the leak of personal information from several German political parties. We also discuss the other big threat intelligence stories from the week and find out what everyone would name their APT group. Subscribe to ShadowTalk on iTunes and follow us @digitalshadows, use #ShadowTalk to submit a question for next week!The full intelligence summary can be downloaded at https://resources.digitalshadows.com/weekly-intelligence-summary.

Weekly Intelligence Summary: Ep 0

Thu, 10 Jan 2019 18:03:35 -0500

Welcome to ShadowTalk's new track on our Weekly Intelligence Summary. Host Harrison Van Riper invites Digital Shadows' analysts to discuss the week's top threat intelligence news. To download the full Weekly Intelligence Summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary.

Episode 56: Positive cyber security developments for 2019

Thu, 20 Dec 2018 15:49:31 -0500

Rafael Amado and Richard Gold talk cybersecurity end of year predictions, but with a twist. Rather than focus on the threats and worrying trends on the horizon, the team instead concentrate on the positive developments that we can all look forward to in 2019. Richard and Rafael discuss open source tools that can help all of us become more secure, improvements to browser security, and long overdue changes in security awareness, education and diversity that should make 2019 an altogether better year for the information security community. You can see Richard’s full list of 10 predictions on https://twitter.com/drshellface/status/1072803919020154880?s=21

Episode 55: Tackling Phishing

Fri, 14 Dec 2018 13:51:24 -0500

Simon Hall and Richard Gold join Rafael Amado to wade in on the topic of phishing. By looking at details revealed in law enforcement indictments against nation state and organized criminal groups, as well as the tips and tools being shared by actors on cybercriminal forums and messaging applications, the team discuss how organizations can prioritize the right controls and training policies to best protect themselves in the coming year. For more on this topic, read our recent research blog, Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It, available on digitalshadows.com/blog-and-research/tackling-phishing-the-most-popular-phishing-techniques-and-what-you-can-do-about-it/

Episode 54: Marriott Breach And 2019 Trends

Fri, 07 Dec 2018 14:53:07 -0500

Rick Holland and Harrison Van Riper join Michael Marriott to discuss the implications of the Marriott data breach, as well as a look forward to trends we might see in 2019. Specifically, we dig into ransomware and discuss what you should be considering in 2019. To read more about these trends (and more) read Harrison’s blog (https://www.digitalshadows.com/blog-and-research/2019-cyber-security-forecasts-six-things-on-the-horizon/). To register for our upcoming webinar with the FBI, https://info.digitalshadows.com/LiveWebinar-CyberThreatstoWatchin2019-Registration.html?Source=podcast.

Episode 53: Threat Actors Use of Cobalt Strike & How Attacker Actions Can Inform Defenses

Fri, 30 Nov 2018 11:48:03 -0500

The dynamic duo of Dr Gold and Simon Hall join Michael Marriott to discuss our recent findings on threat actors using cracked versions of Cobalt Strike conduct attacks, and how defenders can use this to inform their defense. Read the blog to learn more: https://www.digitalshadows.com/blog-and-research/threat-actors-use-of-cobalt-strike-why-defense-is-offenses-child/. Building on this theme, in part two, Richard Gold outlines the benefits of mapping the Mitre ATT&CK framework to the ASD Essential 8. You can read Richard’s blog here: https://www.digitalshadows.com/blog-and-research/mapping-the-asd-essential-8-to-the-mitre-attck-framework/.

Episode 52: Black Friday and Cybercrime

Wed, 21 Nov 2018 17:23:44 -0500

For this special mid-week edition of ShadowTalk, Harrison Van Riper, Jamie Collier, and Rafael Amado focus on cyber security threats over the Black Friday weekend and holiday season. Despite increased sales for retailers and bargain opportunities for consumers, Black Friday has had the unintended consequence of emboldening and enabling profit-seeking cybercriminals. The team discuss continuing activity by the Magecart group, as well as the ways in which cybercriminals are gearing up for the holidays from our investigations of online forums and messaging applications. For more, check out our Black Friday blog at: https://www.digitalshadows.com/blog-and-research/black-friday-and-cybercrime-retails-frankenstein-monster/

Episode 51: Phineas Fisher and the Hacking Team Investigation

Fri, 16 Nov 2018 13:27:37 -0500

Some called him a hero. Some called him the most dangerous man to the defense industry. In today’s ShadowTalk, Dr. Richard Gold and Harrison Van Riper join Rafael Amado to discuss the vigilante hacker known as Phineas Fisher. Leaked court documents surfaced this week, detailing how Italian authorities tried and ultimately failed to identify and convict Phineas Fisher for the infamous breach against the Italian surveillance and technology company, Hacking Team. The team dive into the history of Phineas Fisher, the techniques used to break into the Hacking Team network, and the OPSEC practices that allowed Phineas Fisher to remain at large.

Episode 50: CISCO ASA 0-day and VirtualBox Vulnerability

Fri, 09 Nov 2018 13:22:09 -0500

Michael Marriott flies in from San Francisco to cover the big vulnerability and exploit stories of the week. The team discuss the Cisco denial- of-service vulnerability affecting its Adaptive Security Appliance (ASA), as well as a vulnerability in Oracle’s VirtualBox technology posted to GitHub. Dr. Richard Gold, Rafael Amado and Michael debate the benefits and drawbacks of bug bounty programs, how you should consider operational value when assessing vulnerabilities, and the U.S. Cyber Command’s publication of malware samples to VirusTotal.

Episode 49: 81,000 Hacked Facebook Accounts For Sale

Mon, 05 Nov 2018 11:09:02 -0500

In this bonus edition of ShadowTalk, Dr Richard Gold and Rafael Amado discuss the recent BBC Russian Service investigation into Facebook accounts being sold online. As reported on Friday, at least 81,000 accounts with private messages were being advertised online. Digital Shadows assisted the BBC with its investigation. Richard and Rafael outline what we know so far, as well as answering some of the key questions raised by this story. For more, see our recent blog available at https://www.digitalshadows.com/blog-and-research/81000-hacked-facebook-accounts-for-sale-5-things-to-know/.

Episode 48: Tesco Bank Fraud And £16.4m FCA Fine

Fri, 02 Nov 2018 17:55:26 -0400

Two years on from the Tesco Bank fraud attacks that allowed cybercriminals to check out with £2.26m (roughly $3m) in customer funds, Dr Richard Gold and Simon Hall join Rafael Amado to discuss the UK Financial Conduct Authority’s investigation report. This episode will be crucial listening for anyone involved in the financial services industry, as well as those eager to learn about incident response processes and how poor execution can have disastrous, and costly, consequences. The FCA final notice is available on: https://www.fca.org.uk/publication/final-notices/tesco-personal-finance-plc-2018.pdf

Episode 47: Ransomware Surges in October, Cathay Pacific Breach, and Triton Attributed

Fri, 26 Oct 2018 13:49:41 -0400

Harrison Van Riper and Rafael Amado join Michael Marriott to discuss the latest stories from the week. This week’s podcast has a strong Guy Richie flavor, with a focus on lock, stock and ru smoking barrels. We begin by discussing October’s hot ransomware activity, including the most popular variants, common targets, and mitigation advice. Second, we discuss sliding stock value amid reports of data breaches: we dig into the Cathay Pacific and Facebook breaches. And, finally we discuss the recent attribution of Triton malware to a Russian entity and why it’s TTPs you should care about.

Episode 46: Supply Chain and Third-Party Risks

Fri, 19 Oct 2018 12:48:25 -0400

Following on from last week’s conversation on how managed service providers can increase your attack surface, Simon Hall and Richard Gold join Rafael Amado to discuss supply chain risks. With so much to cover, the team break this topic down into hardware, software and third-party service risks, including examples such as the MeDoc-NotPetya campaign and the recent SuperMicro hardware allegations. As always, Richard and Simon cover some useful good practices for those looking to improve their risk management processes.

Episode 45: FASTCash Hidden Cobra, MSP Risks, Five Eyes Tooling Report

Fri, 12 Oct 2018 21:06:47 -0400

Digital Shadows CISO Rick Holland, Dr Richard Gold and Simon Hall join Rafael Amado to cover the Hidden Cobra FASTCash campaign alert issued by US authorities, detailing ATM cash out campaigns performed by North Korean actors. The team look over the Five Eyes joint report into publicly available hacking tools. And, finally, are companies who use MSPs at greater risk of attack? For more on the Powershell blog referenced by the Five Eyes report, visit: https://www.digitalshadows.com/blog-and-research/powershell-security-best-practices/

Episode 44: Business Email Compromise

Fri, 05 Oct 2018 13:04:46 -0400

In this week’s Shadow Talk, Rafael Amado joins Michael Marriott to discuss Digital Shadows’ latest research on Business Email Compromise. We discuss how criminals are outsourcing this work, and how the exposure of 33,000 finance department credentials is increasing the ease for attackers. However, even without taking over accounts, criminals can get their hands on sensitive financial information. We dig into the 12.5 million exposed email archives that are available through misconfigured online file stores, including invoices, purchase orders, and payments. Finally, we provide advice for mitigating these risks.

Episode 43: Security Flaws Affect 50 Million Facebook Accounts and Equifax Fined £500,000

Fri, 28 Sep 2018 17:19:48 -0400

Rick Holland, CISO of Digital Shadows, joins Richard Gold and Michael Marriott to discuss the latest cybersecurity news. In part one, we discuss the possible implications of Facebook security flaws affecting 50 million accounts. In part two, one year after reports of the Equifax breach surface, the UK arm has been fined £500,000 by the ICO. We look at the lessons learned.

Episode 42: Security Layering and Usability Trade-offs

Fri, 21 Sep 2018 11:56:03 -0400

Simon Hall and Richard Gold join Rafael Amado to focus on the trade-offs between security and usability, as well as the practice of security layering that can often make us more insecure. The team look over security measures such as regular complex password expiry policies that create headaches for organizations and end users, why it’s not easy to make security usable, whether certain security measures such as anti-virus software actually make us more insecure, and what alternative system defences can bridge the gap between security and usability. For the NCSC blog on security and usability, visit: https://www.ncsc.gov.uk/blog-post/security-and-usability-you-can-have-it-all

Episode 41: Magecart Payment Card Thefts

Fri, 14 Sep 2018 14:46:43 -0400

In this week’s ShadowTalk, Richard Gold and Simon Hall join Michael Marriott to discuss the latest spate of attacks by the threat actor known as Magecart. We dig into the history of Magecart, different approaches to web skimming, and provide advice on how organizations can best protect against this threat.

Episode 40: DoJ Complaint Charges North Korean Actor For Sony Attacks, WannaCry, and More

Fri, 07 Sep 2018 14:05:02 -0400

In this week’s ShadowTalk, Richard Gold and Rafael Amado join Michael Marriott to discuss the latest Department of Justice complaint against an individual working for Chosun Expo, an alleged front for the North Korean state. The individual is accused of involvement in a host of campaigns, including attacks against Sony Pictures Entertainment, banks, defense contractors, and the many victims of the WannaCry ransomware variant. We discuss the most interesting revelations, outlining the different techniques used, and what this all means for organizations.

Episode 39: Credential Hygiene

Fri, 31 Aug 2018 14:17:08 -0400

Dr. Richard Gold and Simon Hall join Rafael Amado to discuss the age-old problem of credential hygiene. We’ve all heard of not reusing passwords, employing two factor authentication and using password vaults, but why then do organizations still struggle with good credential hygiene? We’ll cover the ways in which attackers steal and take advantage of credentials, what most companies are getting wrong, and the steps you can take to improve your overall credential hygiene practices.

Episode 38: Midterm meddling and threat modeling

Fri, 24 Aug 2018 13:48:55 -0400

This week it was revealed that six new domains registered by APT28, spoofing nonprofit, Senate, and Microsoft domains, have been sinkholed. With November’s US midterm elections fast-approaching, we dive into the latest threats and discuss how organizations can understand the threat posed to them by such malicious actors. Dr Richard Gold, Head of Security Engineering at Digital Shadows, joins Mike Marriott to discuss threat modeling; outlining the steps organizations can take to define their critical assets, understand the threat landscape, and create scenarios based on these. This enables organizations to identify security controls that are in place to mitigate, prevent and detect a specific threat actor's tradecraft, as well as uncover gaps in controls and establish a remediation plan.

Episode 37: ATM Fraud and Cashout Operations

Fri, 17 Aug 2018 12:33:39 -0400

Digital Shadows’ Strategic Intelligence manager Rose Bernard joins Rafael Amado to discuss four separate ATM stories making headlines this week. In Part I, they’ll cover an alert on an impending "ATM cash-out" campaign issued by the FBI, and how India's Cosmos Bank lost $13.5m in cyberattacks after actors bypassed the internal ATM switch system. In Part II, Rafael and Rose will look into flaws discovered in NCR ATM currency dispensers, and a new Bitcoin ATM malware advertised for sale on dark web. For more on how actors acquire and then use stolen payment card information, check out Digital Shadows’ Five Threats to Financial Services blog series, available on https://www.digitalshadows.com/blog-and-research/five-threats-to-financial-services-part-four-payment-card-fraud/

Episode 36: FIN7 Arrests and Phishing Threats

Fri, 10 Aug 2018 11:47:38 -0400

Digital Shadows’ Rose Bernard and Simon Hall join Rafael Amado to cover the arrest of three alleged members of the FIN7 organized criminal group. The team go over the United States Department of Justice’s indictment and provide some key observations on FIN7’s operations, including how sophisticated phishing and social engineering are the cornerstones of the group’s success. In Part II, the team look at phishing more generally, including the threats from business email compromise and malspam. For more analysis of the FIN7 arrests, visit https://www.digitalshadows.com/blog-and-research/fin7-arrests-and-developments/

Episode 35: Cyber threats to ERP Applications

Fri, 03 Aug 2018 11:40:27 -0400

In this week’s episode, JP Perez-Etchegoyen, CTO of Onapsis, joins Michael Marriott to talk about the exposure of SAP and Oracle applications, the increase in publicly-available exploits, and the threat actors we have observed targeting the sensitive data held within these applications. Download the full report to learn more: https://info.digitalshadows.com/ERPApplicationsUnderFire-Podcast.html

Episode 34: Satori Botnet, OilRig, PowerShell Security, and the Dragonfly Campaign

Fri, 27 Jul 2018 16:23:46 -0400

Richard Gold and Rose Bernard join Michael Marriott to talked about updates to the Satori botnet, which has expanded to incorporate new IoT devices using TCP port 5555. Amid news of a new wave of OIlRig attacks, a Middle Eastern espionage campaign, we dive into PowerShell security risks and provide advice on best practices for those using PowerShell. For more information on PowerShell Security Best Practices, check out our blog https://www.digitalshadows.com/blog-and-research/powershell-security-best-practices/. Finally, we assess the Dragonfly campaign against US power grids, and understand what it all means.

Episode 33: Digital Risk Protection

Mon, 23 Jul 2018 11:11:57 -0400

Rick Holland, CISO at Digital Shadows, discusses the latest 2018 Forrester New Wave for Digital Risk Protection. He discusses how security leaders must avoid blind spots with a more complete risk picture.

Episode 32: MITRE ATT&CK™ Framework and the Mueller GRU Indictment

Fri, 20 Jul 2018 12:41:49 -0400

In today’s ShadowTalk, we take on the Robert Mueller indictment against 12 Russian individuals for alleged US election interference. However, rather than dwell on issues of attribution and geopolitics, we focus on the detailed tactics, techniques and procedures laid out in the indictment. Katie Nickels, a member of the MITRE team, joins Rafael Amado and Richard Gold us to discuss the ATT&CK™ framework in greater detail, as well as the key lessons that organizations can takeaway. For Digital Shadows’ analysis of the indictment, visit https://www.digitalshadows.com/blog-and-research/mitre-attck-and-the-mueller-gru-indictment-lessons-for-organizations/

Episode 31: Carbanak Files and Source Code Leaked?

Fri, 13 Jul 2018 13:43:23 -0400

In this week's ShadowTalk, Digital Shadows’ Russian-speaking security specialist discovered files and source code allegedly related to the Carbanak organized criminal group. The Carbanak malware is a backdoor used by the Anunak (Carbanak) Group to infiltrate financial institutions and steal funds. Richard Gold and Simon Hall join Rafael Amado to discuss the implications for financial services from these revelations. We ask whether this leak represents a threat to organizations, and how businesses can best defend themselves from the techniques used by sophisticated financial criminal groups such as Carbanak. For more analysis from the Security Engineering Team, visit https://www.digitalshadows.com/blog-and-research/alleged-carbanak-files-and-source-code-leaked-digital-shadows-initial-findings/

Episode 30: SSL Inspection and Interception: Uses, Abuses and Trade-offs

Fri, 06 Jul 2018 18:58:36 -0400

The Payment Card Industry recently passed a deadline requiring that all e-commerce sites and merchants cease supporting TLS 1.0. With this and older protocols such as SSL vulnerable to man-in-the-middle attacks, the fear is that attackers can intercept and tamper with data being sent across these channels. However, SSL interception is also performed by organizations for reasons that include blocking malware or improving data leakage prevention. Richard Gold and Simon Hall join Rafael Amado to discuss how SSL interception works, the different reasons for deploying it, the risks and privacy ramifications of interception, and the overall trade-offs for organizations looking to implement these methods.

Episode 29: Reducing Your Attack Surface: From a Firehose to a Straw

Fri, 29 Jun 2018 17:23:52 -0400

Following news that a database containing 340 million records has been publicly exposed to the internet, Richard Gold and Simon Hall join Michael Marriott to discuss how (and why) you can reduce your attack surface. For more information on some of the tips provided in this pursuit, visit https://github.com/securitywithoutborders/hardentools.

Episode 28: Diversity in Security and Women’s Network Launch

Tue, 26 Jun 2018 11:03:38 -0400

Libby Fiumara is joined by Rose Bernard and Sophie Burke to discuss the launch of Digital Shadows’ Women’s Network, challenges facing women in security, and how companies can foster diversity in the workplace.

Episode 27: Attribution: The How, The What and The Why

Fri, 22 Jun 2018 14:24:41 -0400

Simon Hall and Rich Gold join Michael Marriott to discuss the merits and perils of attribution, including the number of characteristics and variables required for a strong attribution, instances where attribution has succeeded, and whether organizations should care.

Episode 26: Mythbusting Vulnerabilities and Exploits

Fri, 15 Jun 2018 12:45:03 -0400

Simon Hall and Richard Gold join Rafael Amado to discuss misconceptions around vulnerabilities and exploits, other techniques for gaining code execution, and how organizations can prioritize the patching of vulnerabilities.

Episode 25: Combating Security Debt, Ticketfly Defacement And Data Breach

Sun, 10 Jun 2018 20:00:04 -0400

In this edition of Shadow Talk, Richard Gold joins us to discuss the issue of security debt, a term used to refer to the accumulation of security risks over time, such as missed patches, misapplied configurations, mismanaged user accounts. Richard looks into how many of the attacks we see on a regular basis are actually a result of security risks that build up over time, and how security debt is a ticking time bomb for most organizations. In Part II, Harrison Van Riper covers the recent website defacement attack and data breach incident targeting the event ticketing company, Ticketfly. Security debt resources:https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/286667/FAQ2_-_Managing_Information_Risk_at_OFFICIAL_v2_-_March_2014.pdf

Episode 24: Seize and Desist: Changes in the cybercriminal underground

Wed, 06 Jun 2018 08:00:22 -0400

Rafael Amado and Michael Marriott discuss how the criminal underground has evolved since the demise of AlphaBay and Hansa. No single marketplace has managed to fill the AlphaBay-shaped gap left behind, at least among the English-speaking community. Existing sites such as Dream and Trade Route have failed to consolidate this empty space, hampered by a combination of poor communication by administrators and suspicion that these sites could be police honeypots like Hansa had been. Grab a copy of our report to read more: https://info.digitalshadows.com/SeizeandDesistReport-Podcast.html

Episode 23: L0pht 20 years on and combating cyber threats with military-style tactics

Mon, 04 Jun 2018 07:18:02 -0400

In today’s edition of Shadow talk, Dr Richard Gold joins us to discuss the return of the L0pht hackers. In 1998 the L0pht members delivered a cybersecurity hearing to the United States Senate, warning that any one person in their group could take down the Internet within 30 minutes. 20 years on, we look back on what has and hasn’t changed in the world of information security. In Part II, the team covers recent reporting on the use of military-style tactics such as war gaming and intelligence fusion centres in the financial services industry. We ask whether such tactics are effective, and whether smaller organizations can also employ the techniques being used by some of the world’s largest enterprises.

Episode 22: VPN Filter targeting Ukraine, TRITON malware, Roaming Mantis, VBScript & Spectre vulns

Mon, 28 May 2018 20:00:02 -0400

In this week’s Shadow Talk, the pod unpacks the reporting on VPN Filter, a malware affecting half a million network devices. Reports have suggested that the malware is being prepped to perform imminent large scale disruptive attacks against Ukrainian infrastructure. We also cover new research on the TRITON malware targeting industrial control and SCADA systems, as well as new techniques for the Roaming Mantis malware family. Finally, we bring you updates on vulnerabilities related to VBScript and the Spectre/Meltdown attacks.

Episode 21: eFail vulns affecting Open PGP and S-MIME, and interbank payment systems risks

Sun, 20 May 2018 20:00:02 -0400

In this week’s episode of Shadow Talk, Digital Shadows’ Head of Security Engineering, Dr Richard Gold, joins the pod to explain the EFAIL vulnerability affecting Open PGP and S-MIME, as well as other flaws identified in encrypted messaging platforms. Dr Gold also outlines the the factors you should be considering to prioritize your patching. In part two, we look at the $15 million theft in Mexico and outline the risks facing interbank payment systems.

Episode 20: Winnti Umbrella, DarkHotel, Office 365 Vulnerability, and Olympus Dark Web Marketplaces

Sun, 13 May 2018 20:00:02 -0400

In this week’s episode Shadow Talk we look at the Winnti Umbrella group, asking what this means for organizations. We discuss vulnerabilities in Microsoft Office (CVE-2018-8174) and basestriker. And, finally, we outline the fall out surrounding the Olympus dark web marketplace.

Episode 19: Loki Bot, LoJack, GPON Vulnerabilities, and Blackrouter Ransomware

Sun, 06 May 2018 19:00:06 -0400

In this week’s episode Shadow Talk, it’s a vulnerability extravaganza. We cover malicious use of legitimate software, as APT28 attributed to hijacking LoJack and Blackrouter delivered via AnyDesk software. Vulnerabilities found (and exploited) in GPON home routers, and Loki Bot exploits two remote code execution vulnerabilities in Microsoft Office (CVE-2017-8570 and CVE-2018-0802).

Episode 18: Healthcare hacking, BGP hijacking, crypto jacking, and more

Sun, 29 Apr 2018 19:00:53 -0400

In this week’s episode of Shadow Talk, we cover the targeting of healthcare organizations by Orangeworm, BGP hijacking, vulnerabilities in MikroTik routers, DDoS market shutdowns, and the profitability of cryptocurrency mining.

Episode 17: Network Infrastructure Compromise, Magnitude EK Development, the Gold Galleon, & more

Sun, 22 Apr 2018 20:00:03 -0400

In this week’s episode of Shadow Talk, we cover Russia’s attempts to ban the social messaging app, and also read between the lines of the joint US and UK advisory on network infrastructure compromises by Kremlin-backed actors. We also outline new ransomware payloads incorporated into the Magnitude exploit kit and we bring you the latest news on vulnerabilities in the Drupal Platform and Cisco’s Webex software.

Episode 16: Cisco Smart Install Client flaw, Microsoft Outlook vuln, OpIcarus, RSAC, and more

Sun, 15 Apr 2018 18:00:04 -0400

This week’s Shadow Talk discusses a Cisco Smart Install Client flaw exploited in disruption attack, an information leak vulnerability discovered in Microsoft Outlook, details on OpIcarus and OpIsrael, Verizon DBIR, and why you still should be excited about the RSA Conference.

Episode 15: 1.5 Billion Files Exposed Through Misconfigured Services

Wed, 11 Apr 2018 17:47:27 -0400

Rafael Amado and Michael Marriott join this week’s Shadow Talk, taking a deep dive into our recent report “Too Much Information”. The research discovered over 1.5 billion files from a host of services, including Amazon S3 buckets, rsync, SMB, FTP, NAS drives, and misconfigured websites. To learn more, download the full report at https://info.digitalshadows.com/FileSharingDataExposureResearch-Podcast.html.

Episode 14: Panera Breach Lessons, WannaCry’s Re-emergence, Genesis Marketplace, and more

Sun, 08 Apr 2018 22:00:00 -0400

This week’s Shadow Talk discusses what the re-emergence of WannaCry, exposure of Aggregate IQ data, exposure of 1.5 billion files through misconfigured services, as well as lessons learned from the Panera breach, an emerging new criminal market, and much more.

Episode 13: Cambridge Analytica, Trickbot Updates, SamSam Surge Continues, And Dragonfly Attributed

Fri, 23 Mar 2018 15:33:35 -0400

This week’s Shadow Talk discusses what the Cambridge Analytica revelations mean for disinformation and personal privacy, updates to Trickbot, Zeus Panda and Remnit trojans, City of Atlanta suffers from ransomware attack, and Dragonfly campaign attribution to Russian Government.

Episode 12: Tax Fraud, AMD Vulnerability, Slingshot Targets Mikrotik Routers, And Hermes Ransomware

Fri, 16 Mar 2018 14:47:06 -0400

This week’s Shadow Talk outlines the latest techniques in tax return fraud, claimed vulnerabilities in AMD chips, Slingshot malware targeting Mikrotik routers, and Greenflash Sundown Exploit Kit delivering Hermes ransomware. Watch our webinar with the FBI on the latest ransomware threats here: https://info.digitalshadows.com/FBIRansomwareThreats-WebinarOnDemand-ShadowTalk.html

Episode 11: Memcached attacks, disinformation in ME, Spectre exploit, German gov network intrusion

Fri, 09 Mar 2018 14:09:16 -0500

Digital Shadows’ Research team discusses record DDoS attacks using Memcached servers, disinformation campaigns, a proof of concept exploit for the Spectre vulnerability, and new details of a historical network intrusion affecting the German government.

Episode 10: Memecached Server DDoS, Flash Vuln in Spam Campaign, Trustico Cert Issues, & Ransomware

Fri, 02 Mar 2018 15:32:41 -0500

The Digital Shadows research team provides an overview of the latest news this week, including CVE-2018-4878 that’s now being used in a spam campaign, 23,000 website certificates set to be revoked, Memecached Server Used for DDoS Reflection, and updates on SamSam and DataKeeper ransomware variants.

Episode 9: SWIFT Attacks, Business Email Compromise, Return Of Thedarkoverlord, And APT - 37

Fri, 23 Feb 2018 13:17:08 -0500

The Digital Shadows research team provides an overview of the latest news this week, including new SWIFT attacks, more Business Email Compromise activity, the return of extortionist “thedarkoverlord”, Sam Sam and Saturn ransomware variants, and new reporting on APT-37.

Episode 8: Lazarus Group, Olympics opening ceremony, Bitgrail Theft, and Outlook vulnerabilities

Fri, 16 Feb 2018 14:33:07 -0500

The Digital Shadows Research team provides our analysis of the fascinating Lazarus Group, attacks on the Winter Olympics opening ceremony, the problems with attribution, the theft of $170 million from the Bitgrail exchange, and two newly discovered Outlook vulnerabilities.

Episode 7: Operation Pzchao, Threats To The Winter Olympics, Infraud Forum Arrests, And More

Fri, 09 Feb 2018 13:59:33 -0500

The Digital Shadows Research team provides our analysis of the espionage-driven campaign Operation Pzchao, an Adobe zero-day vulnerability, malware in Winter Olympics spearphishing campaign, a WordPress denial of service vulnerability, and the takedown of the notorious “Infraud Forum”.

Episode 6: Cryptocurrency Fraud In-Depth

Tue, 06 Feb 2018 16:54:00 -0500

The Digital Shadows Research team discuss how criminal actors have capitalized on the increased interest in cryptocurrencies. The podcast looks at different approaches to mining fraud, account takeover and Initial Coin Offering fraud. Download a copy of the research here: https://info.digitalshadows.com/TheNewGoldRushCryptocurrency-Podcast.html

Episode 5: $530 Million Cyber Heist, DDoS Against Dutch Banks, And The Future Of Anonymous

Fri, 02 Feb 2018 15:54:16 -0500

The Digital Shadows Research team provides our analysis of the $530 million Coincheck cryptocurrency heist, recent DDoS attacks against Dutch financial services organizations, renewed OpCatalunya activity, updates on the Spectre and Meltdown flaws, and a potentially serious vulnerability affecting Cisco VPNs.

Episode 4: Dridex, Dark Caracal, Turla, Cozy Bear, And More

Fri, 26 Jan 2018 16:16:41 -0500

The Digital Shadows Research Team provides an update on Dridex malware, Dark Caracal, Turla, and Cozy Bear.

Episode 3: CVE-2018 -0802, Mirai Okiru, Bancomext Targeted, and Triton Malware

Fri, 19 Jan 2018 14:14:30 -0500

The Digital Shadows Research team provides an analysis of the last seven days, including an update on Spectre and Meltdown, a new MS Office vulnerability, Mirai Okiru, the targeting of Bancomext, and Triton malware targeting industrial control systems.

Episode 2: CoffeeMiner, Turla, and Cyber Threats to the Winter Olympics

Fri, 12 Jan 2018 16:52:52 -0500

The Digital Shadows team discusses the highlights of the past seven days, including the crypto currency mining “CoffeeMiner”, new Turla activity, and cyber threats to the Winter Olympics.

Episode 1: Spectre, Meltdown, Satori, and OpNetNeutrality

Fri, 05 Jan 2018 13:23:08 -0500

The Digital Shadows team discusses the highlights of the past seven days, including Meltdown and Spectre, the release of Satori code, OpNetNeutrality, OpIcarus and Monero mining malware.