It’s a full house with ShadowTalk hosts Stefano, Alec, Charles, Kim, Dylan, Adam, and Digital Shadows CISO, Rick! The team is looking back at three years of ShadowTalk and taking us on a journey through changes in the threat landscape. They discuss: - Adam and Alec take us through ransomware heavy hitters from the last few years - Big game hunting, double-extortion, and more- The team reminisce about their first time joining ShadowTalk - Kim and Rick tackle supply-chain attacks - looking back at SolarWinds and the role of trust- Most embarrassing moments in ShadowTalk history- Dylan and Charles talk CVE’s - more on opportunistic attackers taking advantage of Covid-19 and remote work- Final thoughts from the team - what would you tell your 2018 self?Check out the video recording of the podcast here: https://resources.digitalshadows.com/digitalshadows/special-shadowtalk-s-200th-episode Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-30-april***Resources from this week’s podcast***Phineas Fisher And The Hacking Team Investigation:https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/episode-51-phineas-fisher-and-the-hacking-team-investigationSolarWinds Supply Chain Attack Round-Up:https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/weekly-solarwinds-supply-chain-attack-round-upElectricFish Malware Attributed To “Lazarus Group” :https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/electricfish-malware-attributed-to-lazarus-groupThreat Report ATT&CK Mapping (TRAM) with MITRE’s Sarah Yoder And Jackie Lasky:https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/threat-report-attck-mapping-tram-with-mitre-sarah-yoder-and-jackie-laskyCVE 2019-0708 RDP Vulnerability and GDPR’s Anniversary:https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/cve-2019-0708-rdp-vulnerability-and-gdpr-s-anniversaryAlso, don’t forget to reach out to - [email protected]

ShadowTalk hosts Alec, Ivan, Charles, and newcomer, Sean, bring you the latest in threat intelligence. This week they cover:- Ivan dives into FBI actions against web-shells from compromised Exchange servers- Codecov supply chain attacks - Charles brings us the latest - The team discuss the Pulse Secure VPN bug - Plus, don’t forget our special 200th episode next week! Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-23-april ***Resources from this week’s podcast***FBI Web Shells: https://www.welivesecurity.com/2021/04/14/fbi-removes-malware-compromised-exchange-servers/Codecov: https://www.bleepingcomputer.com/news/security/hundreds-of-networks-reportedly-hacked-in-codecov-supply-chain-attack/REvil vs. Apple: https://www.bleepingcomputer.com/news/security/revil-gang-tries-to-extort-apple-threatens-to-sell-stolen-blueprints/Pulse Secure VPN: https://www.bleepingcomputer.com/news/security/pulse-secure-vpn-zero-day-used-to-hack-defense-firms-govt-orgs/https://www.bleepingcomputer.com/news/security/cisa-orders-federal-orgs-to-mitigate-pulse-secure-vpn-bug-by-friday/ Q1 Vulnerability Blog: https://www.digitalshadows.com/blog-and-research/q1-vulnerability-roundup/Emotet Shutdown Blog: https://www.digitalshadows.com/blog-and-research/the-emotet-shutdown-explained/ Also, don’t forget to reach out to - [email protected]

ShadowTalk hosts Stefano, Adam, Kim, and Chris bring you the latest in threat intelligence. This week they cover:- Kim takes us back to SolarWinds, the Centreon breach, the Accellion incident, and the Microsoft Exchange supply chain attack- The team discusses attributing attacks - state sponsored threat actors leverage sophisticated tactics, allowing lower level cybercriminals to ride their coattails - Chris takes the teams through mitigating risks and proxy logon vulnerabilities- How Covid-19 and WFH has affected the threat landscape - VPN vulnerabilities - Advice for security teams - what to prioritize- Adam discusses ransomware trends in Q1 2021- The team touches on law enforcement activity and more! Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/20210416-ds-weekly-intsum-updated ***Resources from this week’s podcast*** Q1 Ransomware Blog: https://www.digitalshadows.com/blog-and-research/q1-ransomware-roundup/ IABs Q1 Blog: https://www.digitalshadows.com/blog-and-research/initial-access-brokers-listings-increasing-in-2021/ Also, don’t forget to reach out to - [email protected]

ShadowTalk hosts Alec, Ivan, Charles, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- Ivan talks through the latest updates on the Facebook data breach - threat actors selling old data for cheap and what was potentially exposed- Charles discusses Fortinet vulnerabilities - what are the technical details and how do defenders protect their data?- The team dives deeper into the ransomware cartel - Clop updates - what’s the latest and who are they targeting?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-09-april ***Resources from this week’s podcast***Facebook Breach: https://www.theguardian.com/technology/2021/apr/06/facebook-breach-data-leak Fortinet Vulnerabilities: https://www.ic3.gov/Media/News/2021/210402.pdfhttps://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-attacking-fortinet-fortios-servers/ Ransomware Cartel: https://analyst1.com/file-assets/RANSOM-MAFIA-ANALYSIS-OF-THE-WORLD%E2%80%99S-FIRST-RANSOMWARE-CARTEL.pdf https://www.scmagazine.com/home/security-news/ransomware/ransomware-cartel-model-didnt-fulfill-potential-yet-but-served-as-cybercrime-proving-ground/ Stanford Breach: https://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-from-stanford-maryland-universities/ Actionable Threat Intel: https://www.digitalshadows.com/blog-and-research/new-release-actionable-threat-intelligence-with-searchlight/ MITRE and CTI: https://www.digitalshadows.com/blog-and-research/applying-mitre-attck-to-your-cti-program/ Also, don’t forget to reach out to - [email protected]

ShadowTalk hosts Stefano, Dylan, Kim, and Chris bring you the latest in threat intelligence. This week they cover:- Kim and her recent ransomware round-up - insurance company CNA suffers attack, Clop holds victims for ransom, and more- Chris takes the team through the PHP Git Server backdoor - Dylan and the group talk pandemic, remote-working, and cyber hygiene Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-02-april ***Resources from this week’s podcast***Tax Fraud 2021 Blog: https://www.digitalshadows.com/blog-and-research/tax-and-unemployment-fraud-in-2021/ Microsoft Exchange Hafnium Blog: https://www.digitalshadows.com/blog-and-research/microsoft-exchange-server-exploit-what-happened-next/ Cyber Threat Intelligence: Solutions Guide and Best Practices: https://resources.digitalshadows.com/digitalshadows/cyber-threat-intelligence-solutions-guide Also, don’t forget to reach out to - [email protected]

Digital Shadows CISO Rick hosts this edition of ShadowTalk. He’s joined by special guest Dr. Chase Cunningham, author, Retired Navy Chief Cryptologist, and Chief Strategy Officer at Ericom Software. They discuss: -Dr. Chase's origin story -How to use Zero Trust to take back initiative from the adversary -How the VPN is the Palm Pilot of your network infrastructure -Why there is no Zero Trust easy button -Chase's romance novel on cyber warfare -Threat modeling vacations***Resources from this week’s podcast***Find Dr. Chase Cunningham on LinkedIn: https://www.linkedin.com/in/dr-chase-cunningham-54b26243/ Find Dr. Chase Cunningham on Twitter: https://twitter.com/CynjaChaseCCyber Warfare – Truth, Tactics, and Strategies: Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare: https://www.amazon.com/gp/product/B084ZN2HBD/ref=dbs_a_def_rwt_bibl_vppi_i0Ericom Software: https://www.ericom.com/r/dr-zero-trust/ZT Edge: https://www.zerotrustedge.com/

ShadowTalk hosts Alec, Austin, Charles, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:-The team discusses the latest on Exchange Servers vulnerabilities - should guards still be up? -Austin takes us through the timeline of ransomware taking advantage of vulnerabilities regarding Microsoft -Austin talks $50 million ransom against Acer - biggest known ransom request in modern history. What does this mean for the threat landscape going forward? -A phishing campaign has stolen 400,000 OWA/O365 creds - how to make yourself the hardest target possibleGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-26-march ***Resources from this week’s podcast***Microsoft Vulnerabilities: https://www.bleepingcomputer.com/news/security/microsoft-92-percent-of-exchange-servers-safe-from-proxylogon-attacks/ Acer Ransom: https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/Black Kingdom Ransomware: https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-now-targeted-by-black-kingdom-ransomware/ Office 365 Phishing: https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-bypassing-email-gateways/ 2021 Tax Blog: https://www.digitalshadows.com/blog-and-research/tax-and-unemployment-fraud-in-2021/ Cybercriminal Perspective Blog: https://www.digitalshadows.com/blog-and-research/the-cybercriminal-perspective/ Also, don’t forget to reach out to - [email protected]

Digital Shadows CISO Rick hosts this edition of ShadowTalk. He’s joined by special guest John Kindervag, creator of Zero Trust and Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow at ON2IT Cybersecurity. They discuss: -John’s origin story and influences - what led to the creation of Zero Trust?- Zero Trust - origin, design principles, and terminology - What are your protect surfaces? - using Zero Trust- John’s new position at ON2IT***Resources from this week’s podcast***Find John Kindervag on LinkedIn: https://www.linkedin.com/in/john-kindervag-40572b1/ Find John Kindervag on Twitter: https://twitter.com/Kindervag Understanding Zero Trust Terminology: https://www.paloaltonetworks.com/resources/zero-trust Antifragile: Things That Gain from Disorder: https://www.amazon.com/Antifragile-Things-That-Disorder-Incerto/dp/0812979680

ShadowTalk hosts Stefano, Adam, Kim, and first-timer Chris bring you the latest in threat intelligence. This week they cover:-Kim takes us through the return of FIN8 - what are the updates to the “BadHatch” backdoor-Chris discusses DarkSides recent resurgence after a quiet period - what’s the latest?-Microsoft Exchange exploit update - the team discuss -How are threat actors and cybercriminals using ProxyLogon vulnerabilities?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-19-march ***Resources from this week’s podcast***FIN8: https://labs.bitdefender.com/2021/03/fin8-group-is-back-in-business-with-improved-badhatch-kit/ DarkSide: https://www.infosecurity-magazine.com/news/darkside-20-ransomware-fastest/ ProxyLogon: https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/ https://www.vice.com/en/article/n7vpaz/researcher-publishes-code-to-exploit-microsoft-exchange-vulnerabilities-on-github AC Features: https://www.vice.com/en/article/pkdnkz/escape-zoom-meetings-by-faking-technical-issues-and-crying-with-this-apphttps://attack.mitre.org/techniques/T1090/003/https://attack.mitre.org/software/S0398/Mapping MITRE to Microsoft Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attack-to-microsoft-exchange-zero-day-exploits/Revisiting Spectre Blog: https://www.digitalshadows.com/blog-and-research/revisiting-the-spectre-and-meltdown-vulnerabilities/ Monitoring for Supplier Risks Blog: https://www.digitalshadows.com/blog-and-research/monitoring-for-risks-coming-from-suppliers/FBI IC3 Blog: https://www.digitalshadows.com/blog-and-research/fbi-ic3-2020/ Also, don’t forget to reach out to - [email protected]

ShadowTalk hosts Alec, Ivan, Charles, and Austin bring you the latest in threat intelligence. This week they cover:- The team discuss HAFNIUM and Microsoft Servers Exchange- Updates on the Accellion incident - what’s the latest regarding Flagstar?- The Verkada compromise - who were the victims affected by the breach of private video footage?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-12-march ***Resources from this week’s podcast***Hafnium: https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/Microsoft Exchange Compromise: https://www.ic3.gov/Media/News/2021/210310.pdfFlagstar: https://www.cyberscoop.com/flagstar-bank-accellion-breach-clop/Verkada: https://www.washingtonpost.com/technology/2021/03/10/verkada-hack-surveillance-risk/ Mapping MITRE ATT&CK To The DPRK Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attack-to-dprk-financial-crime-indictment/ Year In Review: COVID-19 Concerns For Cybersecurity Blog: https://www.digitalshadows.com/blog-and-research/covid-19-concerns-for-cybersecurity/ Mapping MITRE ATT&CK To The Microsoft Exchange Exploits Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attack-to-microsoft-exchange-zero-day-exploits/ Also, don’t forget to reach out to - [email protected]

ShadowTalk hosts Stefano, Adam, Dylan, and Kim bring you the latest in threat intelligence. This week they cover:- The Australian Criminal Intelligence Commission (ACIC) issues three new warrants for dealing with cybercrime - how does this new legislation increase law enforcement powers?- VMware has revealed a critical-rated bug - what should security teams know?- Adam covers ICEDID Infection and ransomware - The team discuss the DPRK IndictmentGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-05-march ***Resources from this week’s podcast***New Australian Legislature: https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6623https://www.zdnet.com/article/australias-new-hacking-powers-considered-too-wide-ranging-and-coercive-by-oaic/ Vulnerability Round-Up: https://www.vmware.com/security/advisories/VMSA-2021-0002.html https://www.bleepingcomputer.com/news/security/working-windows-and-linux-spectre-exploits-found-on-virustotal/ ICEDID: https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html DPRK: https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and Law Enforcement Blog: https://www.digitalshadows.com/blog-and-research/cybercriminal-law-enforcement-crackdowns-in-2021/No Time For Threat Intel Noise Blog: https://www.digitalshadows.com/blog-and-research/no-time-for-threat-intel-noise/ Also, don’t forget to reach out to - [email protected]

ShadowTalk hosts Alec, Ivan, Charles, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- The team talks Initial Access Brokers (IAB) - what role do these middle- men play in the ransomware game?- How can your company mitigate risks against IABs?- The latest on the Accellion incident - Third party attacks - where does the blame fall?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-26-february ***Resources from this week’s podcast***Accellion: https://www.zdnet.com/article/fireeye-links-0-day-attacks-on-fta-servers-extortion-campaign-to-fin11-group/https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.htmlIAB Report: https://resources.digitalshadows.com/whitepapers-and-reports/initial-access-brokers-report Monitoring IABs in SearchLight: https://www.digitalshadows.com/blog-and-research/how-to-monitor-initial-access-broker-listings/ 5 Ways To Take Action Blog: https://www.digitalshadows.com/blog-and-research/5-ways-to-optimize-threat-intelligence/ Also, don’t forget to reach out to - [email protected]

ShadowTalk hosts Stefano, Adam, Dylan, and Kim bring you the latest in threat intelligence. This week they cover:- Adam takes us through the latest on Egregor and related arrests - is the threat group down but not out?- Dylan talks SIM-swapping - who was targeted?- Kim brings us the most recent news on the Centreon breach- Plus, the team reviews the Oldsmar water treatment facility attackGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-19-february ***Resources from this week’s podcast***Egregor operators arrested: https://www.zdnet.com/article/egregor-ransomware-operators-arrested-in-ukraine/SIM Swapping: https://www.europol.europa.eu/newsroom/news/ten-hackers-arrested-for-string-of-sim-swapping-attacks-against-celebrities https://www.youtube.com/watch?v=fHhNWAKw0bY Centreon breach: https://www.zdnet.com/article/france-russian-state-hackers-targeted-centreon-servers-in-years-long-campaign/ Oldsmar updates: https://www.mass.gov/service-details/cybersecurity-advisory-for-public-water-suppliers Threat Intel Can Be Noisy Blog: https://www.digitalshadows.com/blog-and-research/threat-intelligence-can-be-noisy-searchlight-helps/ Also, don’t forget to reach out to - [email protected]

ShadowTalk hosts Alec, Ivan, Austin, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- Cyberpunk and Witcher fans beware - threat actors target the CD Projekt Red source code- Ziggy ransomware calls it quits - is law enforcement activity driving this impact?- Oldsmar, FL water treatment facility gets hacked - could other critical infrastructure be at risk?- Researcher impacts dozens of tech firms through a supply chain attack, winning a $130,000 ‘bug bounty’Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-12-february ***Resources from this week’s podcast***Cyberpunk hack: https://www.theverge.com/2021/2/10/22276664/cyberpunk-witcher-hackers-auction-source-code-ransomware-attack Ziggy: https://www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/ Oldsmar: https://www.cnn.com/2021/02/08/us/oldsmar-florida-hack-water-poison/index.html Security researcher wins award: https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 Valentine’s Blog: https://www.digitalshadows.com/blog-and-research/cybercrime-and-valentines-day/ Exposed Credential Guide: https://resources.digitalshadows.com/whitepapers-and-reports/exposed-credentials-solutions-guide Also, don’t forget to reach out to - [email protected]

ShadowTalk hosts Stefano, Adam, and Kim bring you the latest in threat intelligence. This week they cover:- More threat actors and attack vectors are being investigated in the SolarWinds compromise- Law enforcement officials in the Netherlands are delivering an Emotet update that will remove it from infected devices- Kim talks Lebanese Cedar - What’s new in their latest attack?- Adam reviews Nefilim ransomware - how were they able to gain access and why it reinforces the need for securing employee accounts - Plus, don’t miss the malware name of the week! Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-05-february ***Resources from this week’s podcast***SolarWinds Update: https://www.wsj.com/articles/suspected-russian-hack-extends-far-beyond-solarwinds-software-investigators-say-11611921601 Lebanese Cedar: https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf Nefilim Ghost Credentials: https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/ Zinc Attacks: https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/ Emotet Disruption: https://www.digitalshadows.com/blog-and-research/emotet-disruption/ DarkMarket Seizure: https://www.digitalshadows.com/blog-and-research/darkmarkets-seizure/ Also, don’t forget to reach out to - [email protected]

ShadowTalk hosts Alec, Charles, Austin, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- Mimecast confirms SolarWinds attackers breached security certificate the latest updates- The rise and fall of Emotet plus unique video footage of the takedown- NetWalker ransomware targeted and taken down by US and Bulgarian Law Enforcement - Avaddon adopts a new tactic - could it become the MO of other threat groups?- North Korean threat actors go phishing for security researchers with fake social media profilesGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-29-january ***Resources from this week’s podcast***Mimecast SolarWinds Update: https://www.mimecast.com/blog/important-security-update/ 23 Sunburst Targets Identified: https://www.netresec.com/?page=Blog&month=2021-01&post=Twenty-three-SUNBURST-Targets-Identified Emotet: https://www.zdnet.com/article/emotet-worlds-most-dangerous-malware-botnet-disrupted-by-international-police-operation/ Emotet Takedown Video: https://youtu.be/_BLOmClsSpc NetWalker: https://www.zdnet.com/article/us-and-bulgarian-authorities-dirsupt-netwalker-ransomware-operation/ Avaddon: https://www.bleepingcomputer.com/news/security/another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay/ NK Activity: https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-targeting-security-researchers-with-malware-0-days/ Ransomware 2020 Blog: https://www.digitalshadows.com/blog-and-research/ransomware-analyzing-the-data-from-2020/Also, don’t forget to reach out to - [email protected]

ShadowTalk hosts Stefano, Adam, Kim, and Dylan bring you the latest in threat intelligence. This week they cover:- Adam and the team discuss more SolarWinds updates - what’s the latest?- Kim talks CISA security advisory - trends in recent attacks and cyber hygiene- Dylan dives into new ransomware attack on IObit - how threat actors spread the malware to its membersGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-22-january ***Resources from this week’s podcast***Cryptocurrency: https://www.bleepingcomputer.com/news/security/iobit-forums-hacked-to-spread-ransomware-to-its-members/https://twitter.com/BleepinComputer/status/1351261442536861697 Lokibot: https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html 3 Takeaways from Forrester: https://www.digitalshadows.com/blog-and-research/top-3-takeaways-from-forrester-ti-nowtech-2020/ AzureAD: https://www.digitalshadows.com/blog-and-research/azure-ad-auto-validate-exposed-credentials/Asset and Wealth Management: https://www.digitalshadows.com/blog-and-research/threats-to-asset-and-wealth-management-in-2020-2021/ Also, don’t forget to reach out to - [email protected]

ShadowTalk hosts Alec, Charles, Austin, and Ivan bring you the latest in threat intelligence. This week they cover:- Significant updates to the SolarWinds incident- Overlaps of the "Sunburst" backdoor and malware known to be used by the believed Russia-affiliated APT "Turla"- Possible SolarWinds scam - SolarLeaks claiming to sell data stolen in SolarWinds attacks- The newly identified Sunspot malware- Mimecast reporting of a compromised certificate possibly related to SolarWinds - the team dives deeper- DarkSide ransomware decryptor keys being released and how DarkSide respondedGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-15-january ***Resources from this week’s podcast***Sunburst: https://securelist.com/sunburst-backdoor-kazuar/99981/SolarLeaks: https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/SolarWinds updates: https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/ https://www.cyberscoop.com/mimecast-email-breach-solarwinds-russia/?category_news=technology Sunspot: https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/Covid-19 threat landscape updates: https://www.digitalshadows.com/blog-and-research/targets-and-predictions-for-the-covid-19-threat-landscape/Dark Web Marketplaces And Cybercriminal Forums: https://www.digitalshadows.com/blog-and-research/tracing-dark-web-marketplaces-and-cybercriminal-forums/ ShadowTalk Email: [email protected]

ShadowTalk hosts Stefano, Kim, Adam, and Dylan bring you the latest in threat intelligence. This week they cover:- Post-holiday updates on SolarWinds - what have we missed? - Ticketmaster gets fined $10 million for illegally accessing the internal systems of a competitor, using the credentials of a former employee- Apex Laboratory announced that it was the victim of a cyber attack - what we know so far- 2020 in review: What will the new year bring in the world of cyber security?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-08-january ***Resources from this week’s podcast***SolarWinds:https://www.solarwinds.com/securityadvisorySolarWinds Blog: https://www.digitalshadows.com/blog-and-research/solarwinds-compromise-what-security-teams-need-to-know/ SolarWinds Update Blog: https://www.digitalshadows.com/blog-and-research/solarwinds-compromise-update/ TicketMaster Fraud: https://www.justice.gov/usao-edny/pr/ticketmaster-pays-10-million-criminal-fine-intrusions-competitor-s-computer-systems-0APT27: https://www.scmagazine.com/home/security-news/ransomware/chinese-espionage-group-apt27-moves-into-ransomware/ 2020 Lookback Blog: https://www.digitalshadows.com/blog-and-research/lookingback-at-2020/ 2021 Forecasts Blog: https://www.digitalshadows.com/blog-and-research/2021-forecasts/ ShadowTalk Email: [email protected]

ShadowTalk hosts Kacey, Charles, Alec, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover all things SolarWinds:- An overview of the campaign and event timelines- SolarWinds' SEC filing and its implications- Early indicators of compromise, including public FTP creds and an access listing- What we can expect from this attack as time goes onGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-18-december ***Resources from this week’s podcast***Microsoft: https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/SolarWinds:https://www.solarwinds.com/securityadvisoryFireEye: https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.htmlDomainTools: https://www.domaintools.com/resources/blog/unraveling-network-infrastructure-linked-to-the-solarwinds-hack?utm_source=Social&utm_medium=twitter&utm_campaign=SUNBURST#FTP Creds (2019):https://savebreach.com/solarwinds-credentials-exposure-led-to-us-government-fireye-breach/ SEC Filinghttps://portal.pannus.uk/client/intelligence/incident/67083793 https://www.sec.gov/ix?doc=/Archives/edgar/data/1739942/000162828020017451/swi-20201214.htm Dark Halo: https://portal.pannus.uk/client/intelligence/incident/67128769https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/SolarWinds Blog: https://www.digitalshadows.com/blog-and-research/solarwinds-compromise-what-security-teams-need-to-know/

ShadowTalk hosts Stefano, Kim, and Adam bring you the latest in threat intelligence. This week they cover:- FireEye, a top security firm, suffers a breach caused by a state-sponsored attacker- Phishing campaigns target the distribution of the Covid-19 vaccine- Ransomware gangs resort to cold-calling victims in order to cash in - Plus, the very festive ‘Malware name of the week’Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-11-december ***Resources from this week’s podcast***FireEye breach: https://arstechnica.com/information-technology/2020/12/security-firm-fireeye-says-nation-state-hackers-stole-potent-attack-tools/ FireEye breach: https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html Phishing targeting the vaccine: https://portal-digitalshadows.com/search/intelligenceincident/66425527 Phishing targeting the vaccine: https://securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/ Ransomware cold calls: https://www.zdnet.com/article/ransomware-gangs-are-now-cold-calling-victims-if-they-restore-from-backups-without-payingMalware name of the week: https://www.pcrisk.com/removal-guides/10819-merry-christmas-ransomware Egregor blog: https://www.digitalshadows.com/blog-and-research/egregor-the-new-ransomware-variant-to-watch/Holiday Cybercrime blog: https://www.digitalshadows.com/blog-and-research/holiday-cybercrime-retail-risks-and-dark-web-kicks/ Podcast email: [email protected]

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick chat with Brian Wrozek of Optiv. They cover: - Brian’s origin in cybersecurity - Looking forward to 2021 - what should we be focusing on and what do we need to be prepared for?- Threat modeling and tabletop exercises - how do we prepare for the worst?- Brian and the team talk degrees - how big of a role do they play when recruiting? ***Resources from this week’s podcast***Find Brian Wrozek on LinkedIn: https://www.linkedin.com/in/brianwrozek Find Brian Wrozek on Twitter: https://twitter.com/bdwtexas?lang=en University of Dallas link: https://udallas.edu/cob/about/adjunct-faculty/wrozek-brian.phpOptiv: https://www.optiv.com/

ShadowTalk hosts Kacey, Charles, Alec, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- REvil ransomware breathes new life into Gootkit malware - C-level email credentials listed for sale on a cybercriminal marketplace- Does REvil have ties to Maze and Egregor? A conversation about source evaluation and attribution.- Spam Haus reports that thousands of IPV4 addresses are suddenly coming alive - is more BGP abuse on the horizon?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-4-december ***Resources from this week’s podcast***Gootkit: https://www.bleepingcomputer.com/news/security/gootkit-malware-returns-to-life-alongside-revil-ransomware/Threat actor sells accounts: https://www.zdnet.com/article/a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives/REvil: https://twitter.com/campuscodi/status/1333462999105998848Spam Haus: https://www.reddit.com/r/blueteamsec/comments/k42sk7/suspicious_network_resurrections_spamhouse/?utm_source=share&utm_medium=web2x&context=32021 Predictions blog: https://www.digitalshadows.com/blog-and-research/2021-forecasts/2021 Predictions webinar: https://info.digitalshadows.com/2020Dec09-Live-Webinar-Predictions.htmlEgregor blog: https://www.digitalshadows.com/blog-and-research/egregor-the-new-ransomware-variant-to-watch/

ShadowTalk hosts Stefano, Adam and Dylan bring you the latest in threat intelligence. This week they cover: - QBot drops Prolock for Egregor ransomware- IoT new regulations - Black Friday threats and opportunities- Plus: The team discuss the malware name of the weekGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-27-november***Resources from this week’s podcast***Holiday Cybercrime Blog: https://www.digitalshadows.com/blog-and-research/holiday-cybercrime-retail-risks-and-dark-web-kicks/Egregor: https://www.digitalshadows.com/blog-and-research/egregor-the-new-ransomware-variant-to-watch/

ShadowTalk hosts Kacey, Alec, and Charles, bring you the latest in threat intelligence. This week they cover: - New Chinese APT group, FunnyDream, conducts a sophisticated cyber espionage campaign targeting SE Asian government entities.- Ransomware operators want to be heard - Ragnar Locker turns to Facebook and Egregor begins printing ransom notes.- Is Egregor the new Maze? Let's unpack this.- Plus, the team talks about their favorite Thanksgiving dish, plus a side of footballGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-20-november ***Resources from this week’s podcast***FunnyDream: https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT.pdfRagnar Locker: https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/Egregor: https://www.bleepingcomputer.com/news/security/retail-giant-cencosud-hit-by-egregor-ransomware-attack-stores-impacted/Darkside Blog: https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/Triangle InfoSecCons - Cybercrime Trends with Digital Shadows CISO Rick: https://www.youtube.com/watch?v=owBgVgiWFXMRansomware Trends in Q3 Webinar: https://resources.digitalshadows.com/webinars/ransomware-trends-in-q3Holiday Cybercrime Blog: https://www.digitalshadows.com/blog-and-research/holiday-cybercrime-retail-risks-and-dark-web-kicks/Digital Shadows in Security Mag: https://www.securitymagazine.com/articles/93950-cybercriminal-forum-offers-wisconsin-voter-data-for-free

ShadowTalk hosts Stefano, Kim, Dylan, and Adam bring you the latest in threat intelligence. This week they cover: - RegretLocker’s approach to quickly encrypting files - how their efficiency compares to counterpart Ryuk - Vx Underground’s code used in ransomware attacks- APT32, or OceanLotus, using social media and news sites to draw in users and redirect them to phishing pages - U.S. DoJ seizes $24 Million in cryptocurrency, assisting the Brazilian governmentGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-13-november ***Resources from this week’s podcast***RegretLocker Ransomware: https://www.bleepingcomputer.com/news/security/new-regretlocker-ransomware-targets-windows-virtual-machines/Vx Underground: https://twitter.com/smelly__vx/status/1323849544145211392https://twitter.com/vxunderground/status/1326055110292729856OceanLotus: https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/U.S. Seizes Virtual Currency: https://www.justice.gov/opa/pr/us-seizes-virtual-currencies-valued-24-million-assisting-brazil-major-internet-fraud)https://www.cyberscoop.com/silk-road-bitcoin-billion-wallet/Bitcoin vs. Monero Blog: https://www.digitalshadows.com/blog-and-research/bitcoin-vs-monero/ Evolution of DDoS: https://www.digitalshadows.com/blog-and-research/the-evolution-of-ddos-activity-in-2020

ShadowTalk hosts Kacey, Alec, Charles and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- Election update - Because that’s what’s on many people’s minds right now- North Korean Group Kimsuky Targets Government Agencies With New Malware - Maze Group announces closing of its operations- Wroba mobile malware targets US smartphones - Plus: Group discusses Guy FawkesGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-06-november-2020***Resources from this week’s podcast***Clickbait to Checkmate: https://www.digitalshadows.com/blog-and-research/sms-based-scam-targets-us-smartphones-and-accesses-victim-locations/Glossary: https://www.digitalshadows.com/blog-and-research/a-glossary-of-cybercriminal-access-offerings/Phillip Wylie Podcast: https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/special-guest-phillip-wylie-talks-origin-story-bear-wrestling-and-much-more

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick chat with Phillip Wylie about his origin story, his brief foray into professional wrestling, and so much more. This isn’t one to miss!***Resources from this week’s podcast***Grab Phillip’s Book - The Pentester BluePrint: Your Guide to Being a Pentester: https://www.amazon.com/Pentester-BluePrint-Your-Guide-Being/dp/1119684307 Innocent Lives Foundation (@innocentorg): https://www.innocentlivesfoundation.org/donate/ Pwn School project: https://twitter.com/schoolpwn Follow Phillip on Twitter: https://twitter.com/PhillipWylie

ShadowTalk hosts Stefano, Dylan, Adam, and Kim bring you the latest in threat intelligence. This week they cover:- EU slaps sanctions on GRU leader, Fancy Bear- Kim discusses the latest on Ryuk and provides insight on its evolution- Breach against Finnish psychotherapy giant Vastaamo - patients getting targeted for ransom- Plus, a little Halloween fun! Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-30-october-2020 ***Resources from this week’s podcast***Sanctions on Fancy Bear: https://www.cyberscoop.com/eu-gru-fancy-bear-bundestag-russia/Ryuk: https://labs.sentinelone.com/an-inside-look-at-how-ryuk-evolved-its-encryption-and-evasion-techniques/ and https://www.soprasteria.com/newsroom/press-releases/details/cyberattack-information-update Hackers blackmailing patients: https://threatpost.com/vastaamo-hackers-blackmailing-therapy-patients/160536/ NCSAM - Future of Connected Devices: https://www.digitalshadows.com/blog-and-research/cybersecurity-awareness-month-week-4-the-future-of-connected-devices/

ShadowTalk hosts Kacey, Alec, Austin, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- SandWorm and its link to Russia’s GRU - what’s their history and what does this mean?- The Darkside ransomware group takes a philanthropic approach to cybercrime- Ryuk leverages Bazar Loader and Zerologon vulnerability in their recent (and very speedy) attack- Plus: The group discusses their favorite WiFi namesGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-23-october-2020 ***Resources from this week’s podcast***GRU Indictment: https://www.justice.gov/opa/press-release/file/1328521/downloadDarkside: https://www.zdnet.com/article/ransomware-gang-donates-part-of-ransom-demands-to-charity-organizations/Ryuk: https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/Charitable Cybercriminals Blog: https://www.digitalshadows.com/blog-and-research/charitable-endeavors-on-cybercriminal-forums/Digital Shadows Darkside Blog: https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/High Profile Arrests Blog: https://www.digitalshadows.com/blog-and-research/recent-arrests-and-high-profile-convictions-what-does-it-mean-for-the-cyber-threat-landscape/Ransomware Trend Q3 Blog: https://www.digitalshadows.com/blog-and-research/ransomware-trends-in-q3/Dark Pathways Into Cybercrime Blog: https://www.digitalshadows.com/blog-and-research/dark-pathways-into-cybercrime-minding-the-threat-actor-talent-gap/

ShadowTalk hosts Viktoria, Adam, Stefano, and Dylan bring you the latest in threat intelligence. This week they cover:- Microsoft: Derailing trickbot, which threatened the US election- Ransomware: The stories that go unreported and why we should care- Fitbit: Customers data at risk following spyware creation by researchers- “Data” - Can the team resist saying it?Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-16-october-2020 ***Resources from this week’s podcast***Microsoft Take Down: https://www.microsoft.com/security/blog/2020/10/12/trickbot-disrupted/Europol: https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2020Fitbit: https://threatpost.com/fitbit-personal-data-watch-face/160003/ Europol Analysis: https://www.digitalshadows.com/blog-and-research/digital-shadows-analysis-of-europols-cybercrime-report/ NCSA Month Week 2 - Security Devices at Home: https://www.digitalshadows.com/blog-and-research/cybersecurity-awareness-month-week-2-security-devices-at-home-and-work/ US SMS Scam: https://www.digitalshadows.com/blog-and-research/sms-based-scam-targets-us-smartphones-and-accesses-victim-locations/

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick are joined by special guest Marcus Carey. In this episode they cover:- Marcus’s origin story including his time in the Navy and the NSA- The Austin food scene - BBQ is always on the menu- Marcus talks mentoring and helping others find their “superpower”- The team discusses Marcus’s books for children and how to ensure diversity in the workplaceVisit the blog for this episode by Digital Shadows CISO Rick: www.digitalshadows.com/blog-and-research/marcus-carey-joins-shadowtalk/***Resources from this week’s podcast***Twitter: https://twitter.com/marcusjcareyLinkedIn: https://www.linkedin.com/in/marcuscarey/Tribe of Hackers: https://www.tribeofhackers.comAn Anti-Racism Checklist: Supporting Black Employees in Tech https://venturebeat.com/2020/09/19/an-anti-racism-checklist-supporting-black-employees-in-tech/Marcus’s Books on Amazon: https://www.amazon.com/Marcus-J-Carey/e/B07MFWJPGV/ref=dp_byline_cont_book_1

ShadowTalk hosts Kacey, Alec, Charles and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover: - The US Department of Treasury sends a message about negotiating with ransomware operators - APT28 compromises a US federal agency- Foreign spies use fronts to hide cyber espionage operations- Iranian nation-state threat actors leverage Zerologon flaw to carry out attacksGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-09-october-2020 ***Resources from this week’s podcast***Sanctions for ransomware: https://threatpost.com/mixed-sanctions-ransomware-negotiators/159795/APT28: https://www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/Foreign spies: https://www.cyberscoop.com/chinese-iranian-hackers-front-companies/Zerologon: https://threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/Bitcoin vs. Monero Blog: https://www.digitalshadows.com/blog-and-research/bitcoin-vs-monero/

ShadowTalk hosts Adam, Kim, Stefano and Dylan bring you the latest in threat intelligence. This week they cover:- Mount Locker trying to extort 7+ figures from its victims- Old Gremlin - the team talks new activity attributed to this group- REvil looking for new affiliates and flexing with bitcoin - Healthcare hack has severe repercussions - Attackers exploit Zerologon vulnerability - Joker Trojan infects Google Play Store for Android - what we know- Celebrating Cyber Awareness Month with games and moreGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-02-october-2020***Resources from this week’s podcast***Old Gremlin: https://www.group-ib.com/blog/oldgremlin Mount Locker Ransomware: https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game/ REvil Ransomware: https://www.bleepingcomputer.com/news/security/revil-ransomware-deposits-1-million-in-hacker-recruitment-drive/ Zerologon: https://www.infosecurity-magazine.com/news/zerologon-windows-server-flaw/ Joker Trojan: https://threatpost.com/joker-trojans-android/159595/ Most Hacked Passwords: https://www.ncsc.gov.uk/news/most-hacked-passwords-revealed-as-uk-cyber-survey-exposes-gaps-in-online-security Pwned Websites: https://haveibeenpwned.com/PwnedWebsites Darkside blog: https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/

ShadowTalk hosts Kacey, Charles, Alec and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:-A member of TheDarkOverlord was sentenced to multiple years in prison, APT41 members have been charged with computer crimes, and 179 cybercriminals have been arrested for pushing illicit drugs and weapons on criminal marketplaces.-Fancy Bear activity uses NATO training documents for a phishing campaign-Activision suffers a potential data breach - what we know-University Hospital targeted by ransomware attack - the team discusses the falloutGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-25-september-2020 ***Resources from this week’s podcast***Dark Overlord: https://securityaffairs.co/wordpress/108599/cyber-crime/the-dark-overlord-group-member-sentence.html?utm_source=rss&utm_medium=rss&utm_campaign=the-dark-overlord-group-member-sentenceAPT41: https://techcrunch.com/2020/09/16/justice-department-charges-apt41-chinese-hackers/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAANj1ao-t2OsjXeOqgLz3US1ZkDpaX5RiLvv2kDHGEQV5BemCfHZcLxOmEja-NawLGOwxwCL8IwjIc5HN2Gl0gPjqYzRVUxyK8_vrC5XleANawX6KANKYzLUmnl9OSYTFtSOu6CGWx-pRNK12tKqvbvi5dsVEcQHotxktiwUv0DtaDark Web Drug Raid: https://www.bbc.com/news/technology-54247529 Fancy Bear: https://www.bleepingcomputer.com/news/security/russian-hackers-use-fake-nato-training-docs-to-breach-govt-networks/Activision Hack: https://www.forbes.com/sites/daveywinder/2020/09/21/activision-accounts-hacked-500000-call-of-duty-players-could-be-affected-report/#12ed502c7bbeUniversity Hospital Hack: https://www.cyberscoop.com/germany-ransomware-homicide-duesseldorf-hospital/

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick are joined by Information Security Analyst and author Chris Sanders. The team talk BBQ and Chris’s new book Intrusion Detection Honeypots: Detection through Deception. Resources from the podcast:-Read Rick's Blog Recap: www.digitalshadows.com/blog-and- research/discussing-deception-with-chris-sanders/-Chris’s Book Intrusion Detection Honeypots: Detection through Deception: https://www.amazon.com/Intrusion-Detection-Honeypots- through-Deception-ebook/dp/B08GP8X86L -Rural Tech Fund: https://ruraltechfund.org/mission/ -The Cuckoo’s Egg Course: https://chrissanders.org/training/cuckoosegg/ -Chris's Website: https://chrissanders.org/ -Chris’s Twitter: https://twitter.com/chrissanders88 -Chris’s LinkedIn: https://www.linkedin.com/in/chrissanders88/ -Email Chris at chrissanders.orgAdditional Links:-SANS CTI Summit Keynote Cliff Stoll: https://www.youtube.com/watch? v=1h7rLHNXio8 -The Cuckoo’s Egg by Cliff Stoll: https://www.amazon.com/Cuckoos-Egg- Tracking-Computer-Espionage/dp/1416507787

This week, Viktoria is joined by ShadowTalk residents Adam and Kim, and on this episode, they speak to guest Ed Merrett, founder of HackableYou, the cybersecurity podcast. Viktoria speaks to Ed Merrett about why he set up HackableYou, then together the team unpack the latest stories, including:-Magento Online Stores: 1,000 stores affected by card skimming-ZeroLogon (CVE-2020-1472) - Critical severity Vulnerability: Impact & Mitigation-US Election: New campaigns observed targeting political candidatesGet our Weekly Intelligence Summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-18-september-2020To listen to Ed’s podcast, visit HackableYou: https://hackableyou.com/podcast/

This week’s host Kacey is joined by Charles and Alec to bring you the latest in threat intelligence. In this episode they cover: - Visa issues a warning about new credit card skimmer “Baka”- Epic Manchego - Atypical malicious document delivery- What is Smaug and how does it operate?- Emotet - are there new developments and why did France send an advisory?Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-11-september-2020 ***Resources from this week’s podcast***Baka: https://www.bleepingcomputer.com/news/security/visa-warns-of-new-baka-credit-card-javascript-skimmer/Epic Manchego: https://blog.nviso.eu/2020/09/01/epic-manchego-atypical-maldoc-delivery-brings-flurry-of-infostealers/Smaug: https://labs.sentinelone.com/multi-platform-smaug-raas-aims-to-see-off-competitors/France warns of Emotet: https://www.bleepingcomputer.com/news/security/france-warns-of-emotet-attacking-companies-administration/ Similar Advisories from Japan & NZ: https://www.zdnet.com/article/france-japan-new-zealand-warn-of-sudden-spike-in-emotet-attacks/Cyber Espionage Blog: https://www.digitalshadows.com/blog-and-research/cyber-espionage-how-to-not-get-spooked-by-nation-state-actors/Not Another Ransomware Blog: https://www.digitalshadows.com/blog-and-research/not-another-ransomware-blog-initial-access-brokers-and-their-role/

Adam, Kim, Demelza and Stefano discuss the latest threat intel updates. On this episode, they cover:- New Zealand Stock Exchange DDoS attacks: Services affected & extent of impact- Tesla employee thwarts cyberattack: Developments & internal threats- Pioneer Kitten observed monetizing cyber activity- Information about Slack vulnerability:- Tor projects launch membership program: why & what does this mean?Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-04-september-2020***Resources from this week’s podcast***DDos Extortion: https://www.welivesecurity.com/2020/08/27/ddos-extortion-campaign-targets-financial-firms-retailers/Russian National Arrest: https://www.justice.gov/opa/press-release/file/1308766/downloadPioneer Kitten: https://www.crowdstrike.com/blog/who-is-pioneer-kitten/Remote Code Execution: https://hackerone.com/reports/783877 The Tor Project: https://blog.torproject.org/tor-project-membership-programSunCrypt: https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-sheds-light-on-the-maze-ransomware-cartel/ Dread Take on Spammers: https://www.digitalshadows.com/blog-and-research/dread-takes-on-the-spammers-who-will-come-out-on-top/

ShadowTalk hosts Kacey, Alec, Charles, and Rick bring you the latest in threat intel. In this week’s episode they cover:- The Department of the Treasury, FBI, and the US Cyber Command issue an alert about North Korea's BeagleBoyz - what do we know and what does it mean?- DarkSide operation discovered attacking companies with ransom demands up to $2 Million- Charles discusses DeathStalker kill chain and their targets- Alec talks spy stories and potential internal threats to companiesGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-28-august-2020 ***Resources from this week’s podcast***BeagleBoyz: https://us-cert.cisa.gov/ncas/alerts/aa20-239aDarkSide: https://www.bleepingcomputer.com/news/security/darkside-new-targeted-ransomware-demands-million-dollar-ransoms/DeathStalker: https://securelist.com/deathstalker-mercenary-triumvirate/98177/Spy Story: https://www.zdnet.com/article/russian-arrested-for-trying-to-recruit-an-insider-and-hack-a-nevada-company/ Cybercriminal Forum Rankings Blog: https://www.digitalshadows.com/blog-and-research/alexa-who-is-the-number-one-cybercrminal-forum-to-rule-them-all/Empire Exit Scam Blog: https://www.digitalshadows.com/blog-and-research/cybercriminal-underground-rocked-by-empires-apparent-exit-scam/

ShadowTalk hosts Alex and Digital Shadows CISO, Rick, talk to special guest David about his beginnings in the cybersecurity space, the Pyramid of Pain, and threat hunting.Pyramid of Pain: https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.htmlDavid’s Twitter: https://twitter.com/DavidJBiancoDavid’s Sans Profile: https://www.sans.org/profiles/david-bianco/

ShadowTalk hosts Viktoria, Adam, Dylan, and Stefano bring you the latest in threat intel. In this week’s episode they cover:- The ever-popular Emotet - does this dangerous malware have a vaccine? Adam and the team discuss how researchers found a cure.- What is the Drovorub malware and what is it trying to achieve?- Takeaways from the U.S. Army’s report on North Korean tactics - what do we know about North Korea’s cyber activity and Bureau 121?Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-21-august-2020***Resources from this week’s podcast***Emotet: https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/Drovorub: https://www.fbi.gov/news/pressrel/press-releases/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecurity-advisoryBureau 121: https://www.documentcloud.org/documents/7038686-US-Army-report-on-North-Korean-military.htmlOptiv CTIE Report: https://resources.digitalshadows.com/digitalshadows/optivctiereport2020

Alex, Kacey, and Charles host this week’s ShadowTalk, bringing you the latest in threat intelligence. In this episode they cover:- Defaced subreddits - which accounts were impacted and what was the cause?- An Intel Leak was exposed by a Twitter user - what was exposed and how did it happen?- Troy Hunt's announcement on open-sourcing HIBP - our take on how it will improve the community at largeGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-14-august-2020***Resources from this week’s podcast***Reddit: https://www.reddit.com/r/ModSupport/comments/i5hhtf/ongoing_incident_with_compromised_mod_accounts/ https://www.bleepingcomputer.com/news/security/reddit-hit-by-coordinated-hack-promoting-trumps-reelection/Twitter Intel Leak: https://www.infosecurity-magazine.com/news/intel-investigates-20gb-internal/HIBP: https://www.troyhunt.com/im-open-sourcing-the-have-i-been-pwned-code-base/Escrow Systems On Cybercriminal Forums Blog: https://www.digitalshadows.com/blog-and-research/escrow-systems-on-cybercriminal-forums/

In this week’s episode, Viktoria is joined by Kim, Dylan and Demelza to discuss:- Ransomware negotiations between CWT and cyberattackers- Impact and severity of passwords leaked for 900+ pulse secure enterprise servers to criminal forum- The Ghostwriter/disinformation campaign overview: series of disinformation campaigns, aligned to Russian security interests - activity and attribution- EU issues first sanctions against Russian and Chinese cyber actors: Impact, effectiveness and reasoning behind thisGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-07-august-2020***Resources from this week’s podcast***CWT: https://uk.reuters.com/article/uk-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUKKCN24W26PPulse Secure VPN: https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/#ftag=RSSbaffb68EU Sanctions: https://www.gov.uk/government/news/foreign-secretary-welcomes-first-eu-sanctions-against-malicious-cyber-actorshttps://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32020D1127&from=EN

On this ShadowTalk hosts Viktoria and James talk to special guest Geoff about his best selling book Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global and beyond that, themes within cybercrime, from the commodification of personal data to cybercrime tactics and tools. Find Geoff’s book here: https://www.amazon.co.uk/Crime-Dot-Com-Viruses-Rigging/dp/1789142857Visit Geoff’s website: https://geoffwhite.tech/

This week it’s a full house with ShadowTalk hosts Alex, Kacey, Charles, Alec and Rick. During this episode they cover:- Garmin ransomware attacks - what happened?- Kacey talks QSnatch malware - history and new alerts- Stage 2 from ShinyHunters and the 50 high profile organizations that had information leakedGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-31-july-2020***Resources from this week’s podcast***Garmin ransomware: https://www.zdnet.com/article/garmins-outage-ransomware-attack-response-lacking-as-earnings-loom/ QSnatch malware: https://www.zdnet.com/article/cisa-says-62000-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware/#ftag=RSSbaffb68 ShinyHunters: https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/

This week’s ShadowTalk hosts Adam, Demi, Stefano and Kim discuss the latest threat intelligence stories. In this episode they cover:-Trickbot trojan mishap causes wide-spread warnings, alerting users of threatening activity-Dangerous malware Emotet resurges and partners with Trickbot to infect a large number or users-Twitter takeover updates - what we know so far-NCSC advisory about APT29 targeting Covid-19 vaccine research -APT35 footage surfaces, exposing the group’s informationGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-24-july-2020***Resources from this week's podcast***NCSC: https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development Twitter Updates: https://www.bleepingcomputer.com/news/security/coinbase-blocked-twitter-hackers-from-stealing-an-extra-280k/ Emotet: https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/APT35: https://www.wired.com/story/iran-apt35-hacking-video/

This week’s ShadowTalk hosts Alex, Kacey, and Alec discuss the latest threat intelligence stories. In this epic episode they cover:-Top Twitter accounts that were accessed to promote a Bitcoin scam -Threat Intel platform Data Viper gets breached in revenge attack by threat actor NightLion -Updates on cybercriminal forum CryptBB - where are they now and what does the future hold?Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-17-july-2020***Resources from this week’s podcast***Twitter attack https://twitter.com/TwitterSupport/status/1283518038445223936?s=20 Data Viper breach https://krebsonsecurity.com/2020/07/breached-data-indexer-data-viper-hacked/ CryptBB blog by DS Photon Team https://www.digitalshadows.com/blog-and-research/cryptbb-demystifying-the-illusion-of-the-private-forum/