CISO Rick Holland and Host Alex Guirakhoo chat with this week's special guest Tom Schmitt, Global Director of Threat Intelligence at Anheuser-Busch InBev. They discuss Tom’s origin in the Cyber Threat Intelligence space and get his insight on TITO (or “Threat, Infrastructure, Targets, and Outcomes”), a platform and data-agnostic threat intelligence framework.Learn more about TITO at https://github.com/TITO-Threat-Intel/TITO-Framework

Demelza, Viktoria, Adam, and Stefano host this week’s ShadowTalk to bring you the latest threat intelligence stories from the week. This week they cover:- Honda technical details - cyber attack- LookBack, FlowCloud similarities point to a single perpetrator of utility attacks - TA410- Delivery of malware through cloud storage Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Recruiting Moderators on Cybercriminal Forums: https://www.digitalshadows.com/blog-and-research/recruiting-moderators-on-cybercriminal-forums/Reducing Technical Leakage: https://www.digitalshadows.com/blog-and-research/reducing-technical-leakage-detecting-software-exposure-from-the-outside-in/

CISO Rick Holland and Host Alex Guirakhoo chat with Alex Pinto from Verizon around the Verizon DBIR. They talk through Pinto’s background, how the Verizon DBIR gets put together, findings from this year’s report, and of course, the best jokes found (or not found) in this year’s report.Get the full DBIR at https://enterprise.verizon.com/resources/reports/dbir/And check out Rick’s Blog here: https://www.digitalshadows.com/blog-and-research/2020-verizon-data-breach-investigations-report-dbir-ciso-view/

Alex is joined by Kacey and Charles this week to chat through the top threat intel stories of the week. This week’s highlights include: - Zorab Ransomware Disguised as STOP Djvu Ransomware- Endgame: New DDoS protection tool advertised on the dark web- Sodinokibi Ransomware Group updates and Maze ransomware allianceGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-12-june-2020***Resources From this Week***Endgame DDoS tool on dark web: https://www.digitalshadows.com/blog-and-research/ddos-attacks-dark-web-endgame/

Pietro, Viktoria, Adam, and Demelza cover this week’s top threat intelligence stories, including a Hacktivist group choosing destruction over profit with ransomware.Other stories this week include- EasyJet breach- Collection 1 Hacker Identified- Fin7 Member Arrested- iOS Mail App VulnerabilityCheck out more in this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-29-may-2020***Resources From this Week***Dark Web Digest Recording: https://resources.digitalshadows.com/webinars/dark-web-digest-gaining-valuable-threat-intel-from-cybercriminal-forums-webinar

CISO Rick Holland kicks off this episode walking us through key findings and his take from the just-released 2020 Verizon DBIR.Then the team covers other top stories from the week including:- The new threat group, ShinyHunters, exposing at least 18 companies- Phishing trends organizations should watch out for - Sodinokibi targets Grubman, Shire, Meiselas & Sacks law firm, threatens to release data unless a USD 24 million extortion payment is metShout-out to this week’s ShadowTalk-ers: Kacey, Charles, Rick, and AlexGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-22-may-2020***Resources from this Week***Rick’s DBIR Blog: https://www.digitalshadows.com/blog-and-research/2020-verizon-data-breach-investigations-report-dbir-ciso-view/Kacey’s Phishing Blog: https://www.digitalshadows.com/blog-and-research/3-phishing-trends-organizations-should-watch-out-for/Ecosystem of Phishing: https://www.digitalshadows.com/blog-and-research/the-ecosystem-of-phishing/

Physician-Scientist, Dr. Pratik Sinha, joins CEO and co-founder, Alastair Paterson, and CISO, Rick Holland, for this special guest episode of ShadowTalk. The group walks through Al and Pratik’s recent research together around contact tracing. They look at:- What is contact tracing and how does it work?- How have we done contact tracing in previous pandemics and will it work for COVID-19?- Privacy Risks and balancing the tradeoff between health and privacy- Big TechRead the full blog from Al and Pratik at https://www.digitalshadows.com/blog-and-research/contact-tracing-can-big-tech-come-to-the-rescue-and-at-what-cost/You can find Pratik on Twitter @progdoctalk or at https://profiles.ucsf.edu/pratik.sinha

We're pleased to have a special guest, Steve Marshall, CISO and Head of Cyber Consulting at Bytes- a Software Licensing Reseller & IT Security Services.in this special episode, Steve Marshall, Viktoria Austin, and James Chappell look at the industry at a macro level - delving into stories and themes that have changed how we communicate, how we work, securely, but also what the future of remote working looks like. In the UK and across the world, remote working has become - for many - the new norm. But how prepared were organizations for this change? Likewise, on the supplier side, were the technologies - such as video communications, ISP providers - prepared for this? What does the future of working look like now? For more threat intelligence resources around COVID-19, please visit https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesThanks for listening and special shout out to Steve for joining. Cheers!

The team starts this week’s episode with a retrospective look at WannaCry, discussing some core lessons learned from this ransomware attack. Viktoria, Demelza, Adam, and Jamie then dig through other top stories including:- A wordpress plugin vulnerability - WeLeakData[.]com compromised with the hackers’ messages leaked- BitBazaar Dark Web Market deception and manipulationGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources this Week***BitBazaar: https://www.digitalshadows.com/blog-and-research/bitbazaar-market-deception-and-manipulation-on-the-dark-web/

This week Alex chats with Kacey, Charles, and Rick around competitions we’ve been seeing on English-language cybercriminal forums and how they compare to the ones on Russian-language forums, purple teaming, and how a hacker bribed a ‘Roblox’ insider to access user data. And finally… our thoughts on Elon Musk’s new baby’s name. Thanks for listening and stay safe out there!***Resources from This Week***Competitions on English-Language Forums: https://www.digitalshadows.com/blog-and-research/competitions-english-language-cybercriminal-forums/Hacker Bribed 'Roblox' Insider to Access User Data: https://www.vice.com/en_us/article/qj4ddw/hacker-bribed-roblox-insider-accessed-user-data-reset-passwordsSANs Webinar: https://www.sans.org/webcasts/security-leadership-managing-turbulent-times-presented-summits-113310

We’ve got a very special episode for you this week with Hacker Valley Studio guests Ron Eddings and Chris Cochran. CISO Rick Holland and Threat Researcher Alex Guirakhoo chat with Ron and Chris about their backstories and how they got into cybersecurity, their favorite topics from Hacker Valley Studio, and the human element of cybersecurity programs. You can find Ron and Chris at hackervalley.studio or on Twitter @TheHackerValley. And be sure to check out their LinkedIn to give them a vote for the Best New Cybersecurity Podcast for the EU Cybersecurity Blogger Awards! Thanks for listening and have a great week.

Jamie, Adam, and Demelza join Viktoria for this week’s threat intelligence updates.Top stories this week include:- Vulnerability allowed hijacking of Microsoft Teams account with a GIF- APT32 seeks pandemic intel from Wuhan government, Chinese ministry- Microsoft Intelligence team report on uptick in ransomwareCheck out our intelligence summary for more details here: https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this week***Charitable Endeavors on Cybercriminal Forums: https://www.digitalshadows.com/blog-and-research/charitable-endeavors-on-cybercriminal-forums/Krebs article that features our blog: https://krebsonsecurity.com/2020/04/how-cybercriminals-are-weathering-covid-19/SANS Webinar with Rick Holland: https://www.sans.org/webcasts/security-leadership-managing-turbulent-times-presented-summits-113310Microsoft Blog on Uptick in Ransomware: https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/

Maze Ransomware Infiltrates Cognizant, Czech NCISA Warning, And Third Party Risk Assessment PrioritiesAlex, Kacey, Charles, and Harrison host this week’s ShadowTalk for threat intel updates including Maze ransomware updates, a warning of an imminent threat from the Czech NCISA, priorities for third party risks assessments, and the Nulled Cracking Forum going mobile. Finally, Harrison passes the torch to Alex for hosting ShadowTalk. We’ll miss you, HVR! Grab this week’s full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Top Priorities for 3rd Party Risk Assessments: https://www.digitalshadows.com/blog-and-research/top-priorities-for-3rd-party-risk-assessments/Zoom Security and Privacy Issues: https://www.digitalshadows.com/blog-and-research/zoom-security-privacy-issues/Nulled Cracking Forum Going Mobile: https://www.digitalshadows.com/blog-and-research/nulled-modern-cybercriminal-forum-mobile/What the Wire Can Teach us About Cybersecurity: https://www.digitalshadows.com/blog-and-research/what-the-wire-can-teach-us-about-cybersecurity/

This week we have new ShadowTalk guest joining us from London, Demelza! She joins Viktoria and Jamie for our threat intel update this week to cover a data breach at the San Francisco airport, Fin6 updates, and how Sodinokibi is attempting to hide their money trail by switching form Bitcoin to Monero.Check out this week’s Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summaryThanks for tuning in, and stay safe out there!***Resources This Week***Remote Working Threat Model Webinar: https://resources.digitalshadows.com/webinars/threat-model-of-a-remote-worker-recorded-webinar SFO Breach: https://threatpost.com/sfo-websites-hacked-airport-discloses-data-breach/154709/Remote Working and the Future of Cyber Security [Blog]: https://www.digitalshadows.com/blog-and-research/covid-19-remote-working-and-the-future-of-cyber-security/ More COVID19 Threat Intel Resources: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources

Coming to you from Dallas this week - we have Kacey, Harrison, Alex, and Charles. This week the team talks through third party app risks as they relate to COVID-19, as well as touch on security considerations for video conferencing platforms. We also talk through the latest story around the DarkHotel hackers using a VPN zero-day to compromise Chinese government agencies. Check out this week’s Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summaryAnd for all of our threat intel resources around COVID-19: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources***Resources from this week***Third party app risks blog from Kacey: https://www.digitalshadows.com/blog-and-research/covid-19-risks-of-third-party-apps/Webinar: Threat Model of a Remote Worker (April 16th): https://info.digitalshadows.com/Webinar-Threat-Model-of-a-Remote-Worker.html?Source=podcastSANS webinar recording with Alex: https://www.sans.org/webcasts/archive/2020DarkHotel news: https://www.zdnet.com/article/darkhotel-hackers-use-vpn-zero-day-to-compromise-chinese-government-agencies/

Hey all you cool cats and kittens! We’ve got a brand-new threat intel episode for you coming from our virtual podcast studio with Adam, Jamie, and Viktoria.The team chat through the latest Zoom zero-day flaws discovered, and the story around Fin7 delivering malware via USB sticks and teddy bears in the mail. Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryStay safe out there!***Resources From this Week***Digital Risk Remediation blog: https://www.digitalshadows.com/blog-and-research/the-digital-risk-underdog-remediation/Webinar ‘Operationalizing Alerts: The Problem with Sitting in Triage’: https://info.digitalshadows.com/Operationalizing-Alerts_Reg.html?Source=podcastMore COVID-19 Content: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources

This week the team looks at some Coronavirus threat intel updates including a Threat Model of the Remote Worker and the top businesses and industries most likely to be targeted by cyber attacks. Then the team looks at some cybercrime stories including how the Kapusta service is using marketing tactics, and a story around FSB arresting a cybercrime group. Finally … an advanced persistent… cow?Hear this and more from Kacey, Alex, Harrison, and Rick in this week’s episode!***Resources from this week***COVID-19 (Coronavirus) Resources: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesThreat Model of a Remote Worker: https://www.digitalshadows.com/blog-and-research/threat-model-of-a-remote-worker/Phishing Research Webinar Recording: https://resources.digitalshadows.com/webinars/beware-of-phishers-research-webinarKapusta: https://www.digitalshadows.com/blog-and-research/kapusta-world-exemplifying-cybercriminal-marketing-in-the-modern-era/FSB Arrests Cybercrime Group: https://www.cyberscoop.com/buybest-hackers-arrested-fsb-russia/

We’ve got Adam and Jamie joining Viktoria remotely for this week’s ShadowTalk! The London crew chats through the Slack vulnerability story, the news around the Dutch government losing hard drives with data of 6.9 million registered donors, the Apollon Dark Web Exit Scam, and who should own brand protection within an organization. Don’t miss our special episode this week with CISO Rick Holland, Alex, and Harrison on Coronavirus Threat Intel updates and advice. Thanks for listening and stay safe out there! ***Resources from this week***Coronavirus Threat Intel Resources: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesApollon Dark Web Exit Scam: https://www.digitalshadows.com/blog-and-research/apollon-dark-web-marketplace-exit-scams-and-ddos-campaigns/Online Brand Protection Guide (from Viktoria herself!): https://www.digitalshadows.com/blog-and-research/the-complete-guide-to-online-brand-protection/We’ve also got a few webinars coming up if you’re interested in our online events. Check them out at https://resources.digitalshadows.com/webinars

CISO and VP of Strategy, Rick Holland, joins Alex and Harrison for this special episode to discuss how cybercriminals are exploiting Coronavirus (COVID-19). With regards to Coronavirus, the team looks at:- What kinds of discussions are taking place right now on the dark web and other criminal outposts?- What should organizations be on the lookout for right now?- Advice for other CISOs and security practitioners For more information, check out our Coronavirus threat intelligence resources at https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesWe’ll continue to update this page with new content as we see further developments, so check back for more. Thanks for listening and stay safe!

Dallas is packing up the podcast… don’t fret. The team is just moving offices. RIP (rest in podcast).The team also packs a ton of news updates in this week. (Yeah, we went there). Here’s this week’s highlights:- Necurs Botnet Indictment- TA505- SMB Vulnerability: Cve 2020 0796- Coronavirus Scams, Fraud, and Misinformation- New cybercrime findings from the team on Envoy and KilosRounding up this week, we have some Pi Day history (and jokes of course!). Thanks for listening. Check out this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary. ***Resources From this Week***Coronavirus Scams, Fraud, and Misinformation Findings: https://www.digitalshadows.com/blog-and-research/how-cybercriminals-are-taking-advantage-of-covid-19-scams-fraud-misinformation/Envoy Addressing Suicide Awareness: https://www.digitalshadows.com/blog-and-research/how-one-cybercriminal-forum-is-helping-to-address-suicide-awareness-envoy/Kilos Dark Web Search Engine: https://www.digitalshadows.com/blog-and-research/dark-web-search-engine-kilos/

Lots of threat intelligence news updates in this week’s ShadowTalk episode with Jamie Collier, Adam Cook, and Viktoria Austin. Top stories this week include:- NCSC advising consumers on security precautions around smart cameras and baby monitors- Banking Trojan steals Google Authenticator app codes- Ransomware Attack on Epiq Legal Services- Tesco Clubcard fraud warning- Boots Advantage Card hit by cyber attack Get this week’s Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From This Week***NCSC smart camera and baby monitor warning: https://www.bbc.com/news/technology-517066312FA in Review: https://resources.digitalshadows.com/whitepapers-and-reports/two-factor-in-review Dark Web Search Engine Kilos: https://www.digitalshadows.com/blog-and-research/dark-web-search-engine-kilos/

Alex, Harrison, and Rick discuss this year’s FBI IC3 (Internet Crime Complaint Center) report. In 2019, the FBI responded to over 460,000 complaints and observed estimated losses of over $3.5 billion across all instances of reported cybercrime. In comparison, there were over 350,000 complaints and $2.7 billion in losses, as reported in the previous year’s 2018 IC3 report. That’s a 33% increase in the number of reports and a 30% increase in total reported losses from 2018 to 2019.The team covers:- Business Email Compromise- Phishing- Reported Financial Losses skyrocketing for victims under 20- RansomwareCheck out our blog for more here: https://www.digitalshadows.com/blog-and-research/Check out the full FBI IC3 report here: https://pdf.ic3.gov/2019_IC3Report.pdf

Coming to you from Dallas this week - we’ve got Charles, Kacey, Harrison, and Alex.First up - 3 data breaches this week:1. Decathlon Spain (and also potentially their UK entity)2. Clevguard3. Department of Defense’s Defense Information Systems Agency (DISA)Then we look at the Dopplepaymer ransomware, who launched a site this week. Finally Harrison shares some details around his new blog mapping MITRE ATT&CK to the Equifax Indictment. To check out this week’s intelligence summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Equifax Indictment Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attck-to-the-equifax-indictment/

Adam and Phil join Viktoria to ‘cause a storm’ on this week’s episode. But first - we get a rundown of the brand new Photon research blog this week around phishing from Harrison and Alex. This Week’s Agenda:1. New phishing ecosystem research we just dropped this week - check it out for some interesting new data findings: https://www.digitalshadows.com/blog-and-research/the-ecosystem-of-phishing/2. OurMine Hacks FC Barcelona and Olympics Twitter Handles 3. Google AdSense Email Extortion Scam4. FBI IC3 ReportCheck out this week’s Intelligence Summary (INTSUM) at https://resources.digitalshadows.com/weekly-intelligence-summaryIf you’re headed to RSA Conference, don’t miss meeting the team! Stop by Booth 4617 or our Security Leaders Party Wednesday night! ***Resources From this Week***Phishing Research: https://www.digitalshadows.com/blog-and-research/the-ecosystem-of-phishing/RSA party registration: https://info.digitalshadows.com/RSASecurityLeadersParty2020.html?source=DS-team

Roses are red, violets are blue, here’s our threat intel podcast, just for you!Kacey, Charles, Alex, and Harrison have a Valentine’s special for you all. This week the team covers:- OurMine hacks- The Equifax Indictment- SWIFT POC attackGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this Week***ACH paper: https://resources.digitalshadows.com/whitepapers-and-reports/applying-the-analysis-of-competing-hypotheses-to-the-cyber-domain

Sarah Yoder and Jackie Lasky from MITRE join Rick Holland and Harrison Van Riper in this guest episode to talk through their tool, Threat Report ATT&CK Mapping (TRAM). Both Sarah and Jackie are Cyber Security Engineers at The MITRE Corporation and presented this new tool at the recent SANS CTI Summit. During the discussion, they talk through:- What brought them to MITRE- TRAM - what it is, goals that the project was designed to address, and how to get involved- Highlights and key takeaways from the SANS CTI SummitHuge thanks to Sarah and Jackie for joining! ***Resources From this Episode***Slides from SANS Session: https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1579547257.pdfGithub page: github.com/mitre-attack/tram Sarah’s Twitter: https://twitter.com/sarah__yoder

January was a looooong year. Anyone else? In this week’s episode, Jamie starts by talking about his recent blog, Cyber Threat Intelligence Frameworks, with 5 rules for integrating these frameworks within your organization. Viktoria and Jamie also discuss:- APT34, where Iranian hackers targeted U.S. Gov vendor, Westat- Wawa Breach Developments- Coronavirus Phishing Scams- Winnti Group targeting Hong Kong universitiesCheck out this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Jamie’s CTI Blog: https://www.digitalshadows.com/blog-and-research/cyber-threat-intelligence-frameworks-5-rules-for-integrating-these-frameworks/

Rick Holland jumps in to kick-off this week’s episode to recap the 2020 SANS CTI Summit with Harrison. Then Harrison, Alex, Kacey, and Charles talk through other top stories of the week including: - Snake Malware- Competitions we’re seeing on Russian-language cybercriminal forums- Citrix Vulnerability Update - New ‘CacheOut’ Attack Targets Intel CPUsRounding off the episode, the team shares their favorite infosec twitter post of the week to spice up the episode. Have a great week! ***Resources From this Week*** - SANS CTI Summit Recap: https://www.digitalshadows.com/blog-and-research/sans-cyber-threat-intelligence-summit-2020-a-recap/- Competitions on Russian-language cybercriminal forums blog: https://www.digitalshadows.com/blog-and-research/competitions-on-russian-language-cybercriminal-forums-sharing-expertise-or-threat-actor-showboating/- Cyber Threat Intel Frameworks blog: https://www.digitalshadows.com/blog-and-research/cyber-threat-intelligence-frameworks-5-rules-for-integrating-these-frameworks/- CVE-2019-19781: Analyzing the Exploit: https://www.digitalshadows.com/blog-and-research/cve-2019-19781-analyzing-the-exploit/

Following on from last week, Citrix released a first set of patches to fix a vulnerability (CVE-2019 -19781) affecting the company’s NetScaler ADC Application Delivery Controller and it’s Citrix Gateway. Viktoria and Richard Gold discuss how organizations can mitigate the risk.Adam and Phil then join Viktoria to discuss other top stories of the week including 250 million Microsoft customer service and support records exposed on the web. The team also discusses a story where a list of Telnet credentials for more than 515,000 servers, home routers, and IoT devices was published on a hacking forum last week and how this story demonstrates the risk posed when threat actors are able to compromise large collections of IoT devices. ***Resources from this week***Charles’ Blog: https://www.digitalshadows.com/blog-and-research/cve-2019-19781-analyzing-the-exploit/Weekly Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-24-jan-2020

Kacey, Charles, Alex, and Harrison host this week’s threat intelligence update from Dallas. We kick off with vulnerabilities from the week. This includes both the NSA CVE and Citrix CVE. The team talks through what the vulnerabilities are and why they’re important. Then the team talks through ransomware updates including Cryptonite ransomware as a service, Sodinokibi operators threatening to release Travelex data, and Nemty operators threatening to release victim data. Finally Harrison gives a quick update around Iran.To access this week’s intelligence summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this Week***Rick’s Blog on NSA Vulnerability Disclosure: https://www.digitalshadows.com/blog-and-research/nsa-vulnerability-disclosure-pros-and-cons/CVE-2019-19781: Analyzing the Exploit: https://www.digitalshadows.com/blog-and-research/cve-2019-19781-analyzing-the-exploit/Cryptonite Ransomware as a Service: https://www.digitalshadows.com/blog-and-research/cryptonite-ransomwares-answer-to-superman/

We’re back with our weekly ShadowTalk episodes! Viktoria hosts this week and introduces the episode bringing Sammy on to provide some regional insight and context around the Iranian cyber threat and discusses whether a cyber response is likely. Then Adam and Viktoria discuss other tops stories from the week including a ransomware outage for Travelex, Xiaomi Mijia camera data exposed, and bc[.]monster updates on Exploit forum.Check out our Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summaryExcited for what 2020 will bring - thanks for listening! ***Resources from this Week***Practical Advice around Iranian Cyber Threats: https://www.digitalshadows.com/blog-and-research/iranian-cyber-threats-practical-advice-for-security-professionals/Iranian APT Groups’ Tradecraft Styles: https://www.digitalshadows.com/blog-and-research/iranian-apt-groups-tradecraft-styles-using-mitre-attck-and-the-asd-essential-8/Iran and Soleimani: Monitoring the Situation: https://www.digitalshadows.com/blog-and-research/iran-and-soleimani-monitoring-the-situation/

Rick Holland (CISO at Digital Shadows) joins Harrison to share his thoughts on the Iranian cyber threat and what it means for cyber defenders. What should security practitioners be concerned with within the cyber sphere? Rick and Harrison discuss:- How threat du jour thinking isn’t an adequate defense model- Communicating up the chain of command effectively - Attack Techniques used by Iranian State Actors - What you can do proactively as a Security Practitioner- Why haven’t we seen any significant cyberattacks yet? We’re continuing to monitor the situation, so check back at https://www.digitalshadows.com/blog-and-research/ for more info from our team. ***Resources This Episode***Rick’s blog on the topic: https://www.digitalshadows.com/blog-and-research/iranian-cyber-threats-practical-advice-for-security-professionals/ Rich Gold’s blog on Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework: https://www.digitalshadows.com/blog-and-research/mapping-the-asd-essential-8-to-the-mitre-attck-framework/

CISO Rick Holland joins our ShadowTalk hosts (Viktoria, Alex, and Harrison) for our holiday special! This week the team covers:- Ring Doorbell security- New Orleans victim of Ryuk Ransomware- Predictions for 2020 in cybersecurity- A lightning round of holiday questionsThanks to all of you listeners for tuning in each week in 2019. We’ve had a great time chatting each week across the globe, and we’re looking forward to another great year of ShadowTalk in 2020!Cheers!P.S. Check out our holiday photo on Twitter @digitalshadows! ***Resources From the Week***2020 Cybersecurity Forecasts blog from Alex: https://www.digitalshadows.com/blog-and-research/2020-cybersecurity-forecasts-5-trends-and-predictions-for-the-new-year/Download our intelligence summaries at https://resources.digitalshadows.com/weekly-intelligence-summary

Alex, Harrison, Kacey, and Charles chat this week on some dark web and cybercriminal updates, data leakage stories that have hit the news, plus a GDPR story where an ISP was hit with a €9.6 Million Fine.We’ve got a new format for our weekly intelligence summary report. Check it out at https://resources.digitalshadows.com/weekly-intelligence-summaryThanks for listening and look out for our special (holiday-themed) final ShadowTalk episode of the year next week! ***More Resources This Week***TMI blog on data leakage: https://www.digitalshadows.com/blog-and-research/2-billion-files-exposed-across-online-file-storage-technologies/ Over One Billion Email-Password Combos Leaked Online: -https://www.infosecurity-magazine.com/news/one-billion-email-password-combos/ Data Leak Exposes 750K Birth Certificate Applications https://www.infosecurity-magazine.com/news/data-leak-exposes-750k-birth-cert/ Microsoft: 44 Million User Passwords Have Been Breached https://www.infosecurity-magazine.com/news/microsoft-44-million-passwords/ ISP 1&1 Hit With €9.6 Million GDPR Fine: https://www.infosecurity-magazine.com/news/isp-11-hit-with-96-million-gdpr/

Viktoria invites Stewart Bertram to kick-off this week’s episode around new cybercrime research we put out on the Modern Cybercriminal Forum and how the rise of alternative technologies hasn’t spelled the end of forums, which seem to be prospering against all odds.You can check out the research findings here: https://www.digitalshadows.com/blog-and-research/forums-are-forever-part-1-cybercrime-never-dies/Next Adam Cook joins to discuss the weekly highlights including the Mixcloud Breach and an international crackdown on RAT spyware. Finally, our Intelligence team gives a wider analytical piece on the topic of social media exposure and security standards in this week’s intelligence summary report (INTSUM), so make sure to check out that piece in this week’s report. Weekly Intelligence Summary (INTSUM): https://resources.digitalshadows.com/weekly-intelligence-summary***More Resources From this Week***Modern Cybercriminal Forum Research Report: https://resources.digitalshadows.com/whitepapers-and-reports/the-modern-cybercriminal-forumMixcloud Breach: https://www.infosecurity-magazine.com/news/mixcloud-breach-hits-millions-of/International Crackdown on RAT Spyware: https://www.europol.europa.eu/newsroom/news/international-crackdown-rat-spyware-which-takes-total-control-of-victims%E2%80%99-pcs

Adam Cook and Viktoria Austin talk through the security and threat intelligence stories of this week including an update around Phineas Fisher, where the hacker offered up to $100k in what they called the “Hacktivist Bug Hunting Program”. The team also chats through a recent ransomware attack on Veterinary hospitals in the U.S., and some other ransomware updates. Then Viktoria and Adam touch upon some research from our own threat intelligence team (Photon Research), specifically around the dark web, including research into Black Friday deals on the dark web, and a look at DarkMarket. To see more threat intelligence updates from the week, make sure to check out this week’s intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary.Heads-up! We’re taking a break next week with the U.S. Holiday, so we’ll be back in 2 weeks. Have a great Thanksgiving! ***Resources From this Week***Phineas Fisher Manifesto - https://www.vice.com/en_us/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companiesVeterinary Hospitals Ransomware Attacks: https://krebsonsecurity.com/2019/11/ransomware-bites-400-veterinary-hospitals/DarkMarket: https://www.digitalshadows.com/blog-and-research/darkmarkets-feminist-flight-towards-equality-and-the-curious-case-of-canaries/Black Friday Deals on the Dark Web: https://www.digitalshadows.com/blog-and-research/black-friday-deals-on-the-dark-web-a-cybercriminal-shopper-paradise/

Dallas is sound effects and all this week with Kacey, Charles, Alex, and Harrison. The team discusses their recent OSINT workshop at BSidesDFW and how you can access the training materials, plus Harrison reviews his latest research into dynamic CVVs within the security realm. Finally the team looks at the recent news around the Facebook camera bug and how the public is reacting. Download the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryHave a great week, everyone, and check out our resources below for more details. ***Resources from this week****BSidesDFW 2019 Recap: https://www.digitalshadows.com/blog-and-research/bsidesdfw-2019-osint-workshop-recap/* BSidesDFW OSINT GitHub: https://github.com/digitalshadows/virtualwhale-osint-ctf * Orca: https://github.com/digitalshadows/orca Dynamic CVV Blog* https://www.digitalshadows.com/blog-and-research/dynamic-cvvs-2fa-2furiousFacebook Camera Bug* https://www.scmagazine.com/home/security-news/vulnerabilities/system-bug-gives-facebook-access-to-iphone-cameras/

This week the London team looks at the following stories:- BlueKeep Exploit Could Rapidly Spread- Megacortex Ransomware Changes Windows Passwords- Japanese Media Company Nikkei - $29 million lost to BEC scam- Web.com Breach- 21 million employee accounts for Fortune 500 companies offered on the dark web Get the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this week***https://www.bleepingcomputer.com/news/security/new-megacortex-ransomware-changes-windows-passwords-threatens-to-publish-data/https://www.cyberscoop.com/nikkei-email-scam-bec-29-million/https://krebsonsecurity.com/2019/10/breaches-at-networksolutions-register-com-and-web-com/

Adam Cook, Philip Doherty, and Viktoria Austin host this week’s ShadowTalk update around an unsecured Elasticsearch database exposing account information of about 7.5 million Adobe Creative Cloud users. The team then looks at the news story around the City of Johannesburg experiencing a ransomware attack as well as APT28 (aka Fancy Bear) targeting anti-doping authorities and sporting organizations. ***Resources from this week’s episode***- BriansClub Blog from Viktoria: https://www.digitalshadows.com/blog-and-research/cybercriminal-credit-card-stores-is-brian-out-of-the-club/ - Understanding Different Cybercriminal Platforms: https://www.digitalshadows.com/blog-and-research/understanding-the-different-cybercriminal-platforms-avcs-marketplaces-and-forums/- Too Much Information - The Sequel: https://resources.digitalshadows.com/whitepapers-and-reports/too-much-information-the-sequel- Adam’s World Cup Blog: https://www.digitalshadows.com/blog-and-research/threats-to-the-2018-football-world-cup/ News Stories:https://www.zdnet.com/article/adobe-left-7-5-million-creative-cloud-user-records-exposed-online/https://www.ccn.com/johannesburg-shuts-down-bitcoin-ransomware-attack/

We’ve got all 3 ShadowTalk hosts in Dallas this week: Harrison Van Riper, Viktoria Austin, and Alex Guirakhoo. The team first looks at Avast, which encountered a cyber espionage attempt. Then NordVPN announced that a hacker had breached servers used by NordVPN. And finally Dr. Richard Gold put out a new blog this week on dispelling the myths around using public wifi, so the team helps summarize some of the key points. Check out the full blog at https://www.digitalshadows.com/blog-and-research/wifi-security-dispelling-myths-of-using-public-networks/To check out our weekly intelligence summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-17-oct-24-oct-2019More Resources from this week’s episode:- Avast breach attempt: https://blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss- NordVPN breach & PR nightmare: https://nakedsecurity.sophos.com/2019/10/23/hacker-breached-servers-used-by-nordvpn/- Krebs: https://krebsonsecurity.com/2019/10/avast-nordvpn-breaches-tied-to-phantom-user-accounts/

Adam Cook, Philip Doherty, and Xueyin Peh join Viktoria Austin for a special ShadowTalk episode around the Singapore Cyber Threat Landscape. The team looks at the heightened threat level for Singapore, why it’s being targeted, and the types of organizations being impacted. Read the full analysis in our blog post here: https://www.digitalshadows.com/blog-and-research/singapore-cyber-threat-landscape-report-h1-2019/

Fall is upon us! Kacey, Charles, Harrison, and Alex kick off this week’s episode talking about our Fall Dallas team event (an amateur version of Chopped). We’re now all professional chefs. Then the team dives into this week’s hot topics:- Typosquatting and the 2020 Elections: https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/- Honeypots: https://www.digitalshadows.com/blog-and-research/honeypots-tracking-attacks-against-misconfigured-or-exposed-services/- The Sudo Vulnerability: https://threatpost.com/sudo-bug-root-access-linux/149169/- Security Bsides Workshop Talk: http://www.securitybsides.com/w/page/134870340/DFW_2019- Orca: https://github.com/digitalshadows/orcahttps://twitter.com/maxdose_/status/1184429401338982401?s=12 Finally with the Chopped event on our minds, we round off the episode with our favorite dishes we want to learn to cook. Thanks for listening and don’t forget to rate us on iTunes and let us know how we’re doing.

We’re back in London this week! Viktoria chats with Adam Cook, Philip Doherty, and Josh Poole on this week’s top stories:- APT35 Targets Email of US political figures & prominent Iranians - Skimming activity by Magecart 4 reveals potential link to Cobalt Group- Chinese threat group Rancour casts phishing line to South-East Asian government- Emotet Resurgence Resources From This Week: Account Takeover Kill Chain 5 Step Analysis: https://www.digitalshadows.com/blog-and-research/the-account-takeover-kill-chain-a-five-step-analysis/Weekly Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summaryMake sure to subscribe to us wherever you listen to your podcasts for the latest episodes. Thanks for listening!- ShadowTalk team

Director of Security Engineering, Richard Gold, joins Viktoria Austin in this special episode of ShadowTalk to look at the attacker goals, their TTPs, and map this to the Mitre PRE-ATT&CK and ATT&CK framework.Some Background…Between 2012 to mid-2015, U.S. financial institutions, financial services corporations and financial news publishers fell victim to one of the largest computer hacking crimes. The hacking resulted in the theft of information belonging to 100 million customers of the victim companies (including the theft of personal data from 83 million customer accounts at JPMorgan Chase), and securities fraud, in the form of stock market manipulation. While the crimes committed date back to 2015, this week, one of the hackers involved, identified as Andrei Tyurin, pleaded guilty to the following charges:  computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses in connection with his involvement in a massive computer hacking campaign targeting U.S. financial institutions, brokerage firms, financial news publishers, and other American companies.Learn more in Richard Gold’s blog here: https://www.digitalshadows.com/blog-and-research/mapping-the-tyurin-indictment-to-the-mitre-attck-framework/

Coming to you from London this week, Jamie Collier, Philip Doherty, and Josh Poole join Viktoria Austin for our weekly threat intelligence updates. The team kicks off with a discussion around the top story of the week - Magecart Five Widens Attack Vectors.Recent Magecart Five activity has included loading malicious Javascript files onto commercial-grade Layer 7 routers, injecting malicious code into a free, open-source app module, distributing phishing emails via an unspecified spamming service containing the KPOT trojan, embedding compromised websites with redirect code that results in the download of the RIG or Fallout exploit toolkits onto a target machine, and creating a phishing website imitating “G-Cleaner”, a w Windows garbage cleanup tool. The team also discussed the other top stories of the week including:- Suspected Chinese Threat Actor Targets Airbus Suppliers- Tortoiseshell Lures American military-veteran job seekers- Zendesk discloses 2016 data breachCheck out the full threat intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary

Viktoria hosts this week’s episode in London with Phillip Doherty and Adam Cook. After a quick debate around the top trending sports at the moment, the team digs into the first story of the week: Tortoiseshell Group (a newly identified threat group) has reportedly conducted some supply chain attack campaigns against 11 IT providers in Saudi Arabia. Next they look at two new malware variants that have emerged, attributed to North Korean-associated Lazarus Group. Emotet botnet has been hot in the news lately, so the team also talks about its emergence.  Finally the team rounds up the week with the Tyurin indictment, where Andrei Tyurin pleaded guilty to one of the largest computer hacking crimes involving US financial institutions, financial services, and news publishers. Our own Richard Gold published a blog mapping the indictment to the MITRE ATT&CK framework - definitely worth a read below. To learn more, check out our weekly intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary. Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework: https://www.digitalshadows.com/blog-and-research/mapping-the-tyurin-indictment-to-the-mitre-attck-framework/

It’s Harrison and Alex this week for your threat intelligence updates. The guys first dig into the NCSC’s recent threat trends report, the first of these that the NCSC has put out. It’s UK-specific, so just like we’ve shared thoughts around the FBI IC3 annual report in the past, which is heavily geared toward the US, it’s good to look across the pond as well. The team digs into 3 main areas: - Office365- Ransomware trends including updates on Emotet, Ryuk, LockerGoga, Bitpaymer, Nemty, and GandCrab- Supply Chain AttacksThe team also digs into some recent research around B.Wanted. A few weeks ago, there was a story that Brian Krebs reported on: essentially a user on a dark web forum was offering to sell access to a federal contractor who managed 20+ different federal agencies. Specifically we were looking into the threat actor responsible for selling the access, who goes by the name B.Wanted. The guys dig into some different theories.Finally we round out the episode with some top shows on Netflix to add to your lists. Enjoy your weekends! Get the weekly intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryResources from this week:NCSC Cyber Threat Trends: https://www.digitalshadows.com/blog-and-research/ncsc-cyber-threat-trends-report-analysis-of-attacks-across-uk-industries/Nemty Ransomware: https://www.digitalshadows.com/blog-and-research/nemty-ransomware-slow-and-steady-wins-the-race/Purple Teaming podcast episode with Eliza May Austin: https://dts.podtrac.com/redirect.mp3/podcasts.apple.com/us/podcast/purple-teaming-an-interview-with-eliza-may-austin/id1326304686?i=1000450023564

In this episode, Viktoria interviews Eliza May Austin (CEO & Co-Founder of th4ts3cur1ty.company), and our own Richard Gold and James Chappell on Purple Teaming, a security assessment that combines both blue teaming and red teaming. The team discusses:- How do we make the blue and red teams collaborate better?- Is purple teaming a cost-effective measure when it comes to a less mature organization?- Why Purple Teaming needs to be at the forefront- What systems would you start testing with the purple team approach? - And more! We end the discussion with a quick overview of Eliza’s other passion: Ladies of London Hacking Society.To learn more, check out this episode’s resources:- https://th4ts3cur1ty.company/- Ladies Hacking Society: https://llhs.com/- Purple Team like you’re preparing for war: https://medium.com/@always0ddba1l/purple-team-like-your-preparing-for-war-ea17cd4d4a91- Purple Teaming with Vector, Cobalt Strike, and MITRE ATT&CK: https://www.digitalshadows.com/blog-and-research/purple-teaming-with-vectr-cobalt-strike-and-mitre-attck/