Rick Holland and Alex Guirakhoo join Harrison Van Riper this week to talk through more Sodinokibi activity. Just yesterday, a cloud hosting provider for Digital Dental Records was hit with Sodinokibi, apparently affecting around 400 different dental providers around the US. It seems like were hearing about more and more people actually paying out these ransom demands. Do we think it’s just a reporting bias or do we think they’re actually paying out more often? Then the team looks at the Imperva breach, where its Incapsula Web Application Firewall product was inadvertently exposing some data, including email addresses, hashed and salted passwords, API keys and SSL certificates. Google’s Project Zero also discovered a series of 0-day exploits being actively used in the wild targeting iPhones. The team discuses how this will factor into risk models moving forward. We close out with everyone’s top (and weirdest) choices at the Texas State Fair. Yummmmm. Enjoy :) Resources From this Week’s Episode:More Sodinokibi activityhttps://www.scmagazine.com/home/security-news/dentist-offices-nationwide-hit-with-revil-ransomware-attacks/ https://krebsonsecurity.com/2019/08/ransomware-bites-dental-data-backup-firm/ https://www.bleepingcomputer.com/news/security/a-look-inside-the-highly-profitable-sodinokibi-ransomware-business/Imperva breachhttps://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/iOS exploits discovered https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html?m=1

Brian Neely, CIO and CISO at American Systems and Rick Holland, CISO at Digital Shadows join Harrison for a discussion around how Brian approaches cybersecurity as a defense contractor. American Systems has been delivering complex IT and engineering solutions to national priority programs since 1975 and has some interesting use cases.The group discusses:- Top cybersecurity concerns as a third party defense contractor - Advice for listeners with similar threat models where sophisticated, well-resourced adversaries are targeting your environment- Where digital risk protection comes into play including asset exposure, site impersonation, phishing campaigns, and brand misuse online- Managing 2FA company-wide- And more! Resources from this Episode: 2FA research: https://resources.digitalshadows.com/whitepapers-and-reports/two-factor-in-review

Charles Ragland (a brand new ShadowTalk-er!) and Christian Rencken join Harrison this week to discuss an outbreak of ransomware attacks impacting local government entities across Texas. The team also discusses some phishing attacks that are using custom 404 pages and how Google is starting to remove FTP support from Chrome. They wrap up this episode with the question of the week: Which future technology most worries you from a cyber security perspective? Check out this week’s full intelligence summary at resources.digitalshadows.com Share feedback with us! DM us @digitalshadows on Twitter or email us at [email protected]. Some resources to check out this week:- https://www.bleepingcomputer.com/news/security/hackers-want-25-million-ransom-for-texas-ransomware-attacks/ - https://www.us-cert.gov/ncas/current-activity/2019/08/21/cisa-insights-ransomware-outbreak - https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-using-custom-404-pages/- https://www.bleepingcomputer.com/news/google/google-has-started-removing-ftp-support-from-chrome/

What practical steps should organizations and the professionals within them be thinking about in this new world? We have a special two-part series where Rick Holland, VP Intelligence and CISO at Digital Shadows, interviews Bob Anderson, CEO at Cyber Defense Labs and James Chappell, co-founder and Chief Innovation Officer at Digital Shadows.In part 2, the team looks at:- Steps you can take into your programs today as a security or business leader- Advice for boards on how to do to deal with breaches- Knowing your data - What do organizations need to be doing when it comes to understanding and protecting their digital footprint? - Mistakes organizations make in the response stage Bob Anderson’s Bio:Anderson is a former national security executive, serving 20+ years with the Federal Bureau of Investigation (FBI). During this time, Anderson served in several senior level positions, ultimately rising to become executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch where he oversaw all FBI criminal and cyber investigations worldwide, international operations, critical incident response, and victim assistance. Anderson has directed strategic initiatives and operations for high-profile international investigations in partnership with several Fortune 50 companies, along with U.S. Departments of Defense, Justice, Energy, and Treasury, the U.S. Intelligence Community, and other federal agencies.Having been directly involved in investigating and prosecuting some of the most famous spies in U.S. history as part of his law enforcement career, Anderson is an expert in cybercrimes, counterintelligence, economic espionage, theft of proprietary information and trade secrets, critical incident management, and has been retained as an expert witness in several ongoing litigations.

Harrison is back! Alex and Christian join this week to discuss how Black Hat and DEFCON went last week, analyze the irregularities of the dark web criminal market, Nightmare, and explore the story reported by Krebs on the SEC investigation into the data leak at First American Financial Corp. Shout-out to all of our new listeners - thanks for your interest and let us know what we can do to continue improving the podcast! Check out the blog on Nightmare Market at https://www.digitalshadows.com/blog-and-research/fresh-blow-for-dark-web-markets-nightmare-market-in-disarray/KrebsonSecurity article: https://krebsonsecurity.com/tag/first-american-financial-corp/Find the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-08-aug-15-aug-2019

It seems like we read about new breaches every day. What’s changing? How is exposure and the adoption of digital technology changing the breach landscape? We have a special two-part series where Rick Holland, VP Intelligence and CISO at Digital Shadows, interviews Bob Anderson, CEO at Cyber Defense Labs (https://cyberdefenselabs.com/) and James Chappell, co-founder and Chief Innovation Officer at Digital Shadows. In Part 1, the team looks at:- How the breach landscape has evolved- The role of the dark web in a data breach- Are we seeing more breaches or are they getting reported more?- And other war stories from the folks in the room In Part 2, the team will give guidance and suggestions for enterprises trying to deal with the threat landscape. Stay tuned! ***About Bob Anderson:Anderson is a former national security executive, serving 20+ years with the Federal Bureau of Investigation (FBI). During this time, Anderson served in several senior level positions, ultimately rising to become executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch where he oversaw all FBI criminal and cyber investigations worldwide, international operations, critical incident response, and victim assistance. Anderson has directed strategic initiatives and operations for high-profile international investigations in partnership with several Fortune 50 companies, along with U.S. Departments of Defense, Justice, Energy, and Treasury, the U.S. Intelligence Community, and other federal agencies.Having been directly involved in investigating and prosecuting some of the most famous spies in U.S. history as part of his law enforcement career, Anderson is an expert in cybercrimes, counterintelligence, economic espionage, theft of proprietary information and trade secrets, critical incident management, and has been retained as an expert witness in several ongoing litigations.

Move out of the way, Harrison! We have a brand new host this week: Viktoria Austin, Strategy and Research Analyst, and Photon Research Team member. Viktoria is joined this week by Rose Bernard and Xueyin Peh in the London office. In a malspam campaign, “Sodinokibi” targeted users in Germany using a spoofed Federal Office for Information Security (BSI) email domain and a data breach-themed lure, while in other countries ransomware attacks have been conducted against local government networks and a utility provider.Capital One reported a data breach after an individual accessed an Amazon Web Services (AWS) server used by the organization, cyber espionage operations associated with China-linked “Winnti Group” reportedly targeted chemical and manufacturing organizations in Germany, and a campaign by Chinese state-affiliated threat actor “TA428” dubbed Operation LagTime IT has targeted government entities in East Asia since early 2019.All this and more fun in this week’s ShadowTalk. *Apologies for some audio issues this week - we are working on a fix! The content is still just as great, though :)Read this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryHeading to Black Hat or DEF CON? Stop by our booth #1014 or catch our party Wednesday night. RSVP at https://info.digitalshadows.com/BlackHat-SecurityLeadersParty2019.html?SourceCode=shadowtalk

Thinking about deploying 2FA? In this special interview, our Head of Cyber Security & IT, Craig Ellis, and our Head of Security Engineering, Dr. Richard Gold, chat with Harrison around how they implemented 2FA internally. The guys discuss proper ways to go about implementing 2FA, some of the issues with implementing 2FA, what happens when things break, and other advice they wish they were given before implementing 2FA. Then Rich and Harrison deep dive into our latest paper, Two-Factor in Review, a technical assessment of the most popular mitigation for account takeover attacks. Check out the full report below to read for yourself. Blog on 2FA: https://www.digitalshadows.com/blog-and-research/the-account-takeover-kill-chain-a-five-step-analysis/Report on Account Takeover: https://resources.digitalshadows.com/whitepapers-and-reports/two-factor-in-review

Christian (@Chrencken14) and Travis (@puppyozone) sit down with Harrison (@pseudohvr) to discuss even more BlueKeep updates since last week, as a technical presentation gets uploaded to Github, inching us closer to a full-blown public PoC. the breach and subsequent release of documents from a contractor working with Russia’s FSB intelligence services, and research from the Digital Shadows team about a new marketplace we’ve had our eye on for a few months called Enigma. **Housekeeping note** We’re trying out a new format for the show, and we are keen to get some feedback from you listeners. Tweet @pseudohvr for comments or email [email protected]**Party alert** If you’re heading to Black Hat or Def Con - listen up. We have a party happening Wednesday night of Black Hat at Mandalay Bay you won’t want to miss. It’s right in the middle of the hotel, at Eyecandy Sound Lounge on August 7th, from 7-10pm. Make sure to get on the list before so you avoid the lines: https://info.digitalshadows.com/BlackHat-SecurityLeadersParty2019.html?SourceCode=podcast https://arstechnica.com/information-technology/2019/07/explainer-for-exploiting-wormable-bluekeep-flaw-posted-on-github/https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708 https://www.zdnet.com/article/us-company-selling-weaponized-bluekeep-exploit/https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/https://www.digitalshadows.com/blog-and-research/a-growing-enigma-new-avc-on-the-block/

Director of Threat Intelligence at McDonald’s, Brian Hillegas, speaks with Harrison (@pseudohvr) and CISO Rick Holland (@rickhholland) about where to align your security priorities, the importance of operating cross-functionally in your organization, what the biggest threats are in the cyber landscape at the moment, and what they’re looking forward to at Black Hat and DEF CON this year. The team will be at both events in Vegas this year! Check out what we have planned and RSVP for our party Wednesday night here: https://info.digitalshadows.com/BlackHat2019-Hub.html

Harrison (@pseudohvr), Alex, and Travis (@puppyozone) talk about the recent FaceApp shenanigans and why they’re actually not that shocking as some reports indicate. Researchers indicate that thousands of systems are still vulnerable to the BlueKeep RDP vulnerability. With a public proof of concept yet to be released, could this be the reason why? Finally, Harrison loves some cryptocurrency news, so the guys chat about Facebook’s cryptocurrency head speaking to US lawmakers about Libra and having a not-so-great time.Cyberwire article with Alex:https://thecyberwire.com/podcasts/cw-podcasts-daily-2019-07-17.html Download this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-11-jul-18-jul-2019FaceApp: https://techcrunch.com/2019/07/17/faceapp-responds-to-privacy-concerns/ **Housekeeping note** We’re trying out a new format for the show, and we are keen to get some feedback from you listeners. Tweet @pseudohvr for comments or email [email protected]**Party alert** If you’re heading to Black Hat or Def Con - listen up. We have a party happening Wednesday night of Black Hat at Mandalay Bay you won’t want to miss. It’s right in the middle of the hotel, at Eyecandy Sound Lounge on August 7th, from 7-10pm. Make sure to get on the list before so you avoid the lines: https://info.digitalshadows.com/BlackHat-SecurityLeadersParty2019.html?SourceCode=podcast

Harrison interviews Deputy CISO at Accenture, Jason Lewkowicz, and CISO at Digital Shadows, Rick Holland. The group discusses the importance of working functionally as a security team, cyber response plans, and how to keep your security playbooks up to date. Jason also discusses how his team uses Digital Shadows SearchLight™ within their day to day processes. Heading to Black Hat and/or DefCon? Meet the ShadowTalk team at our party Wednesday night at Eyecandy Sound Lounge. Details and guest list here: https://info.digitalshadows.com/BlackHat-SecurityLeadersParty2019.html?SourceCode=shadowtalk

Kacey (@sudosu_kacey) and Alex join Harrison (@pseudohvr) to walk through this week’s threat intelligence stories. Alex walks us through the highlight story this week: TA505 uses new tools, old tactics in global attacks. Kacey then digs into the zero-day vulnerability identified in Zoom’s macOS software. We also discuss new Magecart activity, the Sodinokibi ransomware, and what our ShadowTalk-ers would name their own ransomware. Get the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-04-jul-11-jul-2019

Harrison (@pseudohvr) is joined by Digital Shadows co-founder and Data Privacy Officer, James Chappell (@jimmychappell), as well as CISO Rick Holland (@rickhholland), to discuss the news this week around Marriott’s GDPR fines. The team talks through initial thoughts and observations, what it means for global privacy and regulation, and what we can expect moving forward.  And if you have examples of best practices around breach notification, hit up our Photon Research team on twitter (@photon_research). Look out for a blog post in the coming weeks around this.

This week Alex and Phil join Harrison to discuss Operation Soft Cell, a campaign that has been actively compromising telecommunications organizations since early 2017. Other highlights from the week include focus on a new cyber espionage campaign, known as Operation BouncingGolf, targeting Middle Eastern individuals’ mobile devices; the Russia-associated threat group “Turla”, which has demonstrated new tools and capabilities in three campaigns; and media allegations that the United States Cyber Command has targeted Iranian espionage groups. The team ends the week with a discussion around some new research Alex put out around Libra cryptocurrency impersonations. Check out Alex’s blog at https://www.digitalshadows.com/blog-and-research/facebooks-libra-cryptocurrency-cybercriminals-tipping-the-scales-in-their-favor/Full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-20-jun-27-jun-2019.Heads-up, we’ll be off for the 4th of July next week, but check out our intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary.

This week Alex and Jamie (@TheCollierJam) chat with Harrison (@pseudohvr) on a cyber-threat campaign involving the abuse of legitimate features in Google Calendar. Then they dive into other highlights from the week including the expansion of sector targeting by destructive threat group “Xenotime”, exploitation of a vulnerability affecting Exim email servers, and continued targeting of the transportation sector by the Iran-associated threat group “APT39”. Then we hear Part II of Rick Holland (@rickhholland) and Harrison’s interview with Ryan Kovar (@meansec) of Splunk. This time they talk about badass women in cybersecurity, mentorship, and how to become a bigger advocate for diversity in infused. A must listen. Get the weekly intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-13-jun-20-jun-2019.

This week Harrison (@pseudohvr) is joined by Travis (@puppyozone) and Alec to discuss the security stories of the week including a fileless malware attack delivers cryptocurrency miner to China, a return from FIN8 with a backdoor for the hospitality industry, a popular flaw exploited in a tailored spam campaign, and MuddyWater expanding tactic repertoire in Middle Eastern attacks. Then Digital Shadows CISO Rick Holland (@rickhholland) joins Harrison to chat with principal security strategist at Splunk, Ryan Kovar (@meansec) on Ryan's research around machine learning and attacks against Office 365. Download the full Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-06-jun-13-jun-2019Blog on Infosec Burnout: https://www.digitalshadows.com/blog-and-research/managing-infosec-burnout-the-hidden-perpetrator/

Alex and Christian join HVR this week to discuss the Linux malware “HiddenWasp” (along with HVR’s hatred of the insect), the BlackSquid malware, and updated campaign activity from TA505 and Turla threat groups. Then, Harrison sits down with Dr. Richard Gold, head of Security Engineering at Digital Shadows, to discuss Photon Research’s most recent report Too Much Information: The Sequel. Be sure to download the full report at https://info.digitalshadows.com/TooMuchInfoTheSequel-podcast.html and the intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-30-may-06-jun-2019

Alex Guirakhoo and newcomer to the pod Travis Randall (@puppyozone) join HVR this week to discuss updates to the JasperLoader malware loader, APT28’s newly observed link shortening technique, Gnosticplayers allegedly stole information from an Australian graphics design companies, and APT10 malware loaders. After that, Richard Gold (@drshellface) and Simon Hall (@5ecur1tySi) discuss the Remote Desktop Protocol vulnerability that everyone has been hyped up about in the last couple of weeks. Be sure to download the full intelligence summary at resources.digitalshadows.com. In more news, Photon Research Team has published a new report! The overall main finding of the paper is that Photon found there were 2.3 billion files currently being exposed online via file shares like SMB or Amazon S3 buckets. We are going to do a deep dive episode about that for next week’s episode. (Report) Too Much Information: The Sequel: https://info.digitalshadows.com/TooMuchInfoTheSequel-podcast.html(Blog) 2.3 billion files exposed across online file storage technologies: https://www.digitalshadows.com/blog-and-research/2-billion-files-exposed-across-online-file-storage-technologies/

Jamie Collier and Phil Doherty join HVR on this week’s ShadowTalk, discussing the RDP vulnerability that has everyone sweating, CVE-2019-0708. Patch those systems, because there’s a few different proof of concept exploits circulating around online. Then, the guys discuss a new MuddyWater obfuscation technique, updates to the Trickbot banking trojan, and there’s some sad MongoDB owners out there following a wipe of over 12,000 databases by an extortionist. Then, happy anniversary, GDPR! Digital Shadows’ Chief Innovation Officer James Chappell sits down with James Boyle of Taylor Vinters, a law firm who focuses on supporting technology rich businesses and the entrepreneurs who make great things happen, for an extended discussion of the current state of GDPR one year on and all things data privacy related. Follow @digitalshadows, @photon_research, @pseudohvr, @thecollierjam, and @jimmychappell on Twitter. Be sure to download the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-16-may-23-may-2019.

Alex and Christian join Harrison this week to discuss the attribution of the ElectricFish malware to the "Lazarus Group" and the highlights from this week included the exploited vulnerability in WhatsApp, the dark web sale offering access to major antivirus companies, and the "Plead" malware being distributed via ASUS software updates. Then, Dr. Richard Gold and Simon Hall join the show to discuss the NCSC's password expiration guidance and share their opinions on the topic. Read the full findings athttps://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-09-may-16-may-2019.

Kacey and Alex join HVR to talk through the key stories this week including a new threat group called “Mirrorthief” conducting “Magecart”-like digital skimming attacks against university websites, various code-sharing repositories being targeted and held for ransom by an unknown threat actor; and new ransomware, “Sodinokibi”, which used a zero-day vulnerability in Oracle WebLogic. Simon Hall and Dr. Richard Gold then join to dive deeper into the “Buckeye” APT group, which has recently been said to develop its own version of a tool that was likely created by the U.S. National Security Agency (NSA) prior to being leaked by the “ShadowBrokers” in 2017. Read the full findings at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-02-may-09-may-2019.

Phil and newcomer Benjamin Newman join Harrison for another edition of the Weekly Intelligence Summary. The guys cover two distinct attack campaigns which used uncommon and underreported social engineering and malware delivery techniques, as well as attempts to automate these attacks in the future. Other highlights from this week include a cryptojacking campaigns using the ETERNALBLUE and DOUBLEPULSAR exploits, new reports of Magecart activity, and more extortionists leaking sensitive information following failed ransom attempts. To download the full intelligence summary, please visit resources.digitalshadows.com.

Jamie and Alex are back with Harrison this week to talk about the leak of information related to APT34 on Telegram, including victim data, personally identifiable information and the group's tools. Other highlights from this week include a phishing campaign delivering RevengeRAT, more information about the Wipro breach, and details about the threat actors responsible for the previously reported ASUS server compromise. Get the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary.

This week the team discusses an unidentified threat actor that has obtained data from various personal Outlook, MSN, and Hotmail email accounts by compromising a Microsoft customer support account. Also, the “Triton” malware was detected at a critical infrastructure facility, an IT outsourcing company experienced a potential network intrusion linked to a supply-chain attack, and a new trojan referred to as Hoplight has been attributed to the “Lazarus Group”. Check out the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-11-apr-18-apr-2019

Christian and Jamie join Harrison for another week of ShadowTalk to discuss the FIN6 threat actor reportedly widening its range of attacks to include ransomware, potentially inciting the threat group to extend targeting beyond retail and hospitality entities. The highlights from this week include a Chinese advanced persistent threat (APT) campaign against a German pharmaceutical company, likely to steal intellectual property; a mass phishing campaign that used US servers to host malware; and a Domain Name Server (DNS) hijacking campaign aimed at online services and Brazilian financial institutions. No Zuko this week unfortunately, and we ask Christian what his theory is for Game of Thrones which starts up on Sunday.Download the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-04-apr-11-apr-2019.

Jamie, Alex and Zuko sit down with Harrison to talk about a story that flew a little under the radar this week; Russia has allegedly been conducting a widespread satellite spoofing campaign since 2016, sending false positional data to ships and planes. Other highlights from this week include APT33 activity targeting engineering and manufacturing organizations, popular restaurant chains report some point of sale malware attacks, and South Korean websites being used in watering hole attacks. Also, Game of Thrones theories, Alex realizes he’s way late to the #GoT party, and more on this week’s ShadowTalk. Download the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-28-mar-04-apr-2019.

Christian and Jamie sit down with Harrison to talk about the compromised Asus server used to distribute backdoor malware to at least 500,000 users’ devices, more LockerGoga ransomware attacks, a new Magecart skimming attack, and FIN7 back in the news. Busy week! Also, Jamie gives hair product tips and the guys discuss what Twitter handle they would choose in an ideal world.Read this week’s intelligence summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-21-mar-28-mar-2019

With new research this week warning that state-sponsored cyber attacks against financial systems are on the rise, the ShadowTalk team focus on one area of the financial services sector in particular: high-frequency trading (HFT). Richard Gold and Rafael Amado are joined by a guest HFT expert to discuss mergers and acquisition information, sharing insider secrets, and manipulating stock prices. The team look at what attacks are possible, what the consequences would be for the financial services industry at large, and why attacks against trading platforms and the industry itself have been so few and far between.

Harrison chats with Jamie and Alex this week on an attack on Norwegian aluminum and renewable-energy company Norsk Hydro ASA. The team also looks at threat group “APT-C-27” exploiting a flaw in WinRAR software, a fourth batch of breached data offered for sale on the dark web by “Gnosticplayers”, and a spam campaign exploiting the recent events surrounding the grounding of multiple Boeing 737 aircraft. Download the full intelligence summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-14-mar-21-mar-2019

Harrison sits down with Rose and Christian for a quick chat about APT40 targeting educational maritime research, as well as other highlights from this week. Rose also gives us the breakdown of an inspiring trip to NASA; also space vampires make a brief appearance. Download the entire intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-07-mar-14-mar-2019.

Senior security engineer, Simon Hall joins Rafael Amado to explain how IT teams and defenders can combat email spoofing, one of the most popular techniques used by phishers. Simon discusses why spoofing is so prevalent and relatively simple for attackers to carry out, as well as how measures such as SPF, DMARC, and DKIM can be used to reduce spoofing risks. For more on this topic, read our Security Practitioner’s Guide to Email Spoofing and Risk Reduction, available at https://www.digitalshadows.com/blog-and-research/security-practitioners-guide-to-email-spoofing-and-risk-reduction/

In this week’s episode, the team looks at Fin6, who has begun regularly targeting card-not-present data on e-commerce websites. Other highlights from this week include Topps disclosing a data breach incident linked to Magecart, the Farseer malware, and more. Read the full intelligence summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-28-feb-07-mar-2019

This week Rose and Phil join Harrison to discuss a three-stage cryptocurrency mining attack using Mimikatz and Radmin in tandem. The team also discusses the Cr1ptTor ransomware, an unknown North Korean threat actor targeting US universities, and MarioNet. Some of the team is heading to RSA Conference next week so make sure to stop by Booth 4421 in the North Hall to say hello. Get the Intellgence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-22-feb-01-mar-2019.

This week, Phil and Alex join Harrison to discuss a new malware delivery technique using the Outlook preview panel. Also, threat actor Gnosticplayers was offering large data sets for sale on Dream Market, the Blind Eagle APT group swooped into the news, and Gandcrab is back trying to pinch its victims in new ways. Finally, the guys try to find a new nickname for Alex. Full Intelligence Summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-14-feb-21-feb-2019

The Photon Research Team’s Rafael Amado, Richard Gold and Harrison Van Riper get together to discuss Digital Shadows’ latest research report, A Tale of Epic Extortions: How Cybercriminals Monetize Our Online Exposure. Whereas many of the cyber security issues covered by researchers may seem obscure and irrelevant to the majority of businesses and individuals out there, extortion is a topic with a real human impact, and one that can have physical, psychological and financial consequences. The team look at how extortionists are diversifying their methods, emboldened by the credentials, sensitive documents and technical vulnerabilities that we leave exposed online. Download the latest report at https://info.digitalshadows.com/ExtortionResearchReport-Podcast.html, and listen to the podcast to learn how to properly manage your online exposure and reduce extortion risks.

Alex and Jamie matched with Harrison in this Valentine’s week episode of ShadowTalk. We discuss why four different APT groups were observed using the same tooling, vulnerabilities in Apple’s iOS, and what everyone did for Valentine’s Day. Also, we have launched the Photon Research Team at Digital Shadows! Visit our announcement blog to learn more (https://www.digitalshadows.com/blog-and-research/photon-research-team-shines-light-on-digital-risks/) and follow the team on Twitter @photon_research!Full intelligence summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-07-feb-14-feb-2019

Alex and Jamie join Harrison to discuss how the United Arab Emirates (UAE) intelligence services compromised iPhones through the “Karma” malware. They also look at a spam campaign targeting American users, distributing the “Trickbot” banking trojan; Vietnamese threat group “OceanLotus” deploying a new custom downloader; and a distributed denial of service (DDoS) campaign displaying record-breaking power by combining techniques.Read the full intelligence summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-31-jan-07-feb-2019

In this episode of ShadowTalk: CISO Spotlight, Digital Shadows’ Chief Information Security Officer, Rick Holland, joins Rafael Amado to discuss his security goals and wish list for 2019. We cover: how CISO’s typically plan and spend their security budgets; why auditing and maximizing your existing capabilities is often better than splurging on new technology; and how to best invest and empower your most valuable resource, your workforce. Of course, with Rick on the podcast, there’s the customary smoked meat and barbeque discussion as well. Spoiler alert: Rick’s barbeque goal for 2019 is to cook more vegetables.

This week, Alex Guirakhoo and Jamie Collier join Harrison to discuss APT39, a new Iran-linked espionage group, as well as other highlights from this week involving updated information about exploiting an authentication error at GoDaddy, malicious uses of the Google Cloud platform, and some excellent steganography being used to target Apple users. The guys also chat about their pups, and imagine a new battle royale game “BorkNite”.Full weekly intelligence summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-24-jan-31-jan-2019‘An arm of the Chinese state’: What’s behind the Huawei indictments: https://www.nbcnews.com/tech/security/arm-chinese-state-what-s-behind-huawei-indictments-n963776

This week Rose, Jamie, and Alex talk with Harrison on a huge data dump called "Collection #1", containing over 770 million email addresses and passwords. The team also looks at other stories including DarkHydrus observed using a new method to communicate with command and control servers, technology and social networking companies continuing to remove accounts associated with influence campaigns, and threat actors observed uninstalling cloud protection services in order to distribute cryptocurrency mining malware. Read the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-17-jan-24-jan-2019.

This week Alex and Philip join Harrison to discuss two recent, unrelated, financially motivated cyber attack campaigns involving the use of culturally specific social engineering lures. The team also looks at three new phishing campaigns attributed to the threat group TA505 and decide(in a perfect world) which 1 cyber threat they would choose to rid forever.Download this week's Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10-jan-17-jan-2019.

For this week’s ShadowTalk deep dive, we called in Doctor Richard Gold to discuss the major healthcare breach affecting SingHealth, Singapore’s largest group of healthcare organizations. Richard and Rafael Amado discuss how threat actors might use the 1.5million patient records that were stolen, how the attack occurred and where the incident response process failed. To view the report in full, visit: https://www.mci.gov.sg/coireport

Harrison Van Riper hosts this week’s Intelligence Summary with guests Rose Bernard (Strategic Intelligence Manager) and Alex Guirakhoo (Strategic Intelligence Analyst). Our main story involves the leak of personal information from several German political parties. We also discuss the other big threat intelligence stories from the week and find out what everyone would name their APT group. Subscribe to ShadowTalk on iTunes and follow us @digitalshadows, use #ShadowTalk to submit a question for next week!The full intelligence summary can be downloaded at https://resources.digitalshadows.com/weekly-intelligence-summary.

Welcome to ShadowTalk's new track on our Weekly Intelligence Summary. Host Harrison Van Riper invites Digital Shadows' analysts to discuss the week's top threat intelligence news. To download the full Weekly Intelligence Summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary.

Rafael Amado and Richard Gold talk cybersecurity end of year predictions, but with a twist. Rather than focus on the threats and worrying trends on the horizon, the team instead concentrate on the positive developments that we can all look forward to in 2019. Richard and Rafael discuss open source tools that can help all of us become more secure, improvements to browser security, and long overdue changes in security awareness, education and diversity that should make 2019 an altogether better year for the information security community. You can see Richard’s full list of 10 predictions on https://twitter.com/drshellface/status/1072803919020154880?s=21

Simon Hall and Richard Gold join Rafael Amado to wade in on the topic of phishing. By looking at details revealed in law enforcement indictments against nation state and organized criminal groups, as well as the tips and tools being shared by actors on cybercriminal forums and messaging applications, the team discuss how organizations can prioritize the right controls and training policies to best protect themselves in the coming year. For more on this topic, read our recent research blog, Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It, available on digitalshadows.com/blog-and-research/tackling-phishing-the-most-popular-phishing-techniques-and-what-you-can-do-about-it/

Rick Holland and Harrison Van Riper join Michael Marriott to discuss the implications of the Marriott data breach, as well as a look forward to trends we might see in 2019. Specifically, we dig into ransomware and discuss what you should be considering in 2019. To read more about these trends (and more) read Harrison’s blog (https://www.digitalshadows.com/blog-and-research/2019-cyber-security-forecasts-six-things-on-the-horizon/). To register for our upcoming webinar with the FBI, https://info.digitalshadows.com/LiveWebinar-CyberThreatstoWatchin2019-Registration.html?Source=podcast.