Michael Marriott flies in from San Francisco to cover the big vulnerability and exploit stories of the week. The team discuss the Cisco denial- of-service vulnerability affecting its Adaptive Security Appliance (ASA), as well as a vulnerability in Oracle’s VirtualBox technology posted to GitHub. Dr. Richard Gold, Rafael Amado and Michael debate the benefits and drawbacks of bug bounty programs, how you should consider operational value when assessing vulnerabilities, and the U.S. Cyber Command’s...
Nov 09, 2018•19 min
In this bonus edition of ShadowTalk, Dr Richard Gold and Rafael Amado discuss the recent BBC Russian Service investigation into Facebook accounts being sold online. As reported on Friday, at least 81,000 accounts with private messages were being advertised online. Digital Shadows assisted the BBC with its investigation. Richard and Rafael outline what we know so far, as well as answering some of the key questions raised by this story. For more, see our recent blog available at https://www.digita...
Nov 05, 2018•16 min
Two years on from the Tesco Bank fraud attacks that allowed cybercriminals to check out with £2.26m (roughly $3m) in customer funds, Dr Richard Gold and Simon Hall join Rafael Amado to discuss the UK Financial Conduct Authority’s investigation report. This episode will be crucial listening for anyone involved in the financial services industry, as well as those eager to learn about incident response processes and how poor execution can have disastrous, and costly, consequences. The FCA final not...
Nov 02, 2018•26 min
Harrison Van Riper and Rafael Amado join Michael Marriott to discuss the latest stories from the week. This week’s podcast has a strong Guy Richie flavor, with a focus on lock, stock and ru smoking barrels. We begin by discussing October’s hot ransomware activity, including the most popular variants, common targets, and mitigation advice. Second, we discuss sliding stock value amid reports of data breaches: we dig into the Cathay Pacific and Facebook breaches. And, finally we discuss the recent ...
Oct 26, 2018•23 min
Following on from last week’s conversation on how managed service providers can increase your attack surface, Simon Hall and Richard Gold join Rafael Amado to discuss supply chain risks. With so much to cover, the team break this topic down into hardware, software and third-party service risks, including examples such as the MeDoc-NotPetya campaign and the recent SuperMicro hardware allegations. As always, Richard and Simon cover some useful good practices for those looking to improve their risk...
Oct 19, 2018•24 min
Digital Shadows CISO Rick Holland, Dr Richard Gold and Simon Hall join Rafael Amado to cover the Hidden Cobra FASTCash campaign alert issued by US authorities, detailing ATM cash out campaigns performed by North Korean actors. The team look over the Five Eyes joint report into publicly available hacking tools. And, finally, are companies who use MSPs at greater risk of attack? For more on the Powershell blog referenced by the Five Eyes report, visit: https://www.digitalshadows.com/blog-and-resea...
Oct 13, 2018•24 min
In this week’s Shadow Talk, Rafael Amado joins Michael Marriott to discuss Digital Shadows’ latest research on Business Email Compromise. We discuss how criminals are outsourcing this work, and how the exposure of 33,000 finance department credentials is increasing the ease for attackers. However, even without taking over accounts, criminals can get their hands on sensitive financial information. We dig into the 12.5 million exposed email archives that are available through misconfigured online ...
Oct 05, 2018•25 min
Rick Holland, CISO of Digital Shadows, joins Richard Gold and Michael Marriott to discuss the latest cybersecurity news. In part one, we discuss the possible implications of Facebook security flaws affecting 50 million accounts. In part two, one year after reports of the Equifax breach surface, the UK arm has been fined £500,000 by the ICO. We look at the lessons learned.
Sep 28, 2018•21 min
Simon Hall and Richard Gold join Rafael Amado to focus on the trade-offs between security and usability, as well as the practice of security layering that can often make us more insecure. The team look over security measures such as regular complex password expiry policies that create headaches for organizations and end users, why it’s not easy to make security usable, whether certain security measures such as anti-virus software actually make us more insecure, and what alternative system defenc...
Sep 21, 2018•21 min
In this week’s ShadowTalk, Richard Gold and Simon Hall join Michael Marriott to discuss the latest spate of attacks by the threat actor known as Magecart. We dig into the history of Magecart, different approaches to web skimming, and provide advice on how organizations can best protect against this threat.
Sep 14, 2018•18 min
In this week’s ShadowTalk, Richard Gold and Rafael Amado join Michael Marriott to discuss the latest Department of Justice complaint against an individual working for Chosun Expo, an alleged front for the North Korean state. The individual is accused of involvement in a host of campaigns, including attacks against Sony Pictures Entertainment, banks, defense contractors, and the many victims of the WannaCry ransomware variant. We discuss the most interesting revelations, outlining the different t...
Sep 07, 2018•33 min
Dr. Richard Gold and Simon Hall join Rafael Amado to discuss the age-old problem of credential hygiene. We’ve all heard of not reusing passwords, employing two factor authentication and using password vaults, but why then do organizations still struggle with good credential hygiene? We’ll cover the ways in which attackers steal and take advantage of credentials, what most companies are getting wrong, and the steps you can take to improve your overall credential hygiene practices.
Aug 31, 2018•28 min
This week it was revealed that six new domains registered by APT28, spoofing nonprofit, Senate, and Microsoft domains, have been sinkholed. With November’s US midterm elections fast-approaching, we dive into the latest threats and discuss how organizations can understand the threat posed to them by such malicious actors. Dr Richard Gold, Head of Security Engineering at Digital Shadows, joins Mike Marriott to discuss threat modeling; outlining the steps organizations can take to define their crit...
Aug 24, 2018•25 min
Digital Shadows’ Strategic Intelligence manager Rose Bernard joins Rafael Amado to discuss four separate ATM stories making headlines this week. In Part I, they’ll cover an alert on an impending "ATM cash-out" campaign issued by the FBI, and how India's Cosmos Bank lost $13.5m in cyberattacks after actors bypassed the internal ATM switch system. In Part II, Rafael and Rose will look into flaws discovered in NCR ATM currency dispensers, and a new Bitcoin ATM malware advertised for sale on dark we...
Aug 17, 2018•18 min
Digital Shadows’ Rose Bernard and Simon Hall join Rafael Amado to cover the arrest of three alleged members of the FIN7 organized criminal group. The team go over the United States Department of Justice’s indictment and provide some key observations on FIN7’s operations, including how sophisticated phishing and social engineering are the cornerstones of the group’s success. In Part II, the team look at phishing more generally, including the threats from business email compromise and malspam. For...
Aug 10, 2018•25 min
In this week’s episode, JP Perez-Etchegoyen, CTO of Onapsis, joins Michael Marriott to talk about the exposure of SAP and Oracle applications, the increase in publicly-available exploits, and the threat actors we have observed targeting the sensitive data held within these applications. Download the full report to learn more: https://info.digitalshadows.com/ERPApplicationsUnderFire-Podcast.html
Aug 03, 2018•25 min
Richard Gold and Rose Bernard join Michael Marriott to talked about updates to the Satori botnet, which has expanded to incorporate new IoT devices using TCP port 5555. Amid news of a new wave of OIlRig attacks, a Middle Eastern espionage campaign, we dive into PowerShell security risks and provide advice on best practices for those using PowerShell. For more information on PowerShell Security Best Practices, check out our blog https://www.digitalshadows.com/blog-and-research/powershell-security...
Jul 27, 2018•19 min
Rick Holland, CISO at Digital Shadows, discusses the latest 2018 Forrester New Wave for Digital Risk Protection. He discusses how security leaders must avoid blind spots with a more complete risk picture.
Jul 23, 2018•7 min
In today’s ShadowTalk, we take on the Robert Mueller indictment against 12 Russian individuals for alleged US election interference. However, rather than dwell on issues of attribution and geopolitics, we focus on the detailed tactics, techniques and procedures laid out in the indictment. Katie Nickels, a member of the MITRE team, joins Rafael Amado and Richard Gold us to discuss the ATT&CK™ framework in greater detail, as well as the key lessons that organizations can takeaway. For Digital ...
Jul 20, 2018•27 min
In this week's ShadowTalk, Digital Shadows’ Russian-speaking security specialist discovered files and source code allegedly related to the Carbanak organized criminal group. The Carbanak malware is a backdoor used by the Anunak (Carbanak) Group to infiltrate financial institutions and steal funds. Richard Gold and Simon Hall join Rafael Amado to discuss the implications for financial services from these revelations. We ask whether this leak represents a threat to organizations, and how businesse...
Jul 13, 2018•24 min
The Payment Card Industry recently passed a deadline requiring that all e-commerce sites and merchants cease supporting TLS 1.0. With this and older protocols such as SSL vulnerable to man-in-the-middle attacks, the fear is that attackers can intercept and tamper with data being sent across these channels. However, SSL interception is also performed by organizations for reasons that include blocking malware or improving data leakage prevention. Richard Gold and Simon Hall join Rafael Amado to di...
Jul 06, 2018•21 min
Following news that a database containing 340 million records has been publicly exposed to the internet, Richard Gold and Simon Hall join Michael Marriott to discuss how (and why) you can reduce your attack surface. For more information on some of the tips provided in this pursuit, visit https://github.com/securitywithoutborders/hardentools.
Jun 29, 2018•21 min
Libby Fiumara is joined by Rose Bernard and Sophie Burke to discuss the launch of Digital Shadows’ Women’s Network, challenges facing women in security, and how companies can foster diversity in the workplace.
Jun 26, 2018•25 min
Simon Hall and Rich Gold join Michael Marriott to discuss the merits and perils of attribution, including the number of characteristics and variables required for a strong attribution, instances where attribution has succeeded, and whether organizations should care.
Jun 22, 2018•23 min
Simon Hall and Richard Gold join Rafael Amado to discuss misconceptions around vulnerabilities and exploits, other techniques for gaining code execution, and how organizations can prioritize the patching of vulnerabilities.
Jun 15, 2018•21 min
In this edition of Shadow Talk, Richard Gold joins us to discuss the issue of security debt, a term used to refer to the accumulation of security risks over time, such as missed patches, misapplied configurations, mismanaged user accounts. Richard looks into how many of the attacks we see on a regular basis are actually a result of security risks that build up over time, and how security debt is a ticking time bomb for most organizations. In Part II, Harrison Van Riper covers the recent website ...
Jun 11, 2018•19 min
Rafael Amado and Michael Marriott discuss how the criminal underground has evolved since the demise of AlphaBay and Hansa. No single marketplace has managed to fill the AlphaBay-shaped gap left behind, at least among the English-speaking community. Existing sites such as Dream and Trade Route have failed to consolidate this empty space, hampered by a combination of poor communication by administrators and suspicion that these sites could be police honeypots like Hansa had been. Grab a copy of ou...
Jun 06, 2018•19 min
In today’s edition of Shadow talk, Dr Richard Gold joins us to discuss the return of the L0pht hackers. In 1998 the L0pht members delivered a cybersecurity hearing to the United States Senate, warning that any one person in their group could take down the Internet within 30 minutes. 20 years on, we look back on what has and hasn’t changed in the world of information security. In Part II, the team covers recent reporting on the use of military-style tactics such as war gaming and intelligence fus...
Jun 04, 2018•22 min
In this week’s Shadow Talk, the pod unpacks the reporting on VPN Filter, a malware affecting half a million network devices. Reports have suggested that the malware is being prepped to perform imminent large scale disruptive attacks against Ukrainian infrastructure. We also cover new research on the TRITON malware targeting industrial control and SCADA systems, as well as new techniques for the Roaming Mantis malware family. Finally, we bring you updates on vulnerabilities related to VBScript an...
May 29, 2018•23 min
In this week’s episode of Shadow Talk, Digital Shadows’ Head of Security Engineering, Dr Richard Gold, joins the pod to explain the EFAIL vulnerability affecting Open PGP and S-MIME, as well as other flaws identified in encrypted messaging platforms. Dr Gold also outlines the the factors you should be considering to prioritize your patching. In part two, we look at the $15 million theft in Mexico and outline the risks facing interbank payment systems.
May 21, 2018•23 min
