Want to hear what industry experts really think about the cyber threats they face? ShadowTalk is a weekly cybersecurity podcast, made by practitioners for practitioners, featuring analytical insights on the latest cybersecurity news and threat research.
Threat Intelligence Analyst Kim Bromley brings over 15 years of experience in threat intelligence across the public and private sectors. Kim and her guests provide practical perspectives on the week’s top cybersecurity news and share knowledge and best practices to help businesses mitigate the most pertinent cyber threats.
With over 1,000 customers worldwide and 1,200 teammates across six global operating centers, ReliaQuest delivers security outcomes for the most trusted enterprise brands in the world. Learn more at www.reliaquest.com.
Harrison sits down with Rose and Christian for a quick chat about APT40 targeting educational maritime research, as well as other highlights from this week. Rose also gives us the breakdown of an inspiring trip to NASA; also space vampires make a brief appearance. Download the entire intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-07-mar-14-mar-2019.
Senior security engineer, Simon Hall joins Rafael Amado to explain how IT teams and defenders can combat email spoofing, one of the most popular techniques used by phishers. Simon discusses why spoofing is so prevalent and relatively simple for attackers to carry out, as well as how measures such as SPF, DMARC, and DKIM can be used to reduce spoofing risks. For more on this topic, read our Security Practitioner’s Guide to Email Spoofing and Risk Reduction, available at https://www.digitalshadows...
In this week’s episode, the team looks at Fin6, who has begun regularly targeting card-not-present data on e-commerce websites. Other highlights from this week include Topps disclosing a data breach incident linked to Magecart, the Farseer malware, and more. Read the full intelligence summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-28-feb-07-mar-2019
This week Rose and Phil join Harrison to discuss a three-stage cryptocurrency mining attack using Mimikatz and Radmin in tandem. The team also discusses the Cr1ptTor ransomware, an unknown North Korean threat actor targeting US universities, and MarioNet. Some of the team is heading to RSA Conference next week so make sure to stop by Booth 4421 in the North Hall to say hello. Get the Intellgence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summa...
This week, Phil and Alex join Harrison to discuss a new malware delivery technique using the Outlook preview panel. Also, threat actor Gnosticplayers was offering large data sets for sale on Dream Market, the Blind Eagle APT group swooped into the news, and Gandcrab is back trying to pinch its victims in new ways. Finally, the guys try to find a new nickname for Alex. Full Intelligence Summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-14-f...
The Photon Research Team’s Rafael Amado, Richard Gold and Harrison Van Riper get together to discuss Digital Shadows’ latest research report, A Tale of Epic Extortions: How Cybercriminals Monetize Our Online Exposure. Whereas many of the cyber security issues covered by researchers may seem obscure and irrelevant to the majority of businesses and individuals out there, extortion is a topic with a real human impact, and one that can have physical, psychological and financial consequences. The tea...
Alex and Jamie matched with Harrison in this Valentine’s week episode of ShadowTalk. We discuss why four different APT groups were observed using the same tooling, vulnerabilities in Apple’s iOS, and what everyone did for Valentine’s Day. Also, we have launched the Photon Research Team at Digital Shadows! Visit our announcement blog to learn more (https://www.digitalshadows.com/blog-and-research/photon-research-team-shines-light-on-digital-risks/) and follow the team on Twitter @photon_research!...
Alex and Jamie join Harrison to discuss how the United Arab Emirates (UAE) intelligence services compromised iPhones through the “Karma” malware. They also look at a spam campaign targeting American users, distributing the “Trickbot” banking trojan; Vietnamese threat group “OceanLotus” deploying a new custom downloader; and a distributed denial of service (DDoS) campaign displaying record-breaking power by combining techniques.Read the full intelligence summary here: https://resources.digitalsha...
In this episode of ShadowTalk: CISO Spotlight, Digital Shadows’ Chief Information Security Officer, Rick Holland, joins Rafael Amado to discuss his security goals and wish list for 2019. We cover: how CISO’s typically plan and spend their security budgets; why auditing and maximizing your existing capabilities is often better than splurging on new technology; and how to best invest and empower your most valuable resource, your workforce. Of course, with Rick on the podcast, there’s the customary...
This week, Alex Guirakhoo and Jamie Collier join Harrison to discuss APT39, a new Iran-linked espionage group, as well as other highlights from this week involving updated information about exploiting an authentication error at GoDaddy, malicious uses of the Google Cloud platform, and some excellent steganography being used to target Apple users. The guys also chat about their pups, and imagine a new battle royale game “BorkNite”.Full weekly intelligence summary: https://resources.digitalshadows...
This week Rose, Jamie, and Alex talk with Harrison on a huge data dump called "Collection #1", containing over 770 million email addresses and passwords. The team also looks at other stories including DarkHydrus observed using a new method to communicate with command and control servers, technology and social networking companies continuing to remove accounts associated with influence campaigns, and threat actors observed uninstalling cloud protection services in order to distribute cryptocurren...
This week Alex and Philip join Harrison to discuss two recent, unrelated, financially motivated cyber attack campaigns involving the use of culturally specific social engineering lures. The team also looks at three new phishing campaigns attributed to the threat group TA505 and decide(in a perfect world) which 1 cyber threat they would choose to rid forever.Download this week's Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10...
For this week’s ShadowTalk deep dive, we called in Doctor Richard Gold to discuss the major healthcare breach affecting SingHealth, Singapore’s largest group of healthcare organizations. Richard and Rafael Amado discuss how threat actors might use the 1.5million patient records that were stolen, how the attack occurred and where the incident response process failed. To view the report in full, visit: https://www.mci.gov.sg/coireport
Harrison Van Riper hosts this week’s Intelligence Summary with guests Rose Bernard (Strategic Intelligence Manager) and Alex Guirakhoo (Strategic Intelligence Analyst). Our main story involves the leak of personal information from several German political parties. We also discuss the other big threat intelligence stories from the week and find out what everyone would name their APT group. Subscribe to ShadowTalk on iTunes and follow us @digitalshadows, use #ShadowTalk to submit a question for ne...
Welcome to ShadowTalk's new track on our Weekly Intelligence Summary. Host Harrison Van Riper invites Digital Shadows' analysts to discuss the week's top threat intelligence news. To download the full Weekly Intelligence Summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary.
Rafael Amado and Richard Gold talk cybersecurity end of year predictions, but with a twist. Rather than focus on the threats and worrying trends on the horizon, the team instead concentrate on the positive developments that we can all look forward to in 2019. Richard and Rafael discuss open source tools that can help all of us become more secure, improvements to browser security, and long overdue changes in security awareness, education and diversity that should make 2019 an altogether better ye...
Simon Hall and Richard Gold join Rafael Amado to wade in on the topic of phishing. By looking at details revealed in law enforcement indictments against nation state and organized criminal groups, as well as the tips and tools being shared by actors on cybercriminal forums and messaging applications, the team discuss how organizations can prioritize the right controls and training policies to best protect themselves in the coming year. For more on this topic, read our recent research blog, Tackl...
Rick Holland and Harrison Van Riper join Michael Marriott to discuss the implications of the Marriott data breach, as well as a look forward to trends we might see in 2019. Specifically, we dig into ransomware and discuss what you should be considering in 2019. To read more about these trends (and more) read Harrison’s blog (https://www.digitalshadows.com/blog-and-research/2019-cyber-security-forecasts-six-things-on-the-horizon/). To register for our upcoming webinar with the FBI, https://info.d...
The dynamic duo of Dr Gold and Simon Hall join Michael Marriott to discuss our recent findings on threat actors using cracked versions of Cobalt Strike conduct attacks, and how defenders can use this to inform their defense. Read the blog to learn more: https://www.digitalshadows.com/blog-and-research/threat-actors-use-of-cobalt-strike-why-defense-is-offenses-child/. Building on this theme, in part two, Richard Gold outlines the benefits of mapping the Mitre ATT&CK framework to the ASD Essen...
For this special mid-week edition of ShadowTalk, Harrison Van Riper, Jamie Collier, and Rafael Amado focus on cyber security threats over the Black Friday weekend and holiday season. Despite increased sales for retailers and bargain opportunities for consumers, Black Friday has had the unintended consequence of emboldening and enabling profit-seeking cybercriminals. The team discuss continuing activity by the Magecart group, as well as the ways in which cybercriminals are gearing up for the holi...
Some called him a hero. Some called him the most dangerous man to the defense industry. In today’s ShadowTalk, Dr. Richard Gold and Harrison Van Riper join Rafael Amado to discuss the vigilante hacker known as Phineas Fisher. Leaked court documents surfaced this week, detailing how Italian authorities tried and ultimately failed to identify and convict Phineas Fisher for the infamous breach against the Italian surveillance and technology company, Hacking Team. The team dive into the history of P...
Michael Marriott flies in from San Francisco to cover the big vulnerability and exploit stories of the week. The team discuss the Cisco denial- of-service vulnerability affecting its Adaptive Security Appliance (ASA), as well as a vulnerability in Oracle’s VirtualBox technology posted to GitHub. Dr. Richard Gold, Rafael Amado and Michael debate the benefits and drawbacks of bug bounty programs, how you should consider operational value when assessing vulnerabilities, and the U.S. Cyber Command’s...
In this bonus edition of ShadowTalk, Dr Richard Gold and Rafael Amado discuss the recent BBC Russian Service investigation into Facebook accounts being sold online. As reported on Friday, at least 81,000 accounts with private messages were being advertised online. Digital Shadows assisted the BBC with its investigation. Richard and Rafael outline what we know so far, as well as answering some of the key questions raised by this story. For more, see our recent blog available at https://www.digita...
Two years on from the Tesco Bank fraud attacks that allowed cybercriminals to check out with £2.26m (roughly $3m) in customer funds, Dr Richard Gold and Simon Hall join Rafael Amado to discuss the UK Financial Conduct Authority’s investigation report. This episode will be crucial listening for anyone involved in the financial services industry, as well as those eager to learn about incident response processes and how poor execution can have disastrous, and costly, consequences. The FCA final not...
Harrison Van Riper and Rafael Amado join Michael Marriott to discuss the latest stories from the week. This week’s podcast has a strong Guy Richie flavor, with a focus on lock, stock and ru smoking barrels. We begin by discussing October’s hot ransomware activity, including the most popular variants, common targets, and mitigation advice. Second, we discuss sliding stock value amid reports of data breaches: we dig into the Cathay Pacific and Facebook breaches. And, finally we discuss the recent ...
Following on from last week’s conversation on how managed service providers can increase your attack surface, Simon Hall and Richard Gold join Rafael Amado to discuss supply chain risks. With so much to cover, the team break this topic down into hardware, software and third-party service risks, including examples such as the MeDoc-NotPetya campaign and the recent SuperMicro hardware allegations. As always, Richard and Simon cover some useful good practices for those looking to improve their risk...
Digital Shadows CISO Rick Holland, Dr Richard Gold and Simon Hall join Rafael Amado to cover the Hidden Cobra FASTCash campaign alert issued by US authorities, detailing ATM cash out campaigns performed by North Korean actors. The team look over the Five Eyes joint report into publicly available hacking tools. And, finally, are companies who use MSPs at greater risk of attack? For more on the Powershell blog referenced by the Five Eyes report, visit: https://www.digitalshadows.com/blog-and-resea...
In this week’s Shadow Talk, Rafael Amado joins Michael Marriott to discuss Digital Shadows’ latest research on Business Email Compromise. We discuss how criminals are outsourcing this work, and how the exposure of 33,000 finance department credentials is increasing the ease for attackers. However, even without taking over accounts, criminals can get their hands on sensitive financial information. We dig into the 12.5 million exposed email archives that are available through misconfigured online ...
Rick Holland, CISO of Digital Shadows, joins Richard Gold and Michael Marriott to discuss the latest cybersecurity news. In part one, we discuss the possible implications of Facebook security flaws affecting 50 million accounts. In part two, one year after reports of the Equifax breach surface, the UK arm has been fined £500,000 by the ICO. We look at the lessons learned.
Simon Hall and Richard Gold join Rafael Amado to focus on the trade-offs between security and usability, as well as the practice of security layering that can often make us more insecure. The team look over security measures such as regular complex password expiry policies that create headaches for organizations and end users, why it’s not easy to make security usable, whether certain security measures such as anti-virus software actually make us more insecure, and what alternative system defenc...
