ShadowTalk: Powered by ReliaQuest - podcast cover

ShadowTalk: Powered by ReliaQuest

ReliaQuestreliaquest.com

Want to hear what industry experts really think about the cyber threats they face? ShadowTalk is a weekly cybersecurity podcast, made by practitioners for practitioners, featuring analytical insights on the latest cybersecurity news and threat research.

Threat Intelligence Analyst Kim Bromley brings over 15 years of experience in threat intelligence across the public and private sectors. Kim and her guests provide practical perspectives on the week’s top cybersecurity news and share knowledge and best practices to help businesses mitigate the most pertinent cyber threats. 

 

With over 1,000 customers worldwide and 1,200 teammates across six global operating centers, ReliaQuest delivers security outcomes for the most trusted enterprise brands in the world. Learn more at www.reliaquest.com.

Download Metacast podcast app
Podcasts are better in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episodes

More Sodinokibi Activity, Imperva Breach, And Weirdest Food At The Texas State Fair

Rick Holland and Alex Guirakhoo join Harrison Van Riper this week to talk through more Sodinokibi activity. Just yesterday, a cloud hosting provider for Digital Dental Records was hit with Sodinokibi, apparently affecting around 400 different dental providers around the US. It seems like were hearing about more and more people actually paying out these ransom demands. Do we think it’s just a reporting bias or do we think they’re actually paying out more often? Then the team looks at the Imperva ...

Aug 30, 201931 min

Approaching Cybersecurity As A Third Party Defense Contractor

Brian Neely, CIO and CISO at American Systems and Rick Holland, CISO at Digital Shadows join Harrison for a discussion around how Brian approaches cybersecurity as a defense contractor. American Systems has been delivering complex IT and engineering solutions to national priority programs since 1975 and has some interesting use cases.The group discusses:- Top cybersecurity concerns as a third party defense contractor - Advice for listeners with similar threat models where sophisticated, well-res...

Aug 27, 201921 min

Texas Ransomware Outbreaks And Phishing Attacks Using Custom 404 Pages

Charles Ragland (a brand new ShadowTalk-er!) and Christian Rencken join Harrison this week to discuss an outbreak of ransomware attacks impacting local government entities across Texas. The team also discusses some phishing attacks that are using custom 404 pages and how Google is starting to remove FTP support from Chrome. They wrap up this episode with the question of the week: Which future technology most worries you from a cyber security perspective? Check out this week’s full intelligence s...

Aug 23, 201939 min

Breach! Exploring The Modern Digital Breach With Cyber Defense Lab’s CEO Bob Anderson: Part 2

What practical steps should organizations and the professionals within them be thinking about in this new world? We have a special two-part series where Rick Holland, VP Intelligence and CISO at Digital Shadows, interviews Bob Anderson, CEO at Cyber Defense Labs and James Chappell, co-founder and Chief Innovation Officer at Digital Shadows.In part 2, the team looks at:- Steps you can take into your programs today as a security or business leader- Advice for boards on how to do to deal with breac...

Aug 20, 201928 min

Nightmare Market In Disarray And SEC Investigation Into Data Leak At First American Financial Corp

Harrison is back! Alex and Christian join this week to discuss how Black Hat and DEFCON went last week, analyze the irregularities of the dark web criminal market, Nightmare, and explore the story reported by Krebs on the SEC investigation into the data leak at First American Financial Corp. Shout-out to all of our new listeners - thanks for your interest and let us know what we can do to continue improving the podcast! Check out the blog on Nightmare Market at https://www.digitalshadows.com/blo...

Aug 16, 201933 min

Breach! Exploring The Modern Digital Breach With Cyber Defense Lab’s CEO Bob Anderson - Part 1

It seems like we read about new breaches every day. What’s changing? How is exposure and the adoption of digital technology changing the breach landscape? We have a special two-part series where Rick Holland, VP Intelligence and CISO at Digital Shadows, interviews Bob Anderson, CEO at Cyber Defense Labs (https://cyberdefenselabs.com/) and James Chappell, co-founder and Chief Innovation Officer at Digital Shadows. In Part 1, the team looks at:- How the breach landscape has evolved- The role of th...

Aug 13, 201932 min

Capital One Breach, Ransomware Trends, and Threat Actors

Move out of the way, Harrison! We have a brand new host this week: Viktoria Austin, Strategy and Research Analyst, and Photon Research Team member. Viktoria is joined this week by Rose Bernard and Xueyin Peh in the London office. In a malspam campaign, “Sodinokibi” targeted users in Germany using a spoofed Federal Office for Information Security (BSI) email domain and a data breach-themed lure, while in other countries ransomware attacks have been conducted against local government networks and ...

Aug 02, 201918 min

2FA - Advice For Deployment & A Technical Assessment

Thinking about deploying 2FA? In this special interview, our Head of Cyber Security & IT, Craig Ellis, and our Head of Security Engineering, Dr. Richard Gold, chat with Harrison around how they implemented 2FA internally. The guys discuss proper ways to go about implementing 2FA, some of the issues with implementing 2FA, what happens when things break, and other advice they wish they were given before implementing 2FA. Then Rich and Harrison deep dive into our latest paper, Two-Factor in Rev...

Jul 30, 201940 min

More BlueKeep updates, FSB contractor hacked, and the Enigma Market

Christian (@Chrencken14) and Travis (@puppyozone) sit down with Harrison (@pseudohvr) to discuss even more BlueKeep updates since last week, as a technical presentation gets uploaded to Github, inching us closer to a full-blown public PoC. the breach and subsequent release of documents from a contractor working with Russia’s FSB intelligence services, and research from the Digital Shadows team about a new marketplace we’ve had our eye on for a few months called Enigma. **Housekeeping note** We’r...

Jul 26, 201933 min

Interview With Dir Of Threat Intelligence At McDonalds, Brian Hillegas

Director of Threat Intelligence at McDonald’s, Brian Hillegas, speaks with Harrison (@pseudohvr) and CISO Rick Holland (@rickhholland) about where to align your security priorities, the importance of operating cross-functionally in your organization, what the biggest threats are in the cyber landscape at the moment, and what they’re looking forward to at Black Hat and DEF CON this year. The team will be at both events in Vegas this year! Check out what we have planned and RSVP for our party Wedn...

Jul 24, 201919 min

FaceApp Overblown, BlueKeep Updates, And Libra’s Lawmaker Showdown

Harrison (@pseudohvr), Alex, and Travis (@puppyozone) talk about the recent FaceApp shenanigans and why they’re actually not that shocking as some reports indicate. Researchers indicate that thousands of systems are still vulnerable to the BlueKeep RDP vulnerability. With a public proof of concept yet to be released, could this be the reason why? Finally, Harrison loves some cryptocurrency news, so the guys chat about Facebook’s cryptocurrency head speaking to US lawmakers about Libra and having...

Jul 20, 201940 min

Interview With Deputy CISO At Accenture, Jason Lewkowicz

Harrison interviews Deputy CISO at Accenture, Jason Lewkowicz, and CISO at Digital Shadows, Rick Holland. The group discusses the importance of working functionally as a security team, cyber response plans, and how to keep your security playbooks up to date. Jason also discusses how his team uses Digital Shadows SearchLight™ within their day to day processes. Heading to Black Hat and/or DefCon? Meet the ShadowTalk team at our party Wednesday night at Eyecandy Sound Lounge. Details and guest list...

Jul 17, 201920 min

TA505 Global Attacks, Zoom 0-Day, and New Magecart Activity

Kacey (@sudosu_kacey) and Alex join Harrison (@pseudohvr) to walk through this week’s threat intelligence stories. Alex walks us through the highlight story this week: TA505 uses new tools, old tactics in global attacks. Kacey then digs into the zero-day vulnerability identified in Zoom’s macOS software. We also discuss new Magecart activity, the Sodinokibi ransomware, and what our ShadowTalk-ers would name their own ransomware. Get the full intelligence summary at https://resources.digitalshado...

Jul 12, 201911 min

Marriott Faces GDPR Fines - A DPO and CISO Discussion

Harrison (@pseudohvr) is joined by Digital Shadows co-founder and Data Privacy Officer, James Chappell (@jimmychappell), as well as CISO Rick Holland (@rickhholland), to discuss the news this week around Marriott’s GDPR fines. The team talks through initial thoughts and observations, what it means for global privacy and regulation, and what we can expect moving forward. And if you have examples of best practices around breach notification, hit up our Photon Research team on twitter (@photon_rese...

Jul 12, 201926 min

Operation Soft Cell, Libra Cryptocurrency Impersonations, and New Cyber Espionage Activity

This week Alex and Phil join Harrison to discuss Operation Soft Cell, a campaign that has been actively compromising telecommunications organizations since early 2017. Other highlights from the week include focus on a new cyber espionage campaign, known as Operation BouncingGolf, targeting Middle Eastern individuals’ mobile devices; the Russia-associated threat group “Turla”, which has demonstrated new tools and capabilities in three campaigns; and media allegations that the United States Cyber ...

Jun 28, 201917 min

Google Calendar Phishing, Exim Email Server Vulnerability, and Diversity in Cybersecurity

This week Alex and Jamie (@TheCollierJam) chat with Harrison (@pseudohvr) on a cyber-threat campaign involving the abuse of legitimate features in Google Calendar. Then they dive into other highlights from the week including the expansion of sector targeting by destructive threat group “Xenotime”, exploitation of a vulnerability affecting Exim email servers, and continued targeting of the transportation sector by the Iran-associated threat group “APT39”. Then we hear Part II of Rick Holland (@ri...

Jun 21, 201934 min

XMRig Cryptocurrency Mining, FIN8 Backdoor, and Attacks Against Office 365

This week Harrison (@pseudohvr) is joined by Travis (@puppyozone) and Alec to discuss the security stories of the week including a fileless malware attack delivers cryptocurrency miner to China, a return from FIN8 with a backdoor for the hospitality industry, a popular flaw exploited in a tailored spam campaign, and MuddyWater expanding tactic repertoire in Middle Eastern attacks. Then Digital Shadows CISO Rick Holland (@rickhholland) joins Harrison to chat with principal security strategist at ...

Jun 14, 201942 min

“HiddenWasp” and “BlackSquid” malware, TA505 and Turla actvity, and Too Much Information: The Sequel

Alex and Christian join HVR this week to discuss the Linux malware “HiddenWasp” (along with HVR’s hatred of the insect), the BlackSquid malware, and updated campaign activity from TA505 and Turla threat groups. Then, Harrison sits down with Dr. Richard Gold, head of Security Engineering at Digital Shadows, to discuss Photon Research’s most recent report Too Much Information: The Sequel. Be sure to download the full report at https://info.digitalshadows.com/TooMuchInfoTheSequel-podcast.html and t...

Jun 07, 201927 min

JasperLoader, APT28 URL shortening, and RDP vulnerability discussion

Alex Guirakhoo and newcomer to the pod Travis Randall (@puppyozone) join HVR this week to discuss updates to the JasperLoader malware loader, APT28’s newly observed link shortening technique, Gnosticplayers allegedly stole information from an Australian graphics design companies, and APT10 malware loaders. After that, Richard Gold (@drshellface) and Simon Hall (@5ecur1tySi) discuss the Remote Desktop Protocol vulnerability that everyone has been hyped up about in the last couple of weeks. Be sur...

May 31, 201925 min

CVE-2019-0708 RDP vulnerability and GDPR’s anniversary

Jamie Collier and Phil Doherty join HVR on this week’s ShadowTalk, discussing the RDP vulnerability that has everyone sweating, CVE-2019-0708. Patch those systems, because there’s a few different proof of concept exploits circulating around online. Then, the guys discuss a new MuddyWater obfuscation technique, updates to the Trickbot banking trojan, and there’s some sad MongoDB owners out there following a wipe of over 12,000 databases by an extortionist. Then, happy anniversary, GDPR! Digital S...

May 24, 201947 min

ElectricFish malware attributed to "Lazarus Group"

Alex and Christian join Harrison this week to discuss the attribution of the ElectricFish malware to the "Lazarus Group" and the highlights from this week included the exploited vulnerability in WhatsApp, the dark web sale offering access to major antivirus companies, and the "Plead" malware being distributed via ASUS software updates. Then, Dr. Richard Gold and Simon Hall join the show to discuss the NCSC's password expiration guidance and share their opinions on the topic. Read the full findin...

May 17, 201938 min

“Buckeye” APT group used Equation Group tools before 2017 leak

Kacey and Alex join HVR to talk through the key stories this week including a new threat group called “Mirrorthief” conducting “Magecart”-like digital skimming attacks against university websites, various code-sharing repositories being targeted and held for ransom by an unknown threat actor; and new ransomware, “Sodinokibi”, which used a zero-day vulnerability in Oracle WebLogic. Simon Hall and Dr. Richard Gold then join to dive deeper into the “Buckeye” APT group, which has recently been said ...

May 10, 201928 min

Weekly Intelligence Summary: Ep 17

Phil and newcomer Benjamin Newman join Harrison for another edition of the Weekly Intelligence Summary. The guys cover two distinct attack campaigns which used uncommon and underreported social engineering and malware delivery techniques, as well as attempts to automate these attacks in the future. Other highlights from this week include a cryptojacking campaigns using the ETERNALBLUE and DOUBLEPULSAR exploits, new reports of Magecart activity, and more extortionists leaking sensitive informatio...

May 03, 201914 min

Weekly Intelligence Summary: Ep 16

Jamie and Alex are back with Harrison this week to talk about the leak of information related to APT34 on Telegram, including victim data, personally identifiable information and the group's tools. Other highlights from this week include a phishing campaign delivering RevengeRAT, more information about the Wipro breach, and details about the threat actors responsible for the previously reported ASUS server compromise. Get the full intelligence summary at https://resources.digitalshadows.com/week...

Apr 26, 201915 min

Weekly Intelligence Summary: Ep 15

This week the team discusses an unidentified threat actor that has obtained data from various personal Outlook, MSN, and Hotmail email accounts by compromising a Microsoft customer support account. Also, the “Triton” malware was detected at a critical infrastructure facility, an IT outsourcing company experienced a potential network intrusion linked to a supply-chain attack, and a new trojan referred to as Hoplight has been attributed to the “Lazarus Group”. Check out the full intelligence summa...

Apr 19, 201915 min

Weekly Intelligence Summary: Ep 14

Christian and Jamie join Harrison for another week of ShadowTalk to discuss the FIN6 threat actor reportedly widening its range of attacks to include ransomware, potentially inciting the threat group to extend targeting beyond retail and hospitality entities. The highlights from this week include a Chinese advanced persistent threat (APT) campaign against a German pharmaceutical company, likely to steal intellectual property; a mass phishing campaign that used US servers to host malware; and a D...

Apr 12, 201917 min

Weekly Intelligence Summary: Ep 13

Jamie, Alex and Zuko sit down with Harrison to talk about a story that flew a little under the radar this week; Russia has allegedly been conducting a widespread satellite spoofing campaign since 2016, sending false positional data to ships and planes. Other highlights from this week include APT33 activity targeting engineering and manufacturing organizations, popular restaurant chains report some point of sale malware attacks, and South Korean websites being used in watering hole attacks. Also,...

Apr 05, 201916 min

Weekly Intelligence Summary: Ep 12

Christian and Jamie sit down with Harrison to talk about the compromised Asus server used to distribute backdoor malware to at least 500,000 users’ devices, more LockerGoga ransomware attacks, a new Magecart skimming attack, and FIN7 back in the news. Busy week! Also, Jamie gives hair product tips and the guys discuss what Twitter handle they would choose in an ideal world.Read this week’s intelligence summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intellig...

Mar 29, 201920 min

Episode 60: Cyber Risks and High-frequency Trading

With new research this week warning that state-sponsored cyber attacks against financial systems are on the rise, the ShadowTalk team focus on one area of the financial services sector in particular: high-frequency trading (HFT). Richard Gold and Rafael Amado are joined by a guest HFT expert to discuss mergers and acquisition information, sharing insider secrets, and manipulating stock prices. The team look at what attacks are possible, what the consequences would be for the financial services i...

Mar 25, 201943 min

Weekly Intelligence Summary: Ep 11

Harrison chats with Jamie and Alex this week on an attack on Norwegian aluminum and renewable-energy company Norsk Hydro ASA. The team also looks at threat group “APT-C-27” exploiting a flaw in WinRAR software, a fourth batch of breached data offered for sale on the dark web by “Gnosticplayers”, and a spam campaign exploiting the recent events surrounding the grounding of multiple Boeing 737 aircraft. Download the full intelligence summary here: https://resources.digitalshadows.com/weekly-intell...

Mar 22, 201914 min
Hosted on Buzzsprout
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast