Digital Shadows

ShadowTalk hosts Adam, Chris, and Kim bring you the latest in threat intelligence. This week they cover:- Malicious use of TDS and the newly reported Prometheus TDS- Ransomware updates: Synack release decryption key and Vice Society targets PrintNightmare- The Microsoft phishing campaign that utilized morse code as an encryption mechanism Get this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-august-20***Resources from this week’s podcast***The Phight Against Phishing: https://www.digitalshadows.com/blog-and-research/the-phight-against-phishing/Leveraging Digital Shadows Premium Services: https://www.digitalshadows.com/blog-and-research/leveraging-digital-shadows-premium-services/ Prometheus TDS: https://blog.group-ib.com/prometheus-tdsSync Ransomware Releases Decryption Keys: https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-decryption-keys-after-el-cometa-rebrand/PrintNightmare Attacks: https://www.bleepin

ShadowTalk hosts Sean, Ivan, Charles, and CISO Rick Holland bring you the latest in threat intelligence. This week they cover:- CISO Rick Holland touches on the latest news on AlphaBay - could the forum be back? - The team chat about LockBit’s big hit on Accenture- Charles runs through Krebs Security run-in with a scammer who had been targeted by a phishing site for BriansClub- Ivan talks about the Chinese espionage group that pulled a false flag to Iran and Israel - Sean delves into the latest news on the $600 Million crypto hackGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-13th-august***Resources from this week’s podcast***The State of APTs in 2021https://www.digitalshadows.com/blog-and-research/the-nation-state-of-apts-in-2021/ Understanding Smishing Attackshttps://www.digitalshadows.com/blog-and-research/understanding-smishing-attacks/ Krebs Security Run-in with Scammed Scammer https://krebsonsecurity.com/2021/08/phish

ShadowTalk hosts Adam, Dylan and Kim bring you the latest in threat intelligence. This week they cover:- Recent Wiper malware targeting the 2020 Tokyo Olympics - Dylan dives into the MeteorExpress attack, which targeted Iranian transport systems - Kim runs through PwnedPiper vulnerabilities that impact pneumatic tube systems in hospitals - could this lead to a ransomware attack? - Adam and the team discuss a new machine learning security tool called Hopper, which is used to detect lateral movement - before discussing the future of machine learning and AI in cyber security- Plus, the team answers some of your questions!Get this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-6th-august***Resources from this week’s podcast***IAB Q2 roundup https://www.digitalshadows.com/blog-and-research/initial-access-brokers-in-q2-2021/ Supply chain attacks in 2021 https://www.digitalshadows.com/blog-and-research/supply-chain-attacks-in-2021/ MeteorE

ShadowTalk hosts Sean, Alec, Rick, and Ivan bring you the latest in threat intelligence. This week they cover:- CISA guidelines on frequently exploited vulnerabilities- Q2 Ransomware roundup/BlackMatter & Haron (new darkside/revil and avaddon), REvil ACH- With PunkSpider back, what are the implications of using this tech?Get this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-30th-july***Resources from this week’s podcast***Domain monitoring solution guide: https://www.digitalshadows.com/blog-and-research/getting-started-with-domain-monitoring-part-3-remediation/REvil: Analysis of Competing Hypotheses: https://www.digitalshadows.com/blog-and-research/revil-analysis-of-competing-hypotheses/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

ShadowTalk hosts Stefano, Saul, Rory, and Kim bring you the latest in threat intelligence. This week they cover:- Microsoft Exchange server attach attributed to China- At least 180 journalists have been selected as targets by clients of the cybersurveillance company NSO Group- Zero-day exploits in 2021- Tor gets an update***Resources from this week’s podcast**** 2021 Ransomware Roll Up - https://www.digitalshadows.com/blog-and-research/q2-2021-ransomware-roll-up/* Blog: Cyber threats to Tokyo 2020 - https://www.digitalshadows.com/blog-and-research/cyber-threats-to-the-tokyo-2020-olympic-games/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com- if you have any questions, comments, or suggestions for the next episodes.

Digital Shadow’s CISO Rick Holland and Senior Cyber Threat Intel Analyst Sean Nikkel host this special edition of ShadowTalk. They are joined by special guest CEO and Founder at SCYTHE, Bryson Bort.

ShadowTalk hosts Stefano, Dylan, Adam, and Xue, bring you the latest in threat intelligence. This week they cover:- Xue takes us through the Kaseya ransomware supply-chain attack -REvil’s involvement and “Happy Blog” - Adam discusses a new threat group, Fancy Lazarus - where did they come from and what are their methods?- Dylan dives into malicious spyware apps found on Google Play that steal Facebook users’ logins and passwords - what we know so far - Plus, Adam’s malware name of the week and more!Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-9th-july ***Resources from this week’s podcast***Fancy Lazarus: https://www.proofpoint.com/uk/blog/threat-insight/ransom-ddos-extortion-actor-fancy-lazarus-returns Spyware Apps: https://news.drweb.com/show/?i=14244&lng=en Kaseya Blog: https://www.digitalshadows.com/blog-and-research/kaseya-ransomware-supply-chain-attack/ Domain Monitoring Part 2 Blog: https://www.digitalshadows.com/blog-and-r

ShadowTalk hosts Sean, Ivan and Digital Shadows CISO, Rick Holland, bring you the latest in threat intelligence. This week they cover:- The team touch on the most recent LinkedIn breach exposing 700 Million user details- Sean and Rick talk about the latest developments of the PrintNightmare incident- Ivan dives into the Marketo data theft marketplace - What’s the future for this group?- Rick discusses the latest PlayStation 3 console ID’s leak and how it’s different to previous breaches- What we know about the mysterious Western Digital MyBook attack Get this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-2nd-july***Resources from this week’s podcast***What We’re Reading this month: https://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-june-2021/ Why Do Users Get Banned From Cybercriminal Forums https://www.digitalshadows.com/blog-and-research/why-do-users-get-banned-from-cybercriminal-forums/ Typosquatting

Digital Shadows’ CISO Rick hosts this edition of ShadowTalk. He is joined by special guest Gert-Jan Bruggink. They discuss:●Gert-Jan’s origin story●Legos●Threat intelligence-based pen testing and red-teaming●Writing better threat landscape reports

ShadowTalk hosts Stefano, Chris, and Kim, bring you the latest in threat intelligence. This week they cover:- Kim dives into Google’s new Supply Chain Attack framework - how will it operate?- Chris discusses South Korea's energy research institute networks being compromised by North Korean threat actors - how did they gain access?- The team talk new NATO agreements that put cybersecurity at the forefrontGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-25-june ***Resources from this week’s podcast***Google Supply Chain Attach Framework - https://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html Supply Chain Awareness: https://www.sonatype.com/hubfs/Corporate/Software%20Supply%20Chain/2020/SON_SSSC-Report-2020_final_aug11.pdf South Korea Energy Compromise: https://www.bleepingcomputer.com/news/security/south-koreas-nuclear-research-agency-hacked-using-vpn-flaw/ VPN Attack Study: https://www.helpnetsecurity.com/

Digital Shadows CISO Rick and Senior Cyber Threat Intel Analyst Sean Nikkel host this edition of ShadowTalk. They're joined by special guests Dan Sherry and Grace Chi, founders of Pulsedive. They discuss:-Dan & Grace's origin stories and how Pulsedive came to be -Grace's LinkedIn “Sides of Cyber” campaign, promoting unknown talents and how they enrich people's lives-IOCs aren't dead - how IOCs can be leveraged as part of a broader program-How to kick the tires on Pulsedive - they even include free API access ***Resources from this special podcast***Find Dan on Twitter: https://twitter.com/netbroom Find Dan on LinkedIn: https://www.linkedin.com/in/netbroom/ Find Grace on Twitter: https://twitter.com/euphoricfall Find Grace on LinkedIn: https://www.linkedin.com/in/graceschi/ Company Homepage: https://pulsedive.com/about/

ShadowTalk hosts Sean, Ivan, and Charles bring you the latest in threat intelligence. This week they cover:- The team discusses the most recent EA breach - what’s the history of attacks against software/game developers?- Charles dives into the latest on VPN vulnerabilities - why does this problem persist? - Ivan talks about Clop arrests - how big of a player is Clop in the world of cyber crime?- Predictions for the ransomware scene in the future - can we expect more intervention by law enforcement? Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-18-june ***Resources from this week’s podcast***EA Breach: https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack https://www.vice.com/en/article/wx5xpx/hackers-steal-data-electronic-arts-ea-fifa-source-code VPN Vulnerabilities: https://apnews.com/article/government-and-politics-hacking-technology-business-7350235e07d46ba5afc1238b553ea4b9 Clop arrests: https://krebsonsecurity.com/20

Digital Shadows CISO Rick and Senior Cyber Threat Intel Analyst Sean host this guest edition of ShadowTalk. Anomali's Sr. Director of Cyber Intelligence Strategy, AJ Nash, joined them to discuss:- AJ's origin story with the U.S. Air Force - AJ's lessons from building threat intelligence teams - The need for intelligence leaders to be more strategic and move beyond IOCs and the SOC - AJ's new blog where he proposed the Chief Intelligence Officer (CINO)***Resources from this special podcast***Find AJ on LinkedIn: https://www.linkedin.com/in/nashaj/Rise of the Chief Intelligence Officer (CINO): https://www.anomali.com/blog/rise-of-the-chief-intelligence-officer-cino

ShadowTalk hosts Stefano, Adam, Chris, and newcomer, Rory, bring you the latest in threat intelligence. This week they cover:-Adam takes us through the latest cyber espionage campaigns attributed to Chinese-state-sponsored APT groups-Rory discusses a sophisticated law enforcement campaign targeting criminal syndicates all over the world-Chris dives into the new GitHub policies - what led to these new guidelines?-The team talks about updates on the Colonial Pipeline incident - what’s the latest?-Plus, the group makes EURO 2020 predictionsGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-11-june ***Resources from this week’s podcast***SharpPanda/Chinese APT - https://research.checkpoint.com/2021/chinese-apt-group-targets-southeast-asian-government-with-previously-unknown-backdoorLaw Enforcement Op - https://www.bleepingcomputer.com/news/security/fbi-and-afp-created-a-fake-encrypted-chat-platform-to-catch-criminals/ GitHub Takedown Policy: ht

ShadowTalk hosts Sean, Alec, Charles, and Digital Shadows CISO, Rick Holland, bring you the latest in threat intelligence. This week they cover:- Alec dives into Nobelium - who are they and what happened in the latest attack?- Charles takes us through VMWare exploits - how does it compare to earlier vulnerabilities?- Rick discusses the Biden Administration’s open letter to business leaders on the state of ransomware - Plus, check out our latest content including thoughts on the 2021 Verizon DBIRGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-04-june ***Resources from this week’s podcast***Nobelium: https://www.techrepublic.com/article/solarwinds-hackers-resurface-to-attack-government-agencies-and-think-tanks/ VMWare: https://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/ https://www.vmware.com/security/advisories/VMSA-2021-0010.html President’s Note on Ransomware Threats: https://ww

ShadowTalk hosts Stefano, Adam, and Xue bring you the latest in threat intelligence for the APAC region. They cover:- Xue take us through how the APAC threat landscape has changed in the last 18 months- What are the prominent ransomware and APT groups and what are they up to?- The team discusses how cybersec institutions are using new regulations to offset some traditional challenges- Adam talks about the Tokyo 2020 threat landscape and how it's been shaped by the event postponement due to COVID-19***Resources from this week’s podcast***State of APAC: https://www.paloaltonetworks.com/blog/2020/03/policy-asia-pacific/ https://techwireasia.com/2019/10/cybersecurity-customer-experience-trust-asia-apac/ https://techwireasia.com/2021/03/apac-is-in-need-for-more-cybersecurity-experts/ https://www.zdnet.com/article/colonial-pipeline-attack-used-to-justify-australias-critical-infrastructure-bill/ https://www.zdnet.com/article/security-crucial-as-5g-connects-more-industries-devices/ https://www.zdnet.com/article/

ShadowTalk hosts Stefano, Adam, Kim, and Dylan bring you the latest in threat intelligence. This week they cover:- Dylan discusses how cheese was the downfall of a drug dealer in the UK and how a cybercriminal messaging forum contributed- Kim talks ransomware - how ransom demands stole the spotlight from supply-chain attacks- Avaddon victims refuse to pay ransom demands - what happened?- Adam dives into politically motivated ransomware Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-28-may ***Resources from this week’s podcast***Stilton Incident: https://en.wikipedia.org/wiki/Geronimo_Stilton https://www.theguardian.com/food/2021/may/24/feeling-blue-drug-dealers-love-of-stilton-leads-to-his-arrest Politically Motivated Ransomware: https://assets.sentinelone.com/sentinellabs/evol-agrius MTNOW: https://blog.malwarebytes.com/cybercrime/malware/2021/05/bizarro-a-banking-trojan-full-of-nasty-tricks/ MTTPOTW: https://attack.mitre.org/techniqu

Digital Shadows CISO Rick hosts this edition of ShadowTalk. He’s joined by special guest and friend Jeff Stone, Editor at CyberScoop News. They discuss: - Jeff's origin story - Parallels between journalism and threat intelligence - How journalists validate sources - Why "It's better to be right than first"- The go-to defense lawyer for Russian and Eastern European cybercriminals- The nuance around interviewing cybercriminals***Resources from this special podcast*** Find Jeff on Twitter: https://twitter.com/jeffstone500 CyberScoop:https://www.cyberscoop.com/ https://twitter.com/CyberScoopNews CyberScoop CyberTalks Virtual Summit https://www.cyberscoop.com/events/cybertalks/ "How Arkady Bukh, a New York-based immigrant from the former Soviet bloc, emerged as the go-to defense lawyer for the cybercrime underworld."https://www.cyberscoop.com/story/arkady-bukh-man-in-the-middle/

ShadowTalk hosts Sean, Alec, Ivan, and Charles bring you the latest in threat intelligence. This week they cover:- Ivan takes us through the latest updates on DarkSide and the Colonial Pipeline incident - DarkSide faces consequences - The team talks about new legislation from the US government - better late than never?- Plus, our hosts dive into all things ransomware - what’s happening with the cyber threat landscape?- Alec brings us the latest on Conti ransomware targeting Ireland's Department of Health - what was the impact?- Charles discusses a new web skimmer indicating ongoing Magecart activityGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-21-may ***Resources from this week’s podcast***Colonial Pipeline Updates: https://www.bankinfosecurity.com/2-bills-introduced-in-wake-colonial-pipeline-attack-a-16666 Conti Ransomware: https://www.bleepingcomputer.com/news/security/conti-ransomware-also-targeted-irelands-department-of-healt

ShadowTalk hosts Stefano, Chris, Kim, and Xue bring you the latest in threat intelligence. This week they cover:- Xue takes us through the Colonial Pipeline ransomware incident - DarkSide’s involvement and more - What does the attack on the Colonial Pipeline indicate for future cyber threats against critical infrastructure?- Chris dives into the BEC incident - what does it mean and what happened? - Kim discusses the Bulletproof Hosting indictment - what is the impact?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-14-may ***Resources from this week’s podcast***Colonial Pipeline: https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-compromise-of-colonial-pipeline-networksDarkSide: https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/ Gift Card Scam: https://www.microsoft.com/security/blog/2021/05/06/business-email-compromise-campaign-targets-wide-range-of-orgs-with-