Digital Shadows

ShadowTalk hosts Alec, Charles, Austin, and Ivan bring you the latest in threat intelligence. This week they cover:- Significant updates to the SolarWinds incident- Overlaps of the "Sunburst" backdoor and malware known to be used by the believed Russia-affiliated APT "Turla"- Possible SolarWinds scam - SolarLeaks claiming to sell data stolen in SolarWinds attacks- The newly identified Sunspot malware- Mimecast reporting of a compromised certificate possibly related to SolarWinds - the team dives deeper- DarkSide ransomware decryptor keys being released and how DarkSide respondedGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-15-january ***Resources from this week’s podcast***Sunburst: https://securelist.com/sunburst-backdoor-kazuar/99981/SolarLeaks: https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/SolarWinds updates: https://orangematter.solarwinds

ShadowTalk hosts Stefano, Kim, Adam, and Dylan bring you the latest in threat intelligence. This week they cover:- Post-holiday updates on SolarWinds - what have we missed? - Ticketmaster gets fined $10 million for illegally accessing the internal systems of a competitor, using the credentials of a former employee- Apex Laboratory announced that it was the victim of a cyber attack - what we know so far- 2020 in review: What will the new year bring in the world of cyber security?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-08-january ***Resources from this week’s podcast***SolarWinds:https://www.solarwinds.com/securityadvisorySolarWinds Blog: https://www.digitalshadows.com/blog-and-research/solarwinds-compromise-what-security-teams-need-to-know/ SolarWinds Update Blog: https://www.digitalshadows.com/blog-and-research/solarwinds-compromise-update/ TicketMaster Fraud: https://www.justice.gov/usao-edny/pr/ticketmaster-pays-10-millio

ShadowTalk hosts Kacey, Charles, Alec, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover all things SolarWinds:- An overview of the campaign and event timelines- SolarWinds' SEC filing and its implications- Early indicators of compromise, including public FTP creds and an access listing- What we can expect from this attack as time goes onGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-18-december ***Resources from this week’s podcast***Microsoft: https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/SolarWinds:https://www.solarwinds.com/securityadvisoryFireEye: https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.htmlDomainTools: https://www.domaintools.com/resources/blog/unraveling-network-infrastructure-linked-to-the-solarwinds-hack?utm_source=Social&u

ShadowTalk hosts Stefano, Kim, and Adam bring you the latest in threat intelligence. This week they cover:- FireEye, a top security firm, suffers a breach caused by a state-sponsored attacker- Phishing campaigns target the distribution of the Covid-19 vaccine- Ransomware gangs resort to cold-calling victims in order to cash in - Plus, the very festive ‘Malware name of the week’Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-11-december ***Resources from this week’s podcast***FireEye breach: https://arstechnica.com/information-technology/2020/12/security-firm-fireeye-says-nation-state-hackers-stole-potent-attack-tools/ FireEye breach: https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html Phishing targeting the vaccine: https://portal-digitalshadows.com/search/intelligenceincident/66425527 Phishing targeting the vaccine: https://securityintelligence.com

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick chat with Brian Wrozek of Optiv. They cover: - Brian’s origin in cybersecurity - Looking forward to 2021 - what should we be focusing on and what do we need to be prepared for?- Threat modeling and tabletop exercises - how do we prepare for the worst?- Brian and the team talk degrees - how big of a role do they play when recruiting? ***Resources from this week’s podcast***Find Brian Wrozek on LinkedIn: https://www.linkedin.com/in/brianwrozek Find Brian Wrozek on Twitter: https://twitter.com/bdwtexas?lang=en University of Dallas link: https://udallas.edu/cob/about/adjunct-faculty/wrozek-brian.phpOptiv: https://www.optiv.com/

ShadowTalk hosts Kacey, Charles, Alec, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- REvil ransomware breathes new life into Gootkit malware - C-level email credentials listed for sale on a cybercriminal marketplace- Does REvil have ties to Maze and Egregor? A conversation about source evaluation and attribution.- Spam Haus reports that thousands of IPV4 addresses are suddenly coming alive - is more BGP abuse on the horizon?Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-4-december ***Resources from this week’s podcast***Gootkit: https://www.bleepingcomputer.com/news/security/gootkit-malware-returns-to-life-alongside-revil-ransomware/Threat actor sells accounts: https://www.zdnet.com/article/a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives/REvil: https://twitter.com/campuscodi/status/1333462999105998848Spam Haus: https://www.reddit.com/r/blueteamsec

ShadowTalk hosts Stefano, Adam and Dylan bring you the latest in threat intelligence. This week they cover: - QBot drops Prolock for Egregor ransomware- IoT new regulations - Black Friday threats and opportunities- Plus: The team discuss the malware name of the weekGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-27-november***Resources from this week’s podcast***Holiday Cybercrime Blog: https://www.digitalshadows.com/blog-and-research/holiday-cybercrime-retail-risks-and-dark-web-kicks/Egregor: https://www.digitalshadows.com/blog-and-research/egregor-the-new-ransomware-variant-to-watch/

ShadowTalk hosts Kacey, Alec, and Charles, bring you the latest in threat intelligence. This week they cover: - New Chinese APT group, FunnyDream, conducts a sophisticated cyber espionage campaign targeting SE Asian government entities.- Ransomware operators want to be heard - Ragnar Locker turns to Facebook and Egregor begins printing ransom notes.- Is Egregor the new Maze? Let's unpack this.- Plus, the team talks about their favorite Thanksgiving dish, plus a side of footballGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-20-november ***Resources from this week’s podcast***FunnyDream: https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT.pdfRagnar Locker: https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/Egregor: https://www.bleepingcomputer.com/news/security/retail-giant-cencosud-hit-by-egregor-ransomware-attack-stores-impacted/Darkside Blog: https://www.dig

ShadowTalk hosts Stefano, Kim, Dylan, and Adam bring you the latest in threat intelligence. This week they cover: - RegretLocker’s approach to quickly encrypting files - how their efficiency compares to counterpart Ryuk - Vx Underground’s code used in ransomware attacks- APT32, or OceanLotus, using social media and news sites to draw in users and redirect them to phishing pages - U.S. DoJ seizes $24 Million in cryptocurrency, assisting the Brazilian governmentGet this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-13-november ***Resources from this week’s podcast***RegretLocker Ransomware: https://www.bleepingcomputer.com/news/security/new-regretlocker-ransomware-targets-windows-virtual-machines/Vx Underground: https://twitter.com/smelly__vx/status/1323849544145211392https://twitter.com/vxunderground/status/1326055110292729856OceanLotus: https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-

ShadowTalk hosts Kacey, Alec, Charles and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- Election update - Because that’s what’s on many people’s minds right now- North Korean Group Kimsuky Targets Government Agencies With New Malware - Maze Group announces closing of its operations- Wroba mobile malware targets US smartphones - Plus: Group discusses Guy FawkesGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-06-november-2020***Resources from this week’s podcast***Clickbait to Checkmate: https://www.digitalshadows.com/blog-and-research/sms-based-scam-targets-us-smartphones-and-accesses-victim-locations/Glossary: https://www.digitalshadows.com/blog-and-research/a-glossary-of-cybercriminal-access-offerings/Phillip Wylie Podcast: https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk/special-guest-phillip-wylie-talks-origin-story-bear-wrestling-and-much-more

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick chat with Phillip Wylie about his origin story, his brief foray into professional wrestling, and so much more. This isn’t one to miss!***Resources from this week’s podcast***Grab Phillip’s Book - The Pentester BluePrint: Your Guide to Being a Pentester: https://www.amazon.com/Pentester-BluePrint-Your-Guide-Being/dp/1119684307 Innocent Lives Foundation (@innocentorg): https://www.innocentlivesfoundation.org/donate/ Pwn School project: https://twitter.com/schoolpwn Follow Phillip on Twitter: https://twitter.com/PhillipWylie

ShadowTalk hosts Stefano, Dylan, Adam, and Kim bring you the latest in threat intelligence. This week they cover:- EU slaps sanctions on GRU leader, Fancy Bear- Kim discusses the latest on Ryuk and provides insight on its evolution- Breach against Finnish psychotherapy giant Vastaamo - patients getting targeted for ransom- Plus, a little Halloween fun! Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-30-october-2020 ***Resources from this week’s podcast***Sanctions on Fancy Bear: https://www.cyberscoop.com/eu-gru-fancy-bear-bundestag-russia/Ryuk: https://labs.sentinelone.com/an-inside-look-at-how-ryuk-evolved-its-encryption-and-evasion-techniques/ and https://www.soprasteria.com/newsroom/press-releases/details/cyberattack-information-update Hackers blackmailing patients: https://threatpost.com/vastaamo-hackers-blackmailing-therapy-patients/160536/ NCSAM - Future of Connected Devices: https://www.digitalshadows.com/blog-and-research/cybe

ShadowTalk hosts Kacey, Alec, Austin, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:- SandWorm and its link to Russia’s GRU - what’s their history and what does this mean?- The Darkside ransomware group takes a philanthropic approach to cybercrime- Ryuk leverages Bazar Loader and Zerologon vulnerability in their recent (and very speedy) attack- Plus: The group discusses their favorite WiFi namesGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-23-october-2020 ***Resources from this week’s podcast***GRU Indictment: https://www.justice.gov/opa/press-release/file/1328521/downloadDarkside: https://www.zdnet.com/article/ransomware-gang-donates-part-of-ransom-demands-to-charity-organizations/Ryuk: https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/Charitable Cybercriminals Blog: https://www.digitalshadows.com/blog-and-research/charitable-endeavors-on-cybercriminal-forums/Digital Shadows Da

ShadowTalk hosts Viktoria, Adam, Stefano, and Dylan bring you the latest in threat intelligence. This week they cover:- Microsoft: Derailing trickbot, which threatened the US election- Ransomware: The stories that go unreported and why we should care- Fitbit: Customers data at risk following spyware creation by researchers- “Data” - Can the team resist saying it?Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-16-october-2020 ***Resources from this week’s podcast***Microsoft Take Down: https://www.microsoft.com/security/blog/2020/10/12/trickbot-disrupted/Europol: https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2020Fitbit: https://threatpost.com/fitbit-personal-data-watch-face/160003/ Europol Analysis: https://www.digitalshadows.com/blog-and-research/digital-shadows-analysis-of-europols-cybercrime-report/ NCSA Month Week 2 - Security Devices at Home: https://www.digitalshadow

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick are joined by special guest Marcus Carey. In this episode they cover:- Marcus’s origin story including his time in the Navy and the NSA- The Austin food scene - BBQ is always on the menu- Marcus talks mentoring and helping others find their “superpower”- The team discusses Marcus’s books for children and how to ensure diversity in the workplaceVisit the blog for this episode by Digital Shadows CISO Rick: www.digitalshadows.com/blog-and-research/marcus-carey-joins-shadowtalk/***Resources from this week’s podcast***Twitter: https://twitter.com/marcusjcareyLinkedIn: https://www.linkedin.com/in/marcuscarey/Tribe of Hackers: https://www.tribeofhackers.comAn Anti-Racism Checklist: Supporting Black Employees in Tech https://venturebeat.com/2020/09/19/an-anti-racism-checklist-supporting-black-employees-in-tech/Marcus’s Books on Amazon: https://www.amazon.com/Marcus-J-Carey/e/B07MFWJPGV/ref=dp_byline_cont_book_1

ShadowTalk hosts Kacey, Alec, Charles and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover: - The US Department of Treasury sends a message about negotiating with ransomware operators - APT28 compromises a US federal agency- Foreign spies use fronts to hide cyber espionage operations- Iranian nation-state threat actors leverage Zerologon flaw to carry out attacksGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-09-october-2020 ***Resources from this week’s podcast***Sanctions for ransomware: https://threatpost.com/mixed-sanctions-ransomware-negotiators/159795/APT28: https://www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/Foreign spies: https://www.cyberscoop.com/chinese-iranian-hackers-front-companies/Zerologon: https://threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/Bitcoin vs. Monero Blog: https://www.digitalshadows.com/blog-and-research/bitcoin-vs-monero/

ShadowTalk hosts Adam, Kim, Stefano and Dylan bring you the latest in threat intelligence. This week they cover:- Mount Locker trying to extort 7+ figures from its victims- Old Gremlin - the team talks new activity attributed to this group- REvil looking for new affiliates and flexing with bitcoin - Healthcare hack has severe repercussions - Attackers exploit Zerologon vulnerability - Joker Trojan infects Google Play Store for Android - what we know- Celebrating Cyber Awareness Month with games and moreGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-02-october-2020***Resources from this week’s podcast***Old Gremlin: https://www.group-ib.com/blog/oldgremlin Mount Locker Ransomware: https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game/ REvil Ransomware: https://www.bleepingcomputer.com/news/security/revil-ransomware-deposits-1-million-in-hacker-recruitment-drive/ Zerologon: https

ShadowTalk hosts Kacey, Charles, Alec and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:-A member of TheDarkOverlord was sentenced to multiple years in prison, APT41 members have been charged with computer crimes, and 179 cybercriminals have been arrested for pushing illicit drugs and weapons on criminal marketplaces.-Fancy Bear activity uses NATO training documents for a phishing campaign-Activision suffers a potential data breach - what we know-University Hospital targeted by ransomware attack - the team discusses the falloutGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-25-september-2020 ***Resources from this week’s podcast***Dark Overlord: https://securityaffairs.co/wordpress/108599/cyber-crime/the-dark-overlord-group-member-sentence.html?utm_source=rss&utm_medium=rss&utm_campaign=the-dark-overlord-group-member-sentenceAPT41: https://techcrunch.com/2020/09/16/justice-departm

ShadowTalk hosts Kacey, Charles, and Digital Shadows CISO Rick are joined by Information Security Analyst and author Chris Sanders. The team talk BBQ and Chris’s new book Intrusion Detection Honeypots: Detection through Deception. Resources from the podcast:-Read Rick's Blog Recap: www.digitalshadows.com/blog-and- research/discussing-deception-with-chris-sanders/-Chris’s Book Intrusion Detection Honeypots: Detection through Deception: https://www.amazon.com/Intrusion-Detection-Honeypots- through-Deception-ebook/dp/B08GP8X86L -Rural Tech Fund: https://ruraltechfund.org/mission/ -The Cuckoo’s Egg Course: https://chrissanders.org/training/cuckoosegg/ -Chris's Website: https://chrissanders.org/ -Chris’s Twitter: https://twitter.com/chrissanders88 -Chris’s LinkedIn: https://www.linkedin.com/in/chrissanders88/ -Email Chris at chrissanders.orgAdditional Links:-SANS CTI Summit Keynote Cliff Stoll: https://www.youtube.com/watch? v=1h7rLHNXio8 -The Cuckoo’s Egg by Cliff Stoll: https://www.amazon.com/Cuck

This week, Viktoria is joined by ShadowTalk residents Adam and Kim, and on this episode, they speak to guest Ed Merrett, founder of HackableYou, the cybersecurity podcast. Viktoria speaks to Ed Merrett about why he set up HackableYou, then together the team unpack the latest stories, including:-Magento Online Stores: 1,000 stores affected by card skimming-ZeroLogon (CVE-2020-1472) - Critical severity Vulnerability: Impact & Mitigation-US Election: New campaigns observed targeting political candidatesGet our Weekly Intelligence Summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-18-september-2020To listen to Ed’s podcast, visit HackableYou: https://hackableyou.com/podcast/