Digital Shadows

This week’s host Kacey is joined by Charles and Alec to bring you the latest in threat intelligence. In this episode they cover: - Visa issues a warning about new credit card skimmer “Baka”- Epic Manchego - Atypical malicious document delivery- What is Smaug and how does it operate?- Emotet - are there new developments and why did France send an advisory?Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-11-september-2020 ***Resources from this week’s podcast***Baka: https://www.bleepingcomputer.com/news/security/visa-warns-of-new-baka-credit-card-javascript-skimmer/Epic Manchego: https://blog.nviso.eu/2020/09/01/epic-manchego-atypical-maldoc-delivery-brings-flurry-of-infostealers/Smaug: https://labs.sentinelone.com/multi-platform-smaug-raas-aims-to-see-off-competitors/France warns of Emotet: https://www.bleepingcomputer.com/news/security/france-warns-of-emotet-attacking-companies-administration/ Similar Advisories from Japan & NZ: https

Adam, Kim, Demelza and Stefano discuss the latest threat intel updates. On this episode, they cover:- New Zealand Stock Exchange DDoS attacks: Services affected & extent of impact- Tesla employee thwarts cyberattack: Developments & internal threats- Pioneer Kitten observed monetizing cyber activity- Information about Slack vulnerability:- Tor projects launch membership program: why & what does this mean?Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-04-september-2020***Resources from this week’s podcast***DDos Extortion: https://www.welivesecurity.com/2020/08/27/ddos-extortion-campaign-targets-financial-firms-retailers/Russian National Arrest: https://www.justice.gov/opa/press-release/file/1308766/downloadPioneer Kitten: https://www.crowdstrike.com/blog/who-is-pioneer-kitten/Remote Code Execution: https://hackerone.com/reports/783877 The Tor Project: https://blog.torproject.org/tor-project-membership-

ShadowTalk hosts Kacey, Alec, Charles, and Rick bring you the latest in threat intel. In this week’s episode they cover:- The Department of the Treasury, FBI, and the US Cyber Command issue an alert about North Korea's BeagleBoyz - what do we know and what does it mean?- DarkSide operation discovered attacking companies with ransom demands up to $2 Million- Charles discusses DeathStalker kill chain and their targets- Alec talks spy stories and potential internal threats to companiesGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-28-august-2020 ***Resources from this week’s podcast***BeagleBoyz: https://us-cert.cisa.gov/ncas/alerts/aa20-239aDarkSide: https://www.bleepingcomputer.com/news/security/darkside-new-targeted-ransomware-demands-million-dollar-ransoms/DeathStalker: https://securelist.com/deathstalker-mercenary-triumvirate/98177/Spy Story: https://www.zdnet.com/article/russian-arrested-for-trying-to-recruit-an-insider-and-hack-

ShadowTalk hosts Alex and Digital Shadows CISO, Rick, talk to special guest David about his beginnings in the cybersecurity space, the Pyramid of Pain, and threat hunting.Pyramid of Pain: https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.htmlDavid’s Twitter: https://twitter.com/DavidJBiancoDavid’s Sans Profile: https://www.sans.org/profiles/david-bianco/

ShadowTalk hosts Viktoria, Adam, Dylan, and Stefano bring you the latest in threat intel. In this week’s episode they cover:- The ever-popular Emotet - does this dangerous malware have a vaccine? Adam and the team discuss how researchers found a cure.- What is the Drovorub malware and what is it trying to achieve?- Takeaways from the U.S. Army’s report on North Korean tactics - what do we know about North Korea’s cyber activity and Bureau 121?Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-21-august-2020***Resources from this week’s podcast***Emotet: https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/Drovorub: https://www.fbi.gov/news/pressrel/press-releases/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecurity-advisoryBureau 121: https://www.documentcloud.org/documents/7038686-US-Army-report-on-North-Korean-military.htmlOptiv CTIE Report: https://resources.digital

Alex, Kacey, and Charles host this week’s ShadowTalk, bringing you the latest in threat intelligence. In this episode they cover:- Defaced subreddits - which accounts were impacted and what was the cause?- An Intel Leak was exposed by a Twitter user - what was exposed and how did it happen?- Troy Hunt's announcement on open-sourcing HIBP - our take on how it will improve the community at largeGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-14-august-2020***Resources from this week’s podcast***Reddit: https://www.reddit.com/r/ModSupport/comments/i5hhtf/ongoing_incident_with_compromised_mod_accounts/ https://www.bleepingcomputer.com/news/security/reddit-hit-by-coordinated-hack-promoting-trumps-reelection/Twitter Intel Leak: https://www.infosecurity-magazine.com/news/intel-investigates-20gb-internal/HIBP: https://www.troyhunt.com/im-open-sourcing-the-have-i-been-pwned-code-base/Escrow Systems On Cybercriminal Forums Blog: https://

In this week’s episode, Viktoria is joined by Kim, Dylan and Demelza to discuss:- Ransomware negotiations between CWT and cyberattackers- Impact and severity of passwords leaked for 900+ pulse secure enterprise servers to criminal forum- The Ghostwriter/disinformation campaign overview: series of disinformation campaigns, aligned to Russian security interests - activity and attribution- EU issues first sanctions against Russian and Chinese cyber actors: Impact, effectiveness and reasoning behind thisGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-07-august-2020***Resources from this week’s podcast***CWT: https://uk.reuters.com/article/uk-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUKKCN24W26PPulse Secure VPN: https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/#ftag=RSSbaffb68EU Sanctions: https://www.gov.uk/government/news/foreign-secretary-welcomes-f

On this ShadowTalk hosts Viktoria and James talk to special guest Geoff about his best selling book Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global and beyond that, themes within cybercrime, from the commodification of personal data to cybercrime tactics and tools. Find Geoff’s book here: https://www.amazon.co.uk/Crime-Dot-Com-Viruses-Rigging/dp/1789142857Visit Geoff’s website: https://geoffwhite.tech/

This week it’s a full house with ShadowTalk hosts Alex, Kacey, Charles, Alec and Rick. During this episode they cover:- Garmin ransomware attacks - what happened?- Kacey talks QSnatch malware - history and new alerts- Stage 2 from ShinyHunters and the 50 high profile organizations that had information leakedGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-31-july-2020***Resources from this week’s podcast***Garmin ransomware: https://www.zdnet.com/article/garmins-outage-ransomware-attack-response-lacking-as-earnings-loom/ QSnatch malware: https://www.zdnet.com/article/cisa-says-62000-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware/#ftag=RSSbaffb68 ShinyHunters: https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/

This week’s ShadowTalk hosts Adam, Demi, Stefano and Kim discuss the latest threat intelligence stories. In this episode they cover:-Trickbot trojan mishap causes wide-spread warnings, alerting users of threatening activity-Dangerous malware Emotet resurges and partners with Trickbot to infect a large number or users-Twitter takeover updates - what we know so far-NCSC advisory about APT29 targeting Covid-19 vaccine research -APT35 footage surfaces, exposing the group’s informationGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-24-july-2020***Resources from this week's podcast***NCSC: https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development Twitter Updates: https://www.bleepingcomputer.com/news/security/coinbase-blocked-twitter-hackers-from-stealing-an-extra-280k/ Emotet: https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/APT35: https://www.wired.com/st

This week’s ShadowTalk hosts Alex, Kacey, and Alec discuss the latest threat intelligence stories. In this epic episode they cover:-Top Twitter accounts that were accessed to promote a Bitcoin scam -Threat Intel platform Data Viper gets breached in revenge attack by threat actor NightLion -Updates on cybercriminal forum CryptBB - where are they now and what does the future hold?Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-17-july-2020***Resources from this week’s podcast***Twitter attack https://twitter.com/TwitterSupport/status/1283518038445223936?s=20 Data Viper breach https://krebsonsecurity.com/2020/07/breached-data-indexer-data-viper-hacked/ CryptBB blog by DS Photon Team https://www.digitalshadows.com/blog-and-research/cryptbb-demystifying-the-illusion-of-the-private-forum/

This week, Digital Shadows team Viktoria, Demelza, Adam and Stefano cover:-PAN-OS Vulnerability (CVE-2020-2021): Impact & Mitigation-Magecart Developments: Lazarus Group tied to Magecart-FBI arrests “Hushpuppi” for alleged BEC Cybercrime Scheme-Photon ATO Research: Overview + Key takeawaysGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10-july-2020

Alex, Kacey, Charles and Rick host this week’s ShadowTalk to bring you the latest threat intelligence stories. This week they cover: Torigon - What was Torigon and how did it fail to survive?Nulledflix - The Nulled-focused streaming service taken down immediately for maintenanceBlueLeaks exposing private law enforcement filesDevSecOps and how it can be useful to your organizationGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-26-june-2020Plus, check out this page for more on DevSecOps: https://www.digitalshadows.com/blog-and-research/devsecops-modern-software-development/To learn more about DevSecOps product updates in SearchLight, check out the webinar at: https://resources.digitalshadows.com/webinars/outside-in-intelligence-for-devsecops-digital-shadows***Resources From This Week***Torigon: https://www.digitalshadows.com/blog-and-research/torigon-forum/Nulledflix: https://www.digitalshadows.com/blog-and-research/nulledflix-

CISO Rick Holland and Host Alex Guirakhoo chat with this week's special guest Tom Schmitt, Global Director of Threat Intelligence at Anheuser-Busch InBev. They discuss Tom’s origin in the Cyber Threat Intelligence space and get his insight on TITO (or “Threat, Infrastructure, Targets, and Outcomes”), a platform and data-agnostic threat intelligence framework.Learn more about TITO at https://github.com/TITO-Threat-Intel/TITO-Framework

Demelza, Viktoria, Adam, and Stefano host this week’s ShadowTalk to bring you the latest threat intelligence stories from the week. This week they cover:- Honda technical details - cyber attack- LookBack, FlowCloud similarities point to a single perpetrator of utility attacks - TA410- Delivery of malware through cloud storage Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Recruiting Moderators on Cybercriminal Forums: https://www.digitalshadows.com/blog-and-research/recruiting-moderators-on-cybercriminal-forums/Reducing Technical Leakage: https://www.digitalshadows.com/blog-and-research/reducing-technical-leakage-detecting-software-exposure-from-the-outside-in/

CISO Rick Holland and Host Alex Guirakhoo chat with Alex Pinto from Verizon around the Verizon DBIR. They talk through Pinto’s background, how the Verizon DBIR gets put together, findings from this year’s report, and of course, the best jokes found (or not found) in this year’s report.Get the full DBIR at https://enterprise.verizon.com/resources/reports/dbir/And check out Rick’s Blog here: https://www.digitalshadows.com/blog-and-research/2020-verizon-data-breach-investigations-report-dbir-ciso-view/

Alex is joined by Kacey and Charles this week to chat through the top threat intel stories of the week. This week’s highlights include: - Zorab Ransomware Disguised as STOP Djvu Ransomware- Endgame: New DDoS protection tool advertised on the dark web- Sodinokibi Ransomware Group updates and Maze ransomware allianceGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-12-june-2020***Resources From this Week***Endgame DDoS tool on dark web: https://www.digitalshadows.com/blog-and-research/ddos-attacks-dark-web-endgame/

Pietro, Viktoria, Adam, and Demelza cover this week’s top threat intelligence stories, including a Hacktivist group choosing destruction over profit with ransomware.Other stories this week include- EasyJet breach- Collection 1 Hacker Identified- Fin7 Member Arrested- iOS Mail App VulnerabilityCheck out more in this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-29-may-2020***Resources From this Week***Dark Web Digest Recording: https://resources.digitalshadows.com/webinars/dark-web-digest-gaining-valuable-threat-intel-from-cybercriminal-forums-webinar

CISO Rick Holland kicks off this episode walking us through key findings and his take from the just-released 2020 Verizon DBIR.Then the team covers other top stories from the week including:- The new threat group, ShinyHunters, exposing at least 18 companies- Phishing trends organizations should watch out for - Sodinokibi targets Grubman, Shire, Meiselas & Sacks law firm, threatens to release data unless a USD 24 million extortion payment is metShout-out to this week’s ShadowTalk-ers: Kacey, Charles, Rick, and AlexGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-22-may-2020***Resources from this Week***Rick’s DBIR Blog: https://www.digitalshadows.com/blog-and-research/2020-verizon-data-breach-investigations-report-dbir-ciso-view/Kacey’s Phishing Blog: https://www.digitalshadows.com/blog-and-research/3-phishing-trends-organizations-should-watch-out-for/Ecosystem of Phishing: https://www.digitalshadows.com/blog-and-research

Physician-Scientist, Dr. Pratik Sinha, joins CEO and co-founder, Alastair Paterson, and CISO, Rick Holland, for this special guest episode of ShadowTalk. The group walks through Al and Pratik’s recent research together around contact tracing. They look at:- What is contact tracing and how does it work?- How have we done contact tracing in previous pandemics and will it work for COVID-19?- Privacy Risks and balancing the tradeoff between health and privacy- Big TechRead the full blog from Al and Pratik at https://www.digitalshadows.com/blog-and-research/contact-tracing-can-big-tech-come-to-the-rescue-and-at-what-cost/You can find Pratik on Twitter @progdoctalk or at https://profiles.ucsf.edu/pratik.sinha