Digital Shadows

Alex, Kacey, and Charles host this week’s ShadowTalk, bringing you the latest in threat intelligence. In this episode they cover:- Defaced subreddits - which accounts were impacted and what was the cause?- An Intel Leak was exposed by a Twitter user - what was exposed and how did it happen?- Troy Hunt's announcement on open-sourcing HIBP - our take on how it will improve the community at largeGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-14-august-2020***Resources from this week’s podcast***Reddit: https://www.reddit.com/r/ModSupport/comments/i5hhtf/ongoing_incident_with_compromised_mod_accounts/ https://www.bleepingcomputer.com/news/security/reddit-hit-by-coordinated-hack-promoting-trumps-reelection/Twitter Intel Leak: https://www.infosecurity-magazine.com/news/intel-investigates-20gb-internal/HIBP: https://www.troyhunt.com/im-open-sourcing-the-have-i-been-pwned-code-base/Escrow Systems On Cybercriminal Forums Blog: https://

In this week’s episode, Viktoria is joined by Kim, Dylan and Demelza to discuss:- Ransomware negotiations between CWT and cyberattackers- Impact and severity of passwords leaked for 900+ pulse secure enterprise servers to criminal forum- The Ghostwriter/disinformation campaign overview: series of disinformation campaigns, aligned to Russian security interests - activity and attribution- EU issues first sanctions against Russian and Chinese cyber actors: Impact, effectiveness and reasoning behind thisGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-07-august-2020***Resources from this week’s podcast***CWT: https://uk.reuters.com/article/uk-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUKKCN24W26PPulse Secure VPN: https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/#ftag=RSSbaffb68EU Sanctions: https://www.gov.uk/government/news/foreign-secretary-welcomes-f

On this ShadowTalk hosts Viktoria and James talk to special guest Geoff about his best selling book Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global and beyond that, themes within cybercrime, from the commodification of personal data to cybercrime tactics and tools. Find Geoff’s book here: https://www.amazon.co.uk/Crime-Dot-Com-Viruses-Rigging/dp/1789142857Visit Geoff’s website: https://geoffwhite.tech/

This week it’s a full house with ShadowTalk hosts Alex, Kacey, Charles, Alec and Rick. During this episode they cover:- Garmin ransomware attacks - what happened?- Kacey talks QSnatch malware - history and new alerts- Stage 2 from ShinyHunters and the 50 high profile organizations that had information leakedGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-31-july-2020***Resources from this week’s podcast***Garmin ransomware: https://www.zdnet.com/article/garmins-outage-ransomware-attack-response-lacking-as-earnings-loom/ QSnatch malware: https://www.zdnet.com/article/cisa-says-62000-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware/#ftag=RSSbaffb68 ShinyHunters: https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/

This week’s ShadowTalk hosts Adam, Demi, Stefano and Kim discuss the latest threat intelligence stories. In this episode they cover:-Trickbot trojan mishap causes wide-spread warnings, alerting users of threatening activity-Dangerous malware Emotet resurges and partners with Trickbot to infect a large number or users-Twitter takeover updates - what we know so far-NCSC advisory about APT29 targeting Covid-19 vaccine research -APT35 footage surfaces, exposing the group’s informationGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-24-july-2020***Resources from this week's podcast***NCSC: https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development Twitter Updates: https://www.bleepingcomputer.com/news/security/coinbase-blocked-twitter-hackers-from-stealing-an-extra-280k/ Emotet: https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/APT35: https://www.wired.com/st

This week’s ShadowTalk hosts Alex, Kacey, and Alec discuss the latest threat intelligence stories. In this epic episode they cover:-Top Twitter accounts that were accessed to promote a Bitcoin scam -Threat Intel platform Data Viper gets breached in revenge attack by threat actor NightLion -Updates on cybercriminal forum CryptBB - where are they now and what does the future hold?Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-17-july-2020***Resources from this week’s podcast***Twitter attack https://twitter.com/TwitterSupport/status/1283518038445223936?s=20 Data Viper breach https://krebsonsecurity.com/2020/07/breached-data-indexer-data-viper-hacked/ CryptBB blog by DS Photon Team https://www.digitalshadows.com/blog-and-research/cryptbb-demystifying-the-illusion-of-the-private-forum/

This week, Digital Shadows team Viktoria, Demelza, Adam and Stefano cover:-PAN-OS Vulnerability (CVE-2020-2021): Impact & Mitigation-Magecart Developments: Lazarus Group tied to Magecart-FBI arrests “Hushpuppi” for alleged BEC Cybercrime Scheme-Photon ATO Research: Overview + Key takeawaysGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10-july-2020

Alex, Kacey, Charles and Rick host this week’s ShadowTalk to bring you the latest threat intelligence stories. This week they cover: Torigon - What was Torigon and how did it fail to survive?Nulledflix - The Nulled-focused streaming service taken down immediately for maintenanceBlueLeaks exposing private law enforcement filesDevSecOps and how it can be useful to your organizationGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-26-june-2020Plus, check out this page for more on DevSecOps: https://www.digitalshadows.com/blog-and-research/devsecops-modern-software-development/To learn more about DevSecOps product updates in SearchLight, check out the webinar at: https://resources.digitalshadows.com/webinars/outside-in-intelligence-for-devsecops-digital-shadows***Resources From This Week***Torigon: https://www.digitalshadows.com/blog-and-research/torigon-forum/Nulledflix: https://www.digitalshadows.com/blog-and-research/nulledflix-

CISO Rick Holland and Host Alex Guirakhoo chat with this week's special guest Tom Schmitt, Global Director of Threat Intelligence at Anheuser-Busch InBev. They discuss Tom’s origin in the Cyber Threat Intelligence space and get his insight on TITO (or “Threat, Infrastructure, Targets, and Outcomes”), a platform and data-agnostic threat intelligence framework.Learn more about TITO at https://github.com/TITO-Threat-Intel/TITO-Framework

Demelza, Viktoria, Adam, and Stefano host this week’s ShadowTalk to bring you the latest threat intelligence stories from the week. This week they cover:- Honda technical details - cyber attack- LookBack, FlowCloud similarities point to a single perpetrator of utility attacks - TA410- Delivery of malware through cloud storage Get this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources From this Week***Recruiting Moderators on Cybercriminal Forums: https://www.digitalshadows.com/blog-and-research/recruiting-moderators-on-cybercriminal-forums/Reducing Technical Leakage: https://www.digitalshadows.com/blog-and-research/reducing-technical-leakage-detecting-software-exposure-from-the-outside-in/

CISO Rick Holland and Host Alex Guirakhoo chat with Alex Pinto from Verizon around the Verizon DBIR. They talk through Pinto’s background, how the Verizon DBIR gets put together, findings from this year’s report, and of course, the best jokes found (or not found) in this year’s report.Get the full DBIR at https://enterprise.verizon.com/resources/reports/dbir/And check out Rick’s Blog here: https://www.digitalshadows.com/blog-and-research/2020-verizon-data-breach-investigations-report-dbir-ciso-view/

Alex is joined by Kacey and Charles this week to chat through the top threat intel stories of the week. This week’s highlights include: - Zorab Ransomware Disguised as STOP Djvu Ransomware- Endgame: New DDoS protection tool advertised on the dark web- Sodinokibi Ransomware Group updates and Maze ransomware allianceGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-12-june-2020***Resources From this Week***Endgame DDoS tool on dark web: https://www.digitalshadows.com/blog-and-research/ddos-attacks-dark-web-endgame/

Pietro, Viktoria, Adam, and Demelza cover this week’s top threat intelligence stories, including a Hacktivist group choosing destruction over profit with ransomware.Other stories this week include- EasyJet breach- Collection 1 Hacker Identified- Fin7 Member Arrested- iOS Mail App VulnerabilityCheck out more in this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-29-may-2020***Resources From this Week***Dark Web Digest Recording: https://resources.digitalshadows.com/webinars/dark-web-digest-gaining-valuable-threat-intel-from-cybercriminal-forums-webinar

CISO Rick Holland kicks off this episode walking us through key findings and his take from the just-released 2020 Verizon DBIR.Then the team covers other top stories from the week including:- The new threat group, ShinyHunters, exposing at least 18 companies- Phishing trends organizations should watch out for - Sodinokibi targets Grubman, Shire, Meiselas & Sacks law firm, threatens to release data unless a USD 24 million extortion payment is metShout-out to this week’s ShadowTalk-ers: Kacey, Charles, Rick, and AlexGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-22-may-2020***Resources from this Week***Rick’s DBIR Blog: https://www.digitalshadows.com/blog-and-research/2020-verizon-data-breach-investigations-report-dbir-ciso-view/Kacey’s Phishing Blog: https://www.digitalshadows.com/blog-and-research/3-phishing-trends-organizations-should-watch-out-for/Ecosystem of Phishing: https://www.digitalshadows.com/blog-and-research

Physician-Scientist, Dr. Pratik Sinha, joins CEO and co-founder, Alastair Paterson, and CISO, Rick Holland, for this special guest episode of ShadowTalk. The group walks through Al and Pratik’s recent research together around contact tracing. They look at:- What is contact tracing and how does it work?- How have we done contact tracing in previous pandemics and will it work for COVID-19?- Privacy Risks and balancing the tradeoff between health and privacy- Big TechRead the full blog from Al and Pratik at https://www.digitalshadows.com/blog-and-research/contact-tracing-can-big-tech-come-to-the-rescue-and-at-what-cost/You can find Pratik on Twitter @progdoctalk or at https://profiles.ucsf.edu/pratik.sinha

We're pleased to have a special guest, Steve Marshall, CISO and Head of Cyber Consulting at Bytes- a Software Licensing Reseller & IT Security Services.in this special episode, Steve Marshall, Viktoria Austin, and James Chappell look at the industry at a macro level - delving into stories and themes that have changed how we communicate, how we work, securely, but also what the future of remote working looks like. In the UK and across the world, remote working has become - for many - the new norm. But how prepared were organizations for this change? Likewise, on the supplier side, were the technologies - such as video communications, ISP providers - prepared for this? What does the future of working look like now? For more threat intelligence resources around COVID-19, please visit https://resources.digitalshadows.com/coronavirus-threat-intelligence-resourcesThanks for listening and special shout out to Steve for joining. Cheers!

The team starts this week’s episode with a retrospective look at WannaCry, discussing some core lessons learned from this ransomware attack. Viktoria, Demelza, Adam, and Jamie then dig through other top stories including:- A wordpress plugin vulnerability - WeLeakData[.]com compromised with the hackers’ messages leaked- BitBazaar Dark Web Market deception and manipulationGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary***Resources this Week***BitBazaar: https://www.digitalshadows.com/blog-and-research/bitbazaar-market-deception-and-manipulation-on-the-dark-web/

This week Alex chats with Kacey, Charles, and Rick around competitions we’ve been seeing on English-language cybercriminal forums and how they compare to the ones on Russian-language forums, purple teaming, and how a hacker bribed a ‘Roblox’ insider to access user data. And finally… our thoughts on Elon Musk’s new baby’s name. Thanks for listening and stay safe out there!***Resources from This Week***Competitions on English-Language Forums: https://www.digitalshadows.com/blog-and-research/competitions-english-language-cybercriminal-forums/Hacker Bribed 'Roblox' Insider to Access User Data: https://www.vice.com/en_us/article/qj4ddw/hacker-bribed-roblox-insider-accessed-user-data-reset-passwordsSANs Webinar: https://www.sans.org/webcasts/security-leadership-managing-turbulent-times-presented-summits-113310

We’ve got a very special episode for you this week with Hacker Valley Studio guests Ron Eddings and Chris Cochran. CISO Rick Holland and Threat Researcher Alex Guirakhoo chat with Ron and Chris about their backstories and how they got into cybersecurity, their favorite topics from Hacker Valley Studio, and the human element of cybersecurity programs. You can find Ron and Chris at hackervalley.studio or on Twitter @TheHackerValley. And be sure to check out their LinkedIn to give them a vote for the Best New Cybersecurity Podcast for the EU Cybersecurity Blogger Awards! Thanks for listening and have a great week.

Jamie, Adam, and Demelza join Viktoria for this week’s threat intelligence updates.Top stories this week include:- Vulnerability allowed hijacking of Microsoft Teams account with a GIF- APT32 seeks pandemic intel from Wuhan government, Chinese ministry- Microsoft Intelligence team report on uptick in ransomwareCheck out our intelligence summary for more details here: https://resources.digitalshadows.com/weekly-intelligence-summary***Resources from this week***Charitable Endeavors on Cybercriminal Forums: https://www.digitalshadows.com/blog-and-research/charitable-endeavors-on-cybercriminal-forums/Krebs article that features our blog: https://krebsonsecurity.com/2020/04/how-cybercriminals-are-weathering-covid-19/SANS Webinar with Rick Holland: https://www.sans.org/webcasts/security-leadership-managing-turbulent-times-presented-summits-113310Microsoft Blog on Uptick in Ransomware: https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-re