Digital Shadows

In this episode, Viktoria interviews Eliza May Austin (CEO & Co-Founder of th4ts3cur1ty.company), and our own Richard Gold and James Chappell on Purple Teaming, a security assessment that combines both blue teaming and red teaming. The team discusses:- How do we make the blue and red teams collaborate better?- Is purple teaming a cost-effective measure when it comes to a less mature organization?- Why Purple Teaming needs to be at the forefront- What systems would you start testing with the purple team approach? - And more! We end the discussion with a quick overview of Eliza’s other passion: Ladies of London Hacking Society.To learn more, check out this episode’s resources:- https://th4ts3cur1ty.company/- Ladies Hacking Society: https://llhs.com/- Purple Team like you’re preparing for war: https://medium.com/@always0ddba1l/purple-team-like-your-preparing-for-war-ea17cd4d4a91- Purple Teaming with Vector, Cobalt Strike, and MITRE ATT&CK: https://www.digitalshadows.com/blog-and-research/purple-teaming-w

Viktoria Austin is joined by Adam Cook and Phil Dohetry this week in the London office to talk about the top story this week: Metasploit Project publishes exploit for Bluekeep bug. Our Photon Research Team tested the Metasploit exploit in their lab environment and has successfully exploited an unpatched Windows 7 machine. “The exploit not only gives the attacker remote access to a target system, but also gives the attacker the highest level of privilege on the target.” - Dr. Richard GoldThe team then shares updates around APT3 and the Silence cybercrime group.To learn more, check out the full weekly intelligence report at https://resources.digitalshadows.com/weekly-intelligence-summary. Interested in more threat intelligence updates? Sign up to receive our weekly updates at https://info.digitalshadows.com/EmailSubscription-Podcast_Reg.html.

Alex, Alec, and Harrison are in the room today discussing 3 top stories from the week. First up - a hacker deploys Ryuk ransomware against the city of New Bedford, Massachusetts, demanding $5.3 million. What was interesting, though, was that the city tried to negotiate with the attackers for a lower ransom of $400k, but the attackers didn’t want it and ended up cutting off communications. Next the guys chat through the suspension of Twitter’s SMS-based tweet function after the news of Twitter CEO Jack Dorsey’s Twitter account was “hacked”. An interesting attack surface incident for phone numbers. Finally the team discusses an exposure incident where 419 million Facebook records were exposed. So “Come on down” and listen to this week’s ShadowTalk. (The guys thought it would be fun to play The Price is Right at the end … do we like it? Let us know what fun questions you want answered each week).Get the weekly intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summaryResources from

Rick Holland and Alex Guirakhoo join Harrison Van Riper this week to talk through more Sodinokibi activity. Just yesterday, a cloud hosting provider for Digital Dental Records was hit with Sodinokibi, apparently affecting around 400 different dental providers around the US. It seems like were hearing about more and more people actually paying out these ransom demands. Do we think it’s just a reporting bias or do we think they’re actually paying out more often? Then the team looks at the Imperva breach, where its Incapsula Web Application Firewall product was inadvertently exposing some data, including email addresses, hashed and salted passwords, API keys and SSL certificates. Google’s Project Zero also discovered a series of 0-day exploits being actively used in the wild targeting iPhones. The team discuses how this will factor into risk models moving forward. We close out with everyone’s top (and weirdest) choices at the Texas State Fair. Yummmmm. Enjoy :) Resources From this Week’s Episode:More Sodinokibi

Brian Neely, CIO and CISO at American Systems and Rick Holland, CISO at Digital Shadows join Harrison for a discussion around how Brian approaches cybersecurity as a defense contractor. American Systems has been delivering complex IT and engineering solutions to national priority programs since 1975 and has some interesting use cases.The group discusses:- Top cybersecurity concerns as a third party defense contractor - Advice for listeners with similar threat models where sophisticated, well-resourced adversaries are targeting your environment- Where digital risk protection comes into play including asset exposure, site impersonation, phishing campaigns, and brand misuse online- Managing 2FA company-wide- And more! Resources from this Episode: 2FA research: https://resources.digitalshadows.com/whitepapers-and-reports/two-factor-in-review

Charles Ragland (a brand new ShadowTalk-er!) and Christian Rencken join Harrison this week to discuss an outbreak of ransomware attacks impacting local government entities across Texas. The team also discusses some phishing attacks that are using custom 404 pages and how Google is starting to remove FTP support from Chrome. They wrap up this episode with the question of the week: Which future technology most worries you from a cyber security perspective? Check out this week’s full intelligence summary at resources.digitalshadows.com Share feedback with us! DM us @digitalshadows on Twitter or email us at messages@digitalshadows.com. Some resources to check out this week:- https://www.bleepingcomputer.com/news/security/hackers-want-25-million-ransom-for-texas-ransomware-attacks/ - https://www.us-cert.gov/ncas/current-activity/2019/08/21/cisa-insights-ransomware-outbreak - https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-using-custom-404-pages/- https://www.bleepingcomputer.com/

What practical steps should organizations and the professionals within them be thinking about in this new world? We have a special two-part series where Rick Holland, VP Intelligence and CISO at Digital Shadows, interviews Bob Anderson, CEO at Cyber Defense Labs and James Chappell, co-founder and Chief Innovation Officer at Digital Shadows.In part 2, the team looks at:- Steps you can take into your programs today as a security or business leader- Advice for boards on how to do to deal with breaches- Knowing your data - What do organizations need to be doing when it comes to understanding and protecting their digital footprint? - Mistakes organizations make in the response stage Bob Anderson’s Bio:Anderson is a former national security executive, serving 20+ years with the Federal Bureau of Investigation (FBI). During this time, Anderson served in several senior level positions, ultimately rising to become executive assistant director of the FBI's Criminal, Cyber, Response and Services Branch where he ove

Harrison is back! Alex and Christian join this week to discuss how Black Hat and DEFCON went last week, analyze the irregularities of the dark web criminal market, Nightmare, and explore the story reported by Krebs on the SEC investigation into the data leak at First American Financial Corp. Shout-out to all of our new listeners - thanks for your interest and let us know what we can do to continue improving the podcast! Check out the blog on Nightmare Market at https://www.digitalshadows.com/blog-and-research/fresh-blow-for-dark-web-markets-nightmare-market-in-disarray/KrebsonSecurity article: https://krebsonsecurity.com/tag/first-american-financial-corp/Find the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-08-aug-15-aug-2019

It seems like we read about new breaches every day. What’s changing? How is exposure and the adoption of digital technology changing the breach landscape? We have a special two-part series where Rick Holland, VP Intelligence and CISO at Digital Shadows, interviews Bob Anderson, CEO at Cyber Defense Labs (https://cyberdefenselabs.com/) and James Chappell, co-founder and Chief Innovation Officer at Digital Shadows. In Part 1, the team looks at:- How the breach landscape has evolved- The role of the dark web in a data breach- Are we seeing more breaches or are they getting reported more?- And other war stories from the folks in the room In Part 2, the team will give guidance and suggestions for enterprises trying to deal with the threat landscape. Stay tuned! ***About Bob Anderson:Anderson is a former national security executive, serving 20+ years with the Federal Bureau of Investigation (FBI). During this time, Anderson served in several senior level positions, ultimately rising to become executive assistant di

Move out of the way, Harrison! We have a brand new host this week: Viktoria Austin, Strategy and Research Analyst, and Photon Research Team member. Viktoria is joined this week by Rose Bernard and Xueyin Peh in the London office. In a malspam campaign, “Sodinokibi” targeted users in Germany using a spoofed Federal Office for Information Security (BSI) email domain and a data breach-themed lure, while in other countries ransomware attacks have been conducted against local government networks and a utility provider.Capital One reported a data breach after an individual accessed an Amazon Web Services (AWS) server used by the organization, cyber espionage operations associated with China-linked “Winnti Group” reportedly targeted chemical and manufacturing organizations in Germany, and a campaign by Chinese state-affiliated threat actor “TA428” dubbed Operation LagTime IT has targeted government entities in East Asia since early 2019.All this and more fun in this week’s ShadowTalk. *Apologies for some audio issue

Thinking about deploying 2FA? In this special interview, our Head of Cyber Security & IT, Craig Ellis, and our Head of Security Engineering, Dr. Richard Gold, chat with Harrison around how they implemented 2FA internally. The guys discuss proper ways to go about implementing 2FA, some of the issues with implementing 2FA, what happens when things break, and other advice they wish they were given before implementing 2FA. Then Rich and Harrison deep dive into our latest paper, Two-Factor in Review, a technical assessment of the most popular mitigation for account takeover attacks. Check out the full report below to read for yourself. Blog on 2FA: https://www.digitalshadows.com/blog-and-research/the-account-takeover-kill-chain-a-five-step-analysis/Report on Account Takeover: https://resources.digitalshadows.com/whitepapers-and-reports/two-factor-in-review

Christian (@Chrencken14) and Travis (@puppyozone) sit down with Harrison (@pseudohvr) to discuss even more BlueKeep updates since last week, as a technical presentation gets uploaded to Github, inching us closer to a full-blown public PoC. the breach and subsequent release of documents from a contractor working with Russia’s FSB intelligence services, and research from the Digital Shadows team about a new marketplace we’ve had our eye on for a few months called Enigma. **Housekeeping note** We’re trying out a new format for the show, and we are keen to get some feedback from you listeners. Tweet @pseudohvr for comments or email messages@digitalshadows.com**Party alert** If you’re heading to Black Hat or Def Con - listen up. We have a party happening Wednesday night of Black Hat at Mandalay Bay you won’t want to miss. It’s right in the middle of the hotel, at Eyecandy Sound Lounge on August 7th, from 7-10pm. Make sure to get on the list before so you avoid the lines: https://info.digitalshadows.com/BlackHat-Se

Director of Threat Intelligence at McDonald’s, Brian Hillegas, speaks with Harrison (@pseudohvr) and CISO Rick Holland (@rickhholland) about where to align your security priorities, the importance of operating cross-functionally in your organization, what the biggest threats are in the cyber landscape at the moment, and what they’re looking forward to at Black Hat and DEF CON this year. The team will be at both events in Vegas this year! Check out what we have planned and RSVP for our party Wednesday night here: https://info.digitalshadows.com/BlackHat2019-Hub.html

Harrison (@pseudohvr), Alex, and Travis (@puppyozone) talk about the recent FaceApp shenanigans and why they’re actually not that shocking as some reports indicate. Researchers indicate that thousands of systems are still vulnerable to the BlueKeep RDP vulnerability. With a public proof of concept yet to be released, could this be the reason why? Finally, Harrison loves some cryptocurrency news, so the guys chat about Facebook’s cryptocurrency head speaking to US lawmakers about Libra and having a not-so-great time.Cyberwire article with Alex:https://thecyberwire.com/podcasts/cw-podcasts-daily-2019-07-17.html Download this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-11-jul-18-jul-2019FaceApp: https://techcrunch.com/2019/07/17/faceapp-responds-to-privacy-concerns/ **Housekeeping note** We’re trying out a new format for the show, and we are keen to get some feedback from you listeners. Tweet @pseudohvr for comments or email messages

Harrison interviews Deputy CISO at Accenture, Jason Lewkowicz, and CISO at Digital Shadows, Rick Holland. The group discusses the importance of working functionally as a security team, cyber response plans, and how to keep your security playbooks up to date. Jason also discusses how his team uses Digital Shadows SearchLight™ within their day to day processes. Heading to Black Hat and/or DefCon? Meet the ShadowTalk team at our party Wednesday night at Eyecandy Sound Lounge. Details and guest list here: https://info.digitalshadows.com/BlackHat-SecurityLeadersParty2019.html?SourceCode=shadowtalk

Kacey (@sudosu_kacey) and Alex join Harrison (@pseudohvr) to walk through this week’s threat intelligence stories. Alex walks us through the highlight story this week: TA505 uses new tools, old tactics in global attacks. Kacey then digs into the zero-day vulnerability identified in Zoom’s macOS software. We also discuss new Magecart activity, the Sodinokibi ransomware, and what our ShadowTalk-ers would name their own ransomware. Get the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-04-jul-11-jul-2019

Harrison (@pseudohvr) is joined by Digital Shadows co-founder and Data Privacy Officer, James Chappell (@jimmychappell), as well as CISO Rick Holland (@rickhholland), to discuss the news this week around Marriott’s GDPR fines. The team talks through initial thoughts and observations, what it means for global privacy and regulation, and what we can expect moving forward.  And if you have examples of best practices around breach notification, hit up our Photon Research team on twitter (@photon_research). Look out for a blog post in the coming weeks around this.

This week Alex and Phil join Harrison to discuss Operation Soft Cell, a campaign that has been actively compromising telecommunications organizations since early 2017. Other highlights from the week include focus on a new cyber espionage campaign, known as Operation BouncingGolf, targeting Middle Eastern individuals’ mobile devices; the Russia-associated threat group “Turla”, which has demonstrated new tools and capabilities in three campaigns; and media allegations that the United States Cyber Command has targeted Iranian espionage groups. The team ends the week with a discussion around some new research Alex put out around Libra cryptocurrency impersonations. Check out Alex’s blog at https://www.digitalshadows.com/blog-and-research/facebooks-libra-cryptocurrency-cybercriminals-tipping-the-scales-in-their-favor/Full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-20-jun-27-jun-2019.Heads-up, we’ll be off for the 4th of July next week, but c

This week Alex and Jamie (@TheCollierJam) chat with Harrison (@pseudohvr) on a cyber-threat campaign involving the abuse of legitimate features in Google Calendar. Then they dive into other highlights from the week including the expansion of sector targeting by destructive threat group “Xenotime”, exploitation of a vulnerability affecting Exim email servers, and continued targeting of the transportation sector by the Iran-associated threat group “APT39”. Then we hear Part II of Rick Holland (@rickhholland) and Harrison’s interview with Ryan Kovar (@meansec) of Splunk. This time they talk about badass women in cybersecurity, mentorship, and how to become a bigger advocate for diversity in infused. A must listen. Get the weekly intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-13-jun-20-jun-2019.

This week Harrison (@pseudohvr) is joined by Travis (@puppyozone) and Alec to discuss the security stories of the week including a fileless malware attack delivers cryptocurrency miner to China, a return from FIN8 with a backdoor for the hospitality industry, a popular flaw exploited in a tailored spam campaign, and MuddyWater expanding tactic repertoire in Middle Eastern attacks. Then Digital Shadows CISO Rick Holland (@rickhholland) joins Harrison to chat with principal security strategist at Splunk, Ryan Kovar (@meansec) on Ryan's research around machine learning and attacks against Office 365. Download the full Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-06-jun-13-jun-2019Blog on Infosec Burnout: https://www.digitalshadows.com/blog-and-research/managing-infosec-burnout-the-hidden-perpetrator/