Digital Shadows

Rafael Amado and Michael Marriott discuss how the criminal underground has evolved since the demise of AlphaBay and Hansa. No single marketplace has managed to fill the AlphaBay-shaped gap left behind, at least among the English-speaking community. Existing sites such as Dream and Trade Route have failed to consolidate this empty space, hampered by a combination of poor communication by administrators and suspicion that these sites could be police honeypots like Hansa had been. Grab a copy of our report to read more: https://info.digitalshadows.com/SeizeandDesistReport-Podcast.html

In today’s edition of Shadow talk, Dr Richard Gold joins us to discuss the return of the L0pht hackers. In 1998 the L0pht members delivered a cybersecurity hearing to the United States Senate, warning that any one person in their group could take down the Internet within 30 minutes. 20 years on, we look back on what has and hasn’t changed in the world of information security. In Part II, the team covers recent reporting on the use of military-style tactics such as war gaming and intelligence fusion centres in the financial services industry. We ask whether such tactics are effective, and whether smaller organizations can also employ the techniques being used by some of the world’s largest enterprises.

In this week’s Shadow Talk, the pod unpacks the reporting on VPN Filter, a malware affecting half a million network devices. Reports have suggested that the malware is being prepped to perform imminent large scale disruptive attacks against Ukrainian infrastructure. We also cover new research on the TRITON malware targeting industrial control and SCADA systems, as well as new techniques for the Roaming Mantis malware family. Finally, we bring you updates on vulnerabilities related to VBScript and the Spectre/Meltdown attacks.

In this week’s episode of Shadow Talk, Digital Shadows’ Head of Security Engineering, Dr Richard Gold, joins the pod to explain the EFAIL vulnerability affecting Open PGP and S-MIME, as well as other flaws identified in encrypted messaging platforms. Dr Gold also outlines the the factors you should be considering to prioritize your patching. In part two, we look at the $15 million theft in Mexico and outline the risks facing interbank payment systems.

In this week’s episode Shadow Talk we look at the Winnti Umbrella group, asking what this means for organizations. We discuss vulnerabilities in Microsoft Office (CVE-2018-8174) and basestriker. And, finally, we outline the fall out surrounding the Olympus dark web marketplace.

In this week’s episode Shadow Talk, it’s a vulnerability extravaganza. We cover malicious use of legitimate software, as APT28 attributed to hijacking LoJack and Blackrouter delivered via AnyDesk software. Vulnerabilities found (and exploited) in GPON home routers, and Loki Bot exploits two remote code execution vulnerabilities in Microsoft Office (CVE-2017-8570 and CVE-2018-0802).

In this week’s episode of Shadow Talk, we cover the targeting of healthcare organizations by Orangeworm, BGP hijacking, vulnerabilities in MikroTik routers, DDoS market shutdowns, and the profitability of cryptocurrency mining.

In this week’s episode of Shadow Talk, we cover Russia’s attempts to ban the social messaging app, and also read between the lines of the joint US and UK advisory on network infrastructure compromises by Kremlin-backed actors. We also outline new ransomware payloads incorporated into the Magnitude exploit kit and we bring you the latest news on vulnerabilities in the Drupal Platform and Cisco’s Webex software.

This week’s Shadow Talk discusses a Cisco Smart Install Client flaw exploited in disruption attack, an information leak vulnerability discovered in Microsoft Outlook, details on OpIcarus and OpIsrael, Verizon DBIR, and why you still should be excited about the RSA Conference.

Rafael Amado and Michael Marriott join this week’s Shadow Talk, taking a deep dive into our recent report “Too Much Information”. The research discovered over 1.5 billion files from a host of services, including Amazon S3 buckets, rsync, SMB, FTP, NAS drives, and misconfigured websites. To learn more, download the full report at https://info.digitalshadows.com/FileSharingDataExposureResearch-Podcast.html.

This week’s Shadow Talk discusses what the re-emergence of WannaCry, exposure of Aggregate IQ data, exposure of 1.5 billion files through misconfigured services, as well as lessons learned from the Panera breach, an emerging new criminal market, and much more.

This week’s Shadow Talk discusses what the Cambridge Analytica revelations mean for disinformation and personal privacy, updates to Trickbot, Zeus Panda and Remnit trojans, City of Atlanta suffers from ransomware attack, and Dragonfly campaign attribution to Russian Government.

This week’s Shadow Talk outlines the latest techniques in tax return fraud, claimed vulnerabilities in AMD chips, Slingshot malware targeting Mikrotik routers, and Greenflash Sundown Exploit Kit delivering Hermes ransomware. Watch our webinar with the FBI on the latest ransomware threats here: https://info.digitalshadows.com/FBIRansomwareThreats-WebinarOnDemand-ShadowTalk.html

Digital Shadows’ Research team discusses record DDoS attacks using Memcached servers, disinformation campaigns, a proof of concept exploit for the Spectre vulnerability, and new details of a historical network intrusion affecting the German government.

The Digital Shadows research team provides an overview of the latest news this week, including CVE-2018-4878 that’s now being used in a spam campaign, 23,000 website certificates set to be revoked, Memecached Server Used for DDoS Reflection, and updates on SamSam and DataKeeper ransomware variants.

The Digital Shadows research team provides an overview of the latest news this week, including new SWIFT attacks, more Business Email Compromise activity, the return of extortionist “thedarkoverlord”, Sam Sam and Saturn ransomware variants, and new reporting on APT-37.

The Digital Shadows Research team provides our analysis of the fascinating Lazarus Group, attacks on the Winter Olympics opening ceremony, the problems with attribution, the theft of $170 million from the Bitgrail exchange, and two newly discovered Outlook vulnerabilities.

The Digital Shadows Research team provides our analysis of the espionage-driven campaign Operation Pzchao, an Adobe zero-day vulnerability, malware in Winter Olympics spearphishing campaign, a WordPress denial of service vulnerability, and the takedown of the notorious “Infraud Forum”.

The Digital Shadows Research team discuss how criminal actors have capitalized on the increased interest in cryptocurrencies. The podcast looks at different approaches to mining fraud, account takeover and Initial Coin Offering fraud. Download a copy of the research here: https://info.digitalshadows.com/TheNewGoldRushCryptocurrency-Podcast.html

The Digital Shadows Research team provides our analysis of the $530 million Coincheck cryptocurrency heist, recent DDoS attacks against Dutch financial services organizations, renewed OpCatalunya activity, updates on the Spectre and Meltdown flaws, and a potentially serious vulnerability affecting Cisco VPNs.