Digital Shadows

In this episode of ShadowTalk, host Chris, along with Fearghal and Kim, discuss the latest news in cyber security and threat research. Topics include:An overview of the critical severity vulnerabilities affecting ConnectWise, patch now!ReliaQuest research into Browser Credential Dumping attacksThe latest in the world of ransomwareUpdate to National Institute of Standards and Technology (NIST) frameworkResources:https://www.reliaquest.com/blog/browser-credential-dumping/ 

In this episode of ShadowTalk, host Chris, along with Ivan, Caroline, and one of ReliaQuest's CISOs Rick, discuss the latest news in cyber security and threat research. This week's topics include:Lockbit return following law enforcement operationRecent Structured Analytical Technique (SAT) exercises ran by ReliaQuestThe Optum Breach and what you need to know'SubdoMailing' malvertising campaign leveraging compromised domainsResources:https://www.reliaquest.com/blog/lockbit-taken-down-what-comes-next/https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/

In this episode of ShadowTalk, host Chris, along with Brian, Kim, and one of ReliaQuest's CISOs Rick, discuss the latest news in cyber security and threat research. Topics this week include:Lockbit taken down by NCA led operation. Does this spell the end for the ransomware group?ReliaQuest research into abuse of Remote monitoring and management (RMM) toolsInsider leaks Chinese government documents on GithubResources:https://www.reliaquest.com/blog/lockbit-taken-down-what-comes-next/

In this episode of ShadowTalk, host Chris, along with Marken and Corey, discuss the latest news in cyber security and threat research. Topics this week include:ReliaQuest research into changes observed on SocGholish infection chainUpdate to Volt Typhoon campaign affecting US CNIFurore over reporting on Toothbrush smart devices reportedly used in DDoS attacksCanada bans Flipper Zero consumer hacking device, over car theft concerns Resources:https://www.reliaquest.com/blog/new-python-socgholish-infection-chain/https://www.reliaquest.com/blog/socgholish-fakeupdates/

In this episode of ShadowTalk, host Chris Morgan is joined by ReliaQuest CISO Rick Holland, Director of Threat Research Brandon Tirado and Intelligence Collection Analyst Fearghal Hughes to discuss the latest news in cyber security and threat research. Topics this week include:Breach of Remote Desktop Application 'AnyDesk' resultsContinued Ivanti vulnerability exploitationsThe rise of BEC deepfake social engineering attacksReliaQuest's top priorities for the remainder of Q1 2024Resources:https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&eventid=4448957&sessionid=1&key=3FBF0E608FF3216DD9F1526D92EE5CCE&groupId=5180806&partnerref=website&sourcepage=registerhttps://event.on24.com/wcc/r/4387339/A63BC17298406ECD68AABFFEF416702B?partnerref=organic

In this episode of ShadowTalk, host Chris, along with James and Ivan, discuss the latest news in cyber security and threat research. Topics this week include:The emergence of Killnet 2.0 Best practices for Baselining Detection RulesInsights from ReliaQuest's Q4 2023 Ransomware blogResources:https://www.reliaquest.com/blog/q4-2023-ransomware/

In this episode of ShadowTalk, host Corey, along with Kim and Caroline, discuss the latest news in cyber security and threat research. Topics this week include: Midnight Blizzard Targeting Microsoft Threat research on Attacker techniques observed from Customer incidents Two new Citrix NetScaler vulnerabilities being exploited in the wildResources:https://www.reliaquest.com/blog/top-cyber-threat-techniques-q4-2023https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ https://www.theregister.com/2024/01/18/citrix_netscaler_bugs_attacked/

In this episode of ShadowTalk, host Chris, along with Brian, Gjergji and ReliaQuest CISO Rick Holland, discuss the latest news in cyber security and threat research. Topics this week include:Ivanti Zero-day vulnerabilities under mass exploitationReliaQuest research into misuse of Valid Accounts Risk posed through emerging Internet of Things (IoT) devicesResources:https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US 

In this episode of ShadowTalk, host Chris, along with Marken and Fearghal, discuss the latest news in cyber security and threat research.  Topics this week include:A recap of major developments in 2023: Ransomware, Business Email Compromise, Living off the land (LotL)The influence of Generative AI on cyber threatsLockbit targeting healthcare providers in Germany

In this episode of ShadowTalk, host Chris, along with Rick and Kim, discuss the latest news in cyber security and threat research.  Topics this week include:ALPHV targeted in law enforcement operationA look back at major events from the previous 12 monthsPredictions for the cyber threat landscape in 2024'Expense in depth' and maximising investmentsResources:https://www.reliaquest.com/blog/double-extortion-attack-analysis/https://www.reliaquest.com/blog/alphv-ransomware-site-outage/ https://www.justice.gov/media/1329536/dl?inline=&utm_medium=email&utm_source=govdelivery

In this episode of ShadowTalk, host Corey Carter, along with ReliaQuest CISO Rick Holland and Gjergji Paco, discuss the latest news in cyber security and threat research.  Topics this week include:An overview of a ReliaQuest report on a sophisticated incident involving a technique known as Bring Your Own Vulnerable Driver (BYOVD).ALPHV ransomware site outage rumored to be caused by law enforcement.Apps vulnerable to Log4Shell still being exploited by Advanced Persistence Threats.FBI releases policy notice that informs cyber victims how they can request to delay public disclosures to the Securities and Exchange Commission.Resources:https://www.sonatype.com/resources/log4j-vulnerability-resource-centerhttps://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/https://www.reliaquest.com/blog/alphv-ransomware-site-outage/https://www.fbi.gov/file-repository/fbi-policy-notice-120623.pdf/viewhttps://www.kovrr.com/blog-post/cybersecurity-legal-and-financial-experts-share-their-reactions-to-the-secs-latest

In this episode of ShadowTalk, host Chris, along with Caroline and James, discuss the latest news in cyber security and threat research. Topics this week include:Ransomware groups increasingly targeting ESXiCyber Threats to the Airline industryIncidents affecting CNI in the US, UK, and IsraelResources:https://www.gov.uk/government/news/response-to-a-news-report-on-cyber-security-at-sellafieldhttps://www.cshub.com/attacks/news/lockbit-hackers-publish-43gb-of-stolen-boeing-data-following-cyber-attackhttps://www.theregister.com/2023/11/29/water_authority_ciso_iran/https://www.bleepingcomputer.com/news/security/linux-version-of-qilin-ransomware-focuses-on-vmware-esxi/

In this episode of ShadowTalk, host Corey, along with Rick, Marken, and James, discuss the latest news in cyber security and threat research.  Topics this week include:An overview of ReliaQuest's latest report covering EDR Pitfalls and Best Practices.Latest updates to Okta's Support Case Management System intrusion that occurred in October.Discussion on guidelines released for secure AI system development by CISA and UK NCSC.Infostealers making headlines after allegedly being able to restore expired Google cookies. Resources:Okta's Support Case Management System Intrusion Update-https://sec.okta.com/harfilesProactive Defense: Positioning your IR Team for Success webinar-https://event.on24.com/wcc/r/4388361/F9C6D55AEEB34F33683F29973F48D174?partnerref=shadowtalk CISA and UK NCSC Joint Guidelines-https://www.cisa.gov/news-events/alerts/2023/11/26/cisa-and-uk-ncsc-unveil-joint-guidelines-secure-ai-system-development Scattered Spider Blog-https://www.reliaquest.com/blog/scattered-spider-attack-analy

In this episode of ShadowTalk, host Ivan, along with Brandon and Colin discuss the latest news in cyber security and threat research. Topics this week include:AlphaV filing a complaint with the SECReliaQuest case study on the Scattered Spider attackSandworm hacker group conducts "largest ever" attack on Danish infrastructureResources:https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/

In this episode of ShadowTalk, host Chris, along with Kim, discuss the latest news in cyber security and threat research. Topics this week include:CitrixBleed vulnerability mass targeted by threat actorsTaking the burden from incidents responders by taking proactive stepsHacktivists targeting Israeli organizations with "BiBi" data wiping malwareResources: https://www.reliaquest.com/blog/citrix-bleed-vulnerability-background-and-recommendations/

In this episode of ShadowTalk, host Ivan Righi, along with ReliaQuest's CISO Rick Holland and Detection Researcher Marken Teder, discuss the latest news in cyber security and threat research. Topics this week include:Apache ActiveMQ vulnerability (CVE-2023-46604) exploited by ransomware gangsDiscussion over charges filed by the US SEC against SolarWindsActive exploitation of a Critical Atlassian Confluence flaw (CVE-2023-22518)An overview of QR code phishing threatsResources:https://event.on24.com/wcc/r/4387339/A63BC17298406ECD68AABFFEF416702B?partnerref=organic

In this episode of ShadowTalk, host Kim, along with Caroline and Corey, discuss the latest news in cyber security and threat research. Topics this week include:The charges filed by the US SEC against SolarWindsA sneak-peak of the findings from our Vulnerabilities Roundup blogAn overview of some vulnerabilities impacting users right nowThe Executive Order issued by the Biden administration on artificial intelligence.

In this episode of ShadowTalk, Host Chris Morgan is joined by one of ReliaQuest's CISO's Rick Holland, Threat Hunter Brian Kelly and Threat Intelligence Analyst Ivan Righi to discuss the latest news in cyber security and threat research. Topics this week include:The findings of ReliaQuest's Quarterly Ransomware Report recapping Q3 2023 activity. ServiceNow vulnerability and what it means for youThe latest on a security incident pertaining to authentication provider, Okta.Resources:https://www.reliaquest.com/blog/ransomware-trends-q3-2023/

In this episode of ShadowTalk, host Chris, along with Kim and Gjergji, discuss the latest news in cyber security and threat research. Topics this week include:Threat actors exploiting Critical CISCO IOS XE Vuln Increase in Business Email Compromise (BEC) activitySocial media platform Discord being used for malicious activity

In this episode of ShadowTalk, host Chris Morgan, along with ReliaQuest CISO Rick Holland, James Xiang and Caroline Fenstermacher, discuss the latest news in cyber security and threat research. Topics this week include:Cyber threat implications from the Hamas - Israel ConflictTop Adversary Techniques: What We're Seeing Right NowHas Qakbot returned? Resources:https://www.reliaquest.com/blog/iranian-cyber-threats-practical-advice-for-security-professionals/