Digital Shadows

In this episode of ShadowTalk, host Chris, along with James and Ivan, discuss the latest news in cyber security and threat research. Topics this week include:The emergence of Killnet 2.0 Best practices for Baselining Detection RulesInsights from ReliaQuest's Q4 2023 Ransomware blogResources:https://www.reliaquest.com/blog/q4-2023-ransomware/

In this episode of ShadowTalk, host Corey, along with Kim and Caroline, discuss the latest news in cyber security and threat research. Topics this week include: Midnight Blizzard Targeting Microsoft Threat research on Attacker techniques observed from Customer incidents Two new Citrix NetScaler vulnerabilities being exploited in the wildResources:https://www.reliaquest.com/blog/top-cyber-threat-techniques-q4-2023https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ https://www.theregister.com/2024/01/18/citrix_netscaler_bugs_attacked/

In this episode of ShadowTalk, host Chris, along with Brian, Gjergji and ReliaQuest CISO Rick Holland, discuss the latest news in cyber security and threat research. Topics this week include:Ivanti Zero-day vulnerabilities under mass exploitationReliaQuest research into misuse of Valid Accounts Risk posed through emerging Internet of Things (IoT) devicesResources:https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US 

In this episode of ShadowTalk, host Chris, along with Marken and Fearghal, discuss the latest news in cyber security and threat research.  Topics this week include:A recap of major developments in 2023: Ransomware, Business Email Compromise, Living off the land (LotL)The influence of Generative AI on cyber threatsLockbit targeting healthcare providers in Germany

In this episode of ShadowTalk, host Chris, along with Rick and Kim, discuss the latest news in cyber security and threat research.  Topics this week include:ALPHV targeted in law enforcement operationA look back at major events from the previous 12 monthsPredictions for the cyber threat landscape in 2024'Expense in depth' and maximising investmentsResources:https://www.reliaquest.com/blog/double-extortion-attack-analysis/https://www.reliaquest.com/blog/alphv-ransomware-site-outage/ https://www.justice.gov/media/1329536/dl?inline=&utm_medium=email&utm_source=govdelivery

In this episode of ShadowTalk, host Corey Carter, along with ReliaQuest CISO Rick Holland and Gjergji Paco, discuss the latest news in cyber security and threat research.  Topics this week include:An overview of a ReliaQuest report on a sophisticated incident involving a technique known as Bring Your Own Vulnerable Driver (BYOVD).ALPHV ransomware site outage rumored to be caused by law enforcement.Apps vulnerable to Log4Shell still being exploited by Advanced Persistence Threats.FBI releases policy notice that informs cyber victims how they can request to delay public disclosures to the Securities and Exchange Commission.Resources:https://www.sonatype.com/resources/log4j-vulnerability-resource-centerhttps://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/https://www.reliaquest.com/blog/alphv-ransomware-site-outage/https://www.fbi.gov/file-repository/fbi-policy-notice-120623.pdf/viewhttps://www.kovrr.com/blog-post/cybersecurity-legal-and-financial-experts-share-their-reactions-to-the-secs-latest

In this episode of ShadowTalk, host Chris, along with Caroline and James, discuss the latest news in cyber security and threat research. Topics this week include:Ransomware groups increasingly targeting ESXiCyber Threats to the Airline industryIncidents affecting CNI in the US, UK, and IsraelResources:https://www.gov.uk/government/news/response-to-a-news-report-on-cyber-security-at-sellafieldhttps://www.cshub.com/attacks/news/lockbit-hackers-publish-43gb-of-stolen-boeing-data-following-cyber-attackhttps://www.theregister.com/2023/11/29/water_authority_ciso_iran/https://www.bleepingcomputer.com/news/security/linux-version-of-qilin-ransomware-focuses-on-vmware-esxi/

In this episode of ShadowTalk, host Corey, along with Rick, Marken, and James, discuss the latest news in cyber security and threat research.  Topics this week include:An overview of ReliaQuest's latest report covering EDR Pitfalls and Best Practices.Latest updates to Okta's Support Case Management System intrusion that occurred in October.Discussion on guidelines released for secure AI system development by CISA and UK NCSC.Infostealers making headlines after allegedly being able to restore expired Google cookies. Resources:Okta's Support Case Management System Intrusion Update-https://sec.okta.com/harfilesProactive Defense: Positioning your IR Team for Success webinar-https://event.on24.com/wcc/r/4388361/F9C6D55AEEB34F33683F29973F48D174?partnerref=shadowtalk CISA and UK NCSC Joint Guidelines-https://www.cisa.gov/news-events/alerts/2023/11/26/cisa-and-uk-ncsc-unveil-joint-guidelines-secure-ai-system-development Scattered Spider Blog-https://www.reliaquest.com/blog/scattered-spider-attack-analy

In this episode of ShadowTalk, host Ivan, along with Brandon and Colin discuss the latest news in cyber security and threat research. Topics this week include:AlphaV filing a complaint with the SECReliaQuest case study on the Scattered Spider attackSandworm hacker group conducts "largest ever" attack on Danish infrastructureResources:https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/

In this episode of ShadowTalk, host Chris, along with Kim, discuss the latest news in cyber security and threat research. Topics this week include:CitrixBleed vulnerability mass targeted by threat actorsTaking the burden from incidents responders by taking proactive stepsHacktivists targeting Israeli organizations with "BiBi" data wiping malwareResources: https://www.reliaquest.com/blog/citrix-bleed-vulnerability-background-and-recommendations/

In this episode of ShadowTalk, host Ivan Righi, along with ReliaQuest's CISO Rick Holland and Detection Researcher Marken Teder, discuss the latest news in cyber security and threat research. Topics this week include:Apache ActiveMQ vulnerability (CVE-2023-46604) exploited by ransomware gangsDiscussion over charges filed by the US SEC against SolarWindsActive exploitation of a Critical Atlassian Confluence flaw (CVE-2023-22518)An overview of QR code phishing threatsResources:https://event.on24.com/wcc/r/4387339/A63BC17298406ECD68AABFFEF416702B?partnerref=organic

In this episode of ShadowTalk, host Kim, along with Caroline and Corey, discuss the latest news in cyber security and threat research. Topics this week include:The charges filed by the US SEC against SolarWindsA sneak-peak of the findings from our Vulnerabilities Roundup blogAn overview of some vulnerabilities impacting users right nowThe Executive Order issued by the Biden administration on artificial intelligence.

In this episode of ShadowTalk, Host Chris Morgan is joined by one of ReliaQuest's CISO's Rick Holland, Threat Hunter Brian Kelly and Threat Intelligence Analyst Ivan Righi to discuss the latest news in cyber security and threat research. Topics this week include:The findings of ReliaQuest's Quarterly Ransomware Report recapping Q3 2023 activity. ServiceNow vulnerability and what it means for youThe latest on a security incident pertaining to authentication provider, Okta.Resources:https://www.reliaquest.com/blog/ransomware-trends-q3-2023/

In this episode of ShadowTalk, host Chris, along with Kim and Gjergji, discuss the latest news in cyber security and threat research. Topics this week include:Threat actors exploiting Critical CISCO IOS XE Vuln Increase in Business Email Compromise (BEC) activitySocial media platform Discord being used for malicious activity

In this episode of ShadowTalk, host Chris Morgan, along with ReliaQuest CISO Rick Holland, James Xiang and Caroline Fenstermacher, discuss the latest news in cyber security and threat research. Topics this week include:Cyber threat implications from the Hamas - Israel ConflictTop Adversary Techniques: What We're Seeing Right NowHas Qakbot returned? Resources:https://www.reliaquest.com/blog/iranian-cyber-threats-practical-advice-for-security-professionals/

In this episode of ShadowTalk, host Chris Morgan, along with ReliaQuest CISO Rick Holland and Corey Carter discuss the latest news in cyber security and threat research. Topics this week include:2023 National Cyber Security Awareness Month (NCSAM) Progress FTP ServerThe risk posed by open Remote Desktop Protocol (RDP) SessionsIronNet ceasure operationsResources: https://www.reliaquest.com/blog/cybersecurity-awareness-automation/ https://www.reliaquest.com/blog/israel-hamas-implications-for-cyber-threats/ 

In this episode of ShadowTalk, host Chris, along with Gjergji and James, discuss the latest news in cyber security and threat research. Topics this week include:Hunting for MFA bypass techniquesExploitation of a Zero-day LibWebP VulnerabilityThreat actors targeting VMWare ESXIResources:https://www.reliaquest.com/blog/mfa-bypass-techniques/#:~:text=Attackers%20also%20bypass%20MFA%20by,for%20sale%20on%20cybercriminal%20platforms. 

In this episode of ShadowTalk, host Kim, along with Caroline and Brian, discuss the latest news in cyber security and threat research. Topics this week include:A deep dive into popular MFA bypass techniques and how to mitigate themHow a misconfigured SAS token led to a big Microsoft data breachThe latest ALPHV ransomware attackResources:https://www.reliaquest.com/blog/domain-redirection-attacks-wrong-turns-in-cyberspace/

In this episode of ShadowTalk, host and ReliaQuest CISO Rick Holand and ReliaQuest Threat Research team members Corey Carter and Gjergji Paco discuss the latest news in cyber security and threat research. Topics this week include: A deep dive on domain redirection attacksNew ransomware report from the UK governmentNew Managed Engine zero-day exploited by multiple threat actorsAnonymous Sudan Telegram bans and DDoS attacks.Resources:https://www.ncsc.gov.uk/whitepaper/ransomware-extortion-and-the-cyber-crime-ecosystemhttps://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250ahttps://www.reliaquest.com/blog/5-macos-infostealers/https://www.reliaquest.com/blog/cisos-guide-six-steps-to-start-adopting-ai/

In this episode of ShadowTalk, host Roman, along with Corey and Ivan, discuss the latest news in cyber security and threat research. Topics this week include:A deep dive of malware loader SocGhoulishArtificial intelligence: implications, security concerns, and use by cybercriminalsLockBit leaking top secret information from the UK’s Ministry of DefenceResources: https://www.reliaquest.com/blog/the-3-malware-loaders-behind-80-of-incidentshttps://www.reliaquest.com/blog/socgholish-fakeupdateshttps://www.reliaquest.com/blog/lockbit-ransomware-2023