Digital Shadows

In this episode of ShadowTalk, host Chris Morgan, along with ReliaQuest CISO Rick Holland and Gjergji Paco, discuss the latest news in cyber security and threat research. Topics this week include:The FBI operation targeting Qakbot infrastructureBarracuda Zero-Day targeted by Peoples Republic of China (PRC) aligned actorsThe resurgence and future of Hacktivism

In this episode of ShadowTalk, host Dean Murphy, along with one of ReliaQuest's CISO's Rick Holland and Threat Hunter Brian Kelly, discuss the latest news in cyber security and threat research. Topics this week include:Malware LoadersRansomware Runbooks Generative AI Barracuda ESG - Zero-DayResources:https://www.reliaquest.com/blog/lockbit-ransomware-2023/https://analyst1.com/ransomware-diaries-volume-1/https://www.bleepingcomputer.com/news/security/angry-conti-ransomware-affiliate-leaks-gangs-attack-playbook/https://www.reliaquest.com/news-and-press/reliaquest-adds-ai-capabilities-to-greymatter-intelligent-analysis/https://www.reliaquest.com/blog/understanding-generative-ai-in-cybersecurity/https://www.reliaquest.com/blog/intersection-generative-ai-cybersecurity/https://www.mandiant.com/resources/blog/threat-actors-generative-ai-limitedhttps://www.ic3.gov/Media/News/2023/230823.pdf 

In this episode of ShadowTalk, host Chris, along with one of Brandon and Gjergji, discuss the latest news in cyber security and threat research. Topics this week include:Recap of DefCon conferenceThe latest updates regarding Clop's exploitation of MOVEit zero-dayThe return of the infamous Raccoon Stealer

In this episode, one of ReliaQuest's CISO's Rick Holland is joined by threat hunters Colin Ferris and Caroline Fenstermacher to discuss the presence of AI at BlackHat, Device Code Phishing, trends from the Russia-Ukraine War and lastly how to make the most of a visit to DEF CON.

In this episode, one of ReliaQuest's CISO's Rick Holland and Chief Technology Officer Joe Partlow are joined by Freeport LNG CISO, Todd Beebe and Ciena CISO Ryan Hammer to discuss all things BlackHat 2023.

 In this episode of ShadowTalk, host Chris, along with one of ReliaQuest's CISOs Rick, and James, discuss the latest news in cyber security and threat research. Topics this week include:Themes in recent Business Email Compromise (BEC) activityA breakdown of ReliaQuest research into threats facing the Professional, Scientific, and Technical Services (PSTS) sectorThe influence of AI on the cyber threat landscape ReliaQuest activities at BlackHat 2023 conference

In this episode of ShadowTalk, host Roman, along with Ivan and Brandon, discuss the latest news in cyber security and threat research. Topics this week include:Twitter becoming X security concernsCl0p names 71 new victimsReliaQuest releases Q2 ransomware reportHackers target Norwegian government ministries with Ivanti zero-day exploitALPHV ransomware group creates API key for its data leak siteResources:https://www.bleepingcomputer.com/news/security/norway-says-ivanti-zero-day-was-used-to-hack-govt-it-systems/https://www.bleepingcomputer.com/news/security/alphv-ransomware-adds-data-leak-api-in-new-extortion-strategy/

In this episode of ShadowTalk, host Chris, along with Brian and James, discuss the latest news in cyber security and threat research. Topics this week include:ReliaQuest research into common attacker techniquesAn update on Clop's exploitation of the MOVEit vulnerability ChatGPT rival with ‘no ethical boundaries’ sold on dark webResources:https://www.reliaquest.com/blog/top-adversary-techniques-july-2023/https://www.reliaquest.com/blog/clop-leaks-first-victims/https://www.zdnet.com/article/wormgpt-what-to-know-about-chatgpts-malicious-cousin/

In this episode of ShadowTalk, host Dean Murphy, one of ReliaQuests CISO's Rick Holland and threat research teamers Colin Ferris and Gjergji Paco discuss the latest news in cyber security and threat research. Topics this week include:Chinese hackers breach Microsoft CloudStrava App – Tracked and KilledCl0p UpdateRemote Monitoring and Management Software – RMMResources:https://www.cnn.com/2023/07/11/europe/russian-submarine-commander-killed-krasnador-intl/index.htmlhttps://www.telegraph.co.uk/news/2023/07/11/russian-submarine-commander-shot-strava-krasnodar-vinnytsia/https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdfhttps://www.reliaquest.com/blog/clop-leaks-first-victims/https://www.cisa.gov/sites/default/files/2023-07/aa23-193a_joint_csa_enhanced_monitoring_to_detect_apt_activity_targeting_outlook_online.pdfhttps://www.washingtonpost.com/national-security/2023/07/12/microsoft-hack-china/https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-thre

In this episode of ShadowTalk, host Chris Morgan, along with Corey Carter, Jonny Elrod, Gjergji Paco, and one of ReliaQuests CISO's Rick Holland, discuss the latest news in cyber security and threat research. Topics this week include:Threat actors obfuscating activity through virtualizationLockBit claim to have impacted Taiwanese semiconductor giant TSMCCISA identify new exploited vulnerabilitiesNew critical vulnerability impacting Fortinet, FortiOS and FortiProxy SSL-VPN appliancesResources:https://www.reliaquest.com/blog/virtual-machines-defense-evasion/https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-patch-bugs-exploited-by-russian-hackers/https://thehackernews.com/2023/07/alert-330000-fortigate-firewalls-still.htmlhttps://www.scmagazine.com/brief/ransomware/tsmc-discloses-data-breach-from-lockbit-claimed-attack-against-third-party

In this episode of ShadowTalk, host Stefano, along with Kim Bromley, and one of ReliaQuests CISO's Rick Holland, discuss the latest news in cyber security and threat research. Topics this week include:The SEC reportedly charging SolarWinds executivesAPT29 hunting for credentialsOur new, shiny Annual Threat ReportResources:https://www.reuters.com/technology/solarwinds-executives-receive-wells-notice-us-sec-2023-06-23/https://www.scmagazine.com/brief/identity-and-access/apt29-intensifies-credential-stealing-attackshttps://www.reliaquest.com/resources/research-reports/annual-threat-report/

In this episode of ShadowTalk, host Chris, along with Dani, and one of ReliaQuests CISO's Rick Holland, discuss the latest news in cyber security and threat research. Topics this week include:The latest updates related to Cl0p's exploitation of MOVEit zero-dayKillnet targeting European financial institutionsInsights drawn from our closed sources teamThe team's observations on this years InfoSec conferenceResources:https://www.reliaquest.com/blog/clop-leaks-first-victims/ https://techmonitor.ai/technology/cybersecurity/killnet-revil-and-anonymous-threaten-swift-with-destructive-attack-in-48-hours 

In this episode of ShadowTalk, host Chris, along with Colin and Caroline, discuss the latest news in cyber security and threat research. Topics this week include:The latest updates related to Clop's exploitation of MOVEit zero-dayAn overview of the Gootloader initial access malwareFortinet RCE CVE-2023-27997Ukraine's Cyber Anarchy Squad take down InfotelResources:https://www.reliaquest.com/blog/clop-leaks-first-victims/https://www.scmagazine.com/news/device-security/fortinet-patches-critical-rce-fortigate-ssl-vpn-applianceshttps://www.bleepingcomputer.com/news/security/ukrainian-hackers-take-down-service-provider-for-russian-banks/

In this episode of ShadowTalk, host Stefano, along with Rick, Dean, and Ivan, discuss the latest news in cyber security and threat research. Topics this week include:What you need to know on the MOVEit Zero-day vulnerability and the latest Cl0p updates Infostealers ecosystem: most common malware, impact, and mitigation strategiesKey insights from the latest Verizon's DBIR issueResources:https://www.reliaquest.com/blog/moveit-vulnerability-update-clop-claims-responsibility/ https://www.verizon.com/business/resources/reports/dbir/

In this episode of ShadowTalk, host Chris, along with Gjergji and Ivan, discuss the latest news in cyber security and threat research. Topics this week include:What you need to know on the MOVEit Zero-day vulnerabilityRaidForums user's data breachedThe Buhti ransomware taking a unique approach to targeting victimsResources:https://www.reliaquest.com/blog/moveit-transfer-zero-day/https://www.bleepingcomputer.com/news/security/new-buhti-ransomware-gang-uses-leaked-windows-linux-encryptors/https://www.bleepingcomputer.com/news/security/new-hacking-forum-leaks-data-of-478-000-raidforums-members/

Summary: In this episode of ShadowTalk, host Stefano, along with Kim, Rick, and Dean, discuss the latest news in cyber security and threat research. Topics this week include:An investigation into the GootLoader malwareThe latest operation from hacktivist group Intrusion TruthA cyber espionage campaign conduct by Volt TyphoonRQ Exponent conference debriefResources:https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144ahttps://www.washingtonpost.com/politics/2023/05/15/they-dox-chinese-hackers-now-theyre-back/

In this episode of ShadowTalk, host Chris Morgan , along with Caroline Fenstermacher and Gjergji Paco, discuss the latest news in cyber security and threat research. Topics this week include:Revisiting the SocGholish malware distribution framework Getting pricked by the Cactus ransomwareGreatness Phishing-as-a-service Resources:https://www.reliaquest.com/blog/socgholish-fakeupdates/https://thehackernews.com/2023/05/new-ransomware-strain-cactus-exploits.htmlhttps://www.bleepingcomputer.com/news/security/new-greatness-service-simplifies-microsoft-365-phishing-attacks/

Summary: In this episode of ShadowTalk, host Stefano, along with Caroline and Colin, discuss the latest news in cyber security and threat research. Topics this week include:Five Eyes agencies takedown FSB-linked Snake malwareHunting Kubernetes for privilege escalation techniquesInvestigation offers insights into Caffeine PhaaS platformResources:https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129ahttps://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/whitepapers/kubernetes-privilege-escalation-excessive-permissions-in-popular-platformshttps://www.bleepingcomputer.com/news/security/caffeine-service-lets-anyone-launch-microsoft-365-phishing-attacks/

In this episode of ShadowTalk, host Chris Morgan is joined by Corey Carter and Ivan Righi to discuss:A day in the life of a Threat Engineer at ReliaQuestALPHV leaking internal comm's related to victims incident responseHigh Severity vulnerability affecting Veeam back servers exploited in the wild (CVE-2023-27532)

In this episode of ShadowTalk, host Stefano, along with Kim, Ivan, and Brandon, discuss the latest news in cyber security and threat research. Topics this week include:Highlights from the ReliaQuest Ransomware Quarterly Report Q1 2023A supply-chain of a supply-chain: 3CX UpdateAnalysis of Russia-Ukraine cyber operationsA look into recent shifts in the cybercriminal ecosystemResources:https://www.reliaquest.com/blog/2023-ransomware-attacks-q1/https://www.ncsc.gov.uk/news/new-analysis-eccri-highlights-ukraine-defence-against-russian-offensivehttps://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise