Digital Shadows

ShadowTalk host Chris alongside Stefano bring you the latest in threat intelligence. This week they cover: - History of ransomware- Details of the deBridge hack- Thoughts and recommendations for organizations targeted multiple timesGet this week’s intelligence summary at: ***Resources from this week’s podcast***Tensions Between The PRC And Taiwan: What’s Happening?https://www.digitalshadows.com/blog-and-research/tensions-between-the-prc-and-taiwan-whats-happening/Meet DUMPS Forum: A Pro-Ukraine, Anti-Russia Cybercriminal Forumhttps://www.digitalshadows.com/blog-and-research/meet-dumps-forum-a-pro-ukraine-anti-russia-cybercriminal-forum/

ShadowTalk host Stefano alongside Chris bring you the latest in threat intelligence. This week they cover: - 911 proxy service ends protection for cybercriminals- ALPHV (aka BlackCat) ransomware claims attack on European gas pipeline- Cyber threat implications from recent news in Taiwan & China Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-05-aug***Resources from this week’s podcast***The Boy Who Cried Ransomware: The Trustworthiness Of Ransomware Groupshttps://www.digitalshadows.com/blog-and-research/the-boy-who-cried-ransomware-the-trustworthiness-of-ransomware-groups/ReliaQuest And Digital Shadows – The Next Stage Of The Journeyhttps://www.digitalshadows.com/blog-and-research/reliaquest-and-digital-shadows-the-next-stage-of-the-journey/

ShadowTalk host Nicole alongside Ivan and CISO Rick Holland bring you the latest in threat intelligence. This week they cover: - Entrust suffered a ransomware attack- Ex-Coinbase manager charged in first crypto insider-trading case- Redeemer ransomware builderGet this week’s intelligence summary at: ***Resources from this week’s podcast***Holy Ghost’s Bargain Basement Approach To Ransomwarehttps://www.digitalshadows.com/blog-and-research/holy-ghosts-bargain-basement-approach-to-ransomware/July edition of What we are reading this monthhttps://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-july-2022/How To Paint Your Best Cyber Threat Landscape: My Three Top Tips From ENISA’s Methodology Reporthttps://www.digitalshadows.com/blog-and-research/how-to-paint-your-best-cyber-threat-landscape-my-three-top-tips-from-enisas-methodology-report/

ShadowTalk host Stefano alongside Chris and Dani bring you the latest in threat intelligence. This week they cover:* HolyGhost6 ransomware operation linked with North Korea* Explanation on how malware is created and distributed* Russia fines Google for failing to delete YouTube videos ***Resources from this week’s podcast***Q2 2022 Vulnerability Rounduphttps://www.digitalshadows.com/blog-and-research/q2-2022-vulnerability-roundup/Breach Forums – When Student Becomes The Teacherhttps://www.digitalshadows.com/blog-and-research/breach-forums-when-student-becomes-the-teacher/How To Paint Your Best Cyber Threat Landscape: My Three Top Tips From ENISA’s Methodology Reporthttps://www.digitalshadows.com/blog-and-research/how-to-paint-your-best-cyber-threat-landscape-my-three-top-tips-from-enisas-methodology-report/Microsoft links Holy Ghost ransomware operation to North Korean hackershttps://www.bleepingcomputer.com/news/security/microsoft-links-holy-ghost-ransomware-operation-to-north-korean-hackers/Russia fines Goo

ShadowTalk host Chris alongside Nicole, Ivan, and Rick bring you the latest in threat intelligence. This week they cover:* Microsoft Patch Tuesday* Chinese cyber espionage groups target Russia* Hive ransomware group takes LockBit information to upgrade to Rust* IBM Security X-Force finds evidence on TrickBot attacking Ukraine***Resources from this week’s podcast***Ransomware in Q2 2022: Ransomware is Back in Businesshttps://www.digitalshadows.com/blog-and-research/ransomware-in-q2-2022-ransomware-is-back-in-business/Offensive Nation-State Cyber Threats: Who Takes The Top Spot?https://www.digitalshadows.com/blog-and-research/offensive-nation-state-cyber-threats-who-takes-the-top-spot/Chinese Cyber Espionage Groups Increasingly Targeting Russiahttps://www.infosecurity-magazine.com/news/chinese-cyber-espionage-russia/Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Methodhttps://thehackernews.com/2022/07/hive-ransomware-upgrades-to-rust-for.htmlUnprecedented Shift: The Trickbot Group is Systema

ShadowTalk host Stefano alongside Dani bring you the latest in threat intelligence. This week they cover:* Roughly 1 billion Chinese citizens' data breached* British Army's Youtube and Twitter accounts hacked and used to promote cryptocurrency scams* HackerOne employee steals bug reports to sell ***Resources from this week’s podcast***What We’re Reading This Month: June 2022https://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-june-2022/Hacker claims to have stolen 1 bln records of Chinese citizens from policehttps://www.reuters.com/world/china/hacker-claims-have-stolen-1-bln-records-chinese-citizens-police-2022-07-04/British Army’s YouTube and Twitter accounts were hacked to promote crypto scamshttps://www.theverge.com/2022/7/3/23193668/british-army-youtube-twitter-accounts-hacked-promote-crypto-scam-fraudRogue HackerOne employee steals bug reports to sell on the sidehttps://www.bleepingcomputer.com/news/security/rogue-hackerone-employee-steals-bug-reports-to-sell-on-the-sid

ShadowTalk host Chris alongside Stefano and Kim bring you the latest in threat intelligence. This week they cover:* Recent advances in cyber threat intelligence and end-point protection have helped Ukraine* Conti finally shuts down data leak and negotiates with victims* LockBit debuts ransomware bug bounty program***Resources from this week’s podcast***Market Differentiation: Cybercriminal Forums’ Unusual Features Designed To Attract Usershttps://www.digitalshadows.com/blog-and-research/market-differentiation-cybercriminal-forums-unusual-features-designed-to-attract-users/NATO Leaders Are Meeting At The Madrid Summit 2022: What Is Going To Happen?https://www.digitalshadows.com/blog-and-research/nato-leaders-are-meeting-at-the-madrid-summit-2022-what-is-going-to-happen/Defending Ukraine: Early Lessons from the Cyber Warhttps://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/Conti ransomware finally shuts down data leak, negotiation siteshttps://www.bleepingcomput

ShadowTalk host Chris alongside Stefano and Kim bring you the latest in threat intelligence. This week they cover:* AlphV breaching victims' data in open source* 'BidenCash' website sells your credit card information for only 15 cents* Account Takeover paper***Resources from this week’s podcast***POLONIUM: Proxy Warfare And Iran’s Cyber Strategyhttps://www.digitalshadows.com/blog-and-research/polonium-proxy-warfare-and-irans-cyber-strategy/Vulnerability Intelligence Roundup: Leveraging The OODA Loop For Vulnerability Managementhttps://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-roundup-leveraging-the-ooda-loop-for-vulnerability-management/Credential Stuffing: What Is It, Are You At Risk?https://www.digitalshadows.com/blog-and-research/credential-stuffing-what-is-it-are-you-at-risk/ALPHV/BlackCat ransomware gang starts publishing victims’ data on the clear webhttps://securityaffairs.co/wordpress/132339/malware/blackcat-ransomware-clear-web.htmlNew 'BidenCash' si

ShadowTalk host Stefano alongside Ivan, Nicole, and Rick bring you the latest in threat intelligence. This week they cover:* Cybersecurity researchers disclosed a new Windows zero-day vulnerability* Conti shuts down affiliate program* Cybercriminals discuss LockBit vs Mandiant***Resources from this week’s podcast***Weak Credentials Are Fueling A New Generation Of Cyber Threatshttps://www.digitalshadows.com/blog-and-research/weak-credentials-are-fueling-a-new-generation-of-cyber-threats/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

ShadowTalk host Stefano alongside Xue, and Kim bring you the latest in threat intelligence. This week they cover:- LockBit x Mandiant PR stunt- Bohrium targets victims in various geographiesGet this week’s intelligence summary at:https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10-jun/***Resources from this week’s podcast*** Killnet: The Hactivist Group That Started A Global Cyber War:https://www.digitalshadows.com/blog-and-research/killnet-the-hactivist-group-that-started-a-global-cyber-war/-Ransomware Gangs and PR Stunts: Why LockBit Faked a Ransomware Attack Against Mandianthttps://www.digitalshadows.com/blog-and-research/ransomware-gangs-and-pr-stunts-why-lockbit-faked-a-ransomware-attack-against-mandiant/

ShadowTalk host Chris alongside Nicole and special guest Geoff White cover the cybercrime group Lazarus and their impact in cyber security.In this special episode, they discuss:* Geoff's new book 'The Lazarus Heist'* An overview of the Lazarus Group* How North Korea created one of the most sophisticated cyber crime groups in the world**Resources from this special podcast**Find Geoff on Twitter: https://twitter.com/geoffwhite247Find Geoff on LinkedIn: https://www.linkedin.com/in/geoffwhite247/Pre-order Geoff's book 'The Lazarus Heist' now:https://www.penguin.co.uk/books/447/447163/the-lazarus-heist/9780241554258.htmlSubscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Digital Shadows CISO Rick Holland hosts this edition of ShadowTalk. Rick is joined by repeat special guest David Thejl-Clayton, Senior Advisor in Cyber Defense at Combitech. They discuss:- Rick and David's thoughts on the 2022 DBIR report (Full disclosure, they are fanboys) - Research that shows how APT groups primarily go after known vulnerabilities and not 0days- David's experience helping customers create their custom version of the DBIR***Resources from this week’s podcast***Find David on Twitter: https://twitter.com/DCSecuritydkFind David on LinkedIn: https://www.linkedin.com/in/davidclayton454/2022 Data Breach Investigations Report: https://www.verizon.com/business/resources/reports/dbir/Vocabulary for Event Recording and Information Sharing (VERIS): http://veriscommunity.net/SANS CTI Summit - VERISIZE your way into CTI: https://www.youtube.com/watch?v=AwMC6INC5TESoftware Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats https://arxiv.org/abs/2205.07759VSec Comm

ShadowTalk host Chris alongside Ivan, and Nicole bring you the latest in threat intelligence. This week they cover: - Insider Threat Actor at Chinese real estate brokerage is sentenced to 7 years in prison- Microsoft Patch Tuesday mishap- NFT scamsGet this week’s intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-20-may-2022***Resources from this week’s podcast***: Vulnerability Intelligence Round-Up: The Good, The Bad and The Risky:https://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-round-up-the-good-the-bad-and-the-risky/ Mustang Panda: https://www.digitalshadows.com/blog-and-research/advanced-persistent-threat-group-feature-mustang-panda/ What we’re reading this month: https://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-may-2022/ Angry IT Admin Wipes Employers Databases Gets 7 Years in Prisonhttps://www.bleepingcomputer.com/news/security/angry-it-admin-wipes-employer-s-databases-gets-7-years

ShadowTalk host Stefano alongside Kim bring you the latest in threat intelligence. This week they cover:* Costa Rica declares state of emergency because of Conti* The European Council formally attributes VIASAT attack to Russia* Five years since the WannaCry incident***Resources from this week’s podcast***Five Years After The WannaCry Dumpster Fire, Ransomware Remains A Global Threathttps://www.digitalshadows.com/blog-and-research/five-years-after-the-wannacry-dumpster-fire-ransomware-remains-a-global-threat/US offers $15 million reward for info on Conti ransomware ganghttps://www.bleepingcomputer.com/news/security/us-offers-15-million-reward-for-info-on-conti-ransomware-gang/Viasat shares details on KA-SAT satellite service cyberattackhttps://www.bleepingcomputer.com/news/security/viasat-shares-details-on-ka-sat-satellite-service-cyberattack/Satellite outage knocks out thousands of Enercon's wind turbineshttps://www.reuters.com/business/energy/satellite-outage-knocks-out-control-enercon-wind-turbines-20

ShadowTalk host Chris alongside Ivan and Nicole bring you the latest in threat intelligence. This week they cover:* REvil ransomware returns with new malware* Moshen Dragon targeting telecommunication service providers in Central Asia* Russian hackers utilize embassy emails to target governments***Resources from this week’s podcast***ALPHV: THE FIRST RUST-BASED RANSOMWAREhttps://www.digitalshadows.com/blog-and-research/alphv-the-first-rust-based-ransomware/Colonial Pipeline One Year Later: What’s Changed?https://www.digitalshadows.com/blog-and-research/colonial-pipeline-one-year-later-whats-changed/REvil ransomware returns: New malware sample confirms gang is backhttps://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/Chinese cyber-espionage group Moshen Dragon targets Asian telcoshttps://www.bleepingcomputer.com/news/security/chinese-cyber-espionage-group-moshen-dragon-targets-asian-telcos/Russian hackers compromise embassy emails to target governments

ShadowTalk host Stefano alongside Xue, Kim, & Rory bring you the latest in threat intelligence. This week they cover:* Cybercrime group Lapsus$ is back* Cyber activity in the Russia-Ukraine war so far***Resources from this week’s podcast***The Russia – Ukraine War: Two Months Inhttps://www.digitalshadows.com/blog-and-research/the-russia-ukraine-war-two-months-in/Opportunity In The Midst Of Chaos: Russian-Speaking Cybercriminals Grapple With Sanctions And Forum Takedownshttps://www.digitalshadows.com/blog-and-research/russian-speaking-cybercriminals-grapple-with-sanctions-and-forum-takedowns/Leaked Chats Show LAPSUS$ Stole T-Mobile Source Codehttps://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

ShadowTalk host Chris alongside Ivan, Rick, and Nicole bring you the latest in threat intelligence. This week they cover:* Security researchers find connection between Conti and Karakurt* Chernovite’s Pipedream malware targets ICS networks* Lazarus hacking group is targeting organizations in the cryptocurrency and blockchain industries***Resources from this week’s podcast***The Power Of Data Analysis In Threat Intelligence – Part 2: Machine Learninghttps://www.digitalshadows.com/blog-and-research/the-power-of-data-analysis-in-threat-intelligence-part-2-machine-learning//What We’re Reading This Month: April 2022https://www.digitalshadows.com/blog-and-research/what-were-reading-this-month-april-2022/The Role Of Non-Fungible Tokens (NFTs) In Facilitating Cybercrimehttps://www.digitalshadows.com/blog-and-research/the-role-of-non-fungible-tokens-in-facilitating-cybercrime/Karakurt revealed as data extortion arm of Conti cybercrime syndicatehttps://www.bleepingcomputer.com/news/security/karakurt-revealed-as-data-ex

ShadowTalk host Stefano alongside Rory bring you the latest in threat intelligence. This week they cover:* 'RaidForums' has been shut down and seized* SandWorm targets electrical substations in Ukraine* The resurgence of hacktivism in the Russia-Ukraine conflict***Resources from this week’s podcast***Q1 2022 Vulnerability Rounduphttps://www.digitalshadows.com/blog-and-research/q1-2022-vulnerability-roundup/Q1 2022 Ransomware Rounduphttps://www.digitalshadows.com/blog-and-research/q1-2022-ransomware-roundup/One of the world’s biggest hacker forums taken downhttps://www.europol.europa.eu/media-press/newsroom/news/one-of-world%E2%80%99s-biggest-hacker-forums-taken-downSubscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.htmlAlso, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

ShadowTalk host Chris alongside Ivan and Austin bring you the latest in threat intelligence. This week they cover:* Spring4Shell: The Internet security disaster that wasn’t* New Borat remote access malware is no laughing matter* FIN7 hackers evolve toolset, work with multiple ransomware gangs***Resources from this week’s podcast***Intelligence Collection Plans: Preparation Breeds Successhttps://www.digitalshadows.com/blog-and-research/intelligence-collection-plans-preparation-breeds-success/Team A Vs Team B: What Is Motivating Lapsus$?https://www.digitalshadows.com/blog-and-research/team-a-vs-team-b-what-is-motivating-lapsus/Five Things We Learned From The Conti Chat Logshttps://www.digitalshadows.com/blog-and-research/five-things-we-learned-from-the-conti-chat-logs/Explaining Spring4Shell: The Internet security disaster that wasn’thttps://arstechnica.com/information-technology/2022/04/explaining-spring4shell-the-internet-security-disaster-that-wasnt/New Borat remote access malware is no laughing matterhttps:

ShadowTalk host Stefano alongside Chris and Rick bring you the latest on structured analytical techniques. This episode they cover: *Why they use SATs in their intel team*How they came up with the idea to analyze Lapsus$*How they chose Team A/Team B and how they prepared it*How the exercise performed*Future research direction***Resources from this special podcast***Meet Lapsus$: An Unusual Group In The Cyber Extortion Business https://www.digitalshadows.com/blog-and-research/meet-lapsus-an-unusual-group-in-the-cyber-extortion-business/The Okta Breach: What We Know So Farhttps://www.digitalshadows.com/blog-and-research/the-okta-breach-what-we-know-so-far/A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis https://www.stat.berkeley.edu/~aldous/157/Papers/Tradecraft%20Primer-apr09.pdfSubscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don’t forget to reach out to - shadowtalk@digitalshadows.com - if you have any q