Episode 11: Memcached attacks, disinformation in ME, Spectre exploit, German gov network intrusion
Digital Shadows’ Research team discusses record DDoS attacks using Memcached servers, disinformation campaigns, a proof of concept exploit for the Spectre vulnerability, and new details of a historical network intrusion affecting the German government.
9 Mar 2018
Episode 26: Mythbusting Vulnerabilities and Exploits
Simon Hall and Richard Gold join Rafael Amado to discuss misconceptions around vulnerabilities and exploits, other techniques for gaining code execution, and how organizations can prioritize the patching of vulnerabilities.
15 Jun 2018
Interview With Dir Of Threat Intelligence At McDonalds, Brian Hillegas
Director of Threat Intelligence at McDonald’s, Brian Hillegas, speaks with Harrison (@pseudohvr) and CISO Rick Holland (@rickhholland) about where to align your security priorities, the importance of operating cross-functionally in your organization, what the biggest threats are in the cyber landscape at the moment, and what they’re looking forward to at Black Hat and DEF CON this year. The team will be at both events in Vegas this year! Check out what we have planned and RSVP for our party Wednesday night here: https://info.digitalshadows.com/BlackHat2019-Hub.html
24 Jul 2019
Episode 18: Healthcare hacking, BGP hijacking, crypto jacking, and more
In this week’s episode of Shadow Talk, we cover the targeting of healthcare organizations by Orangeworm, BGP hijacking, vulnerabilities in MikroTik routers, DDoS market shutdowns, and the profitability of cryptocurrency mining.
29 Apr 2018
Most Popular Podcasts
Episode 60: Cyber Risks and High-frequency Trading
With new research this week warning that state-sponsored cyber attacks against financial systems are on the rise, the ShadowTalk team focus on one area of the financial services sector in particular: high-frequency trading (HFT). Richard Gold and Rafael Amado are joined by a guest HFT expert to discuss mergers and acquisition information, sharing insider secrets, and manipulating stock prices. The team look at what attacks are possible, what the consequences would be for the financial services industry at large, and why attacks against trading platforms and the industry itself have been so few and far between.
25 Mar 2019
Weekly Intelligence Summary: Ep 2
This week Alex and Philip join Harrison to discuss two recent, unrelated, financially motivated cyber attack campaigns involving the use of culturally specific social engineering lures. The team also looks at three new phishing campaigns attributed to the threat group TA505 and decide(in a perfect world) which 1 cyber threat they would choose to rid forever.Download this week's Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-10-jan-17-jan-2019.
18 Jan 2019
Episode 53: Threat Actors Use of Cobalt Strike & How Attacker Actions Can Inform Defenses
The dynamic duo of Dr Gold and Simon Hall join Michael Marriott to discuss our recent findings on threat actors using cracked versions of Cobalt Strike conduct attacks, and how defenders can use this to inform their defense. Read the blog to learn more: https://www.digitalshadows.com/blog-and-research/threat-actors-use-of-cobalt-strike-why-defense-is-offenses-child/. Building on this theme, in part two, Richard Gold outlines the benefits of mapping the Mitre ATT&CK framework to the ASD Essential 8. You can read Richard’s blog here: https://www.digitalshadows.com/blog-and-research/mapping-the-asd-essential-8-to-the-mitre-attck-framework/.
30 Nov 2018
Weekly Intelligence Summary: Ep 0
Welcome to ShadowTalk's new track on our Weekly Intelligence Summary. Host Harrison Van Riper invites Digital Shadows' analysts to discuss the week's top threat intelligence news. To download the full Weekly Intelligence Summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary.
10 Jan 2019
Episode 32: MITRE ATT&CK™ Framework and the Mueller GRU Indictment
In today’s ShadowTalk, we take on the Robert Mueller indictment against 12 Russian individuals for alleged US election interference. However, rather than dwell on issues of attribution and geopolitics, we focus on the detailed tactics, techniques and procedures laid out in the indictment. Katie Nickels, a member of the MITRE team, joins Rafael Amado and Richard Gold us to discuss the ATT&CK™ framework in greater detail, as well as the key lessons that organizations can takeaway. For Digital Shadows’ analysis of the indictment, visit https://www.digitalshadows.com/blog-and-research/mitre-attck-and-the-mueller-gru-indictment-lessons-for-organizations/
20 Jul 2018
Episode 21: eFail vulns affecting Open PGP and S-MIME, and interbank payment systems risks
In this week’s episode of Shadow Talk, Digital Shadows’ Head of Security Engineering, Dr Richard Gold, joins the pod to explain the EFAIL vulnerability affecting Open PGP and S-MIME, as well as other flaws identified in encrypted messaging platforms. Dr Gold also outlines the the factors you should be considering to prioritize your patching. In part two, we look at the $15 million theft in Mexico and outline the risks facing interbank payment systems.
21 May 2018
Episode 59: Practitioner’s Guide to Email Spoofing
Senior security engineer, Simon Hall joins Rafael Amado to explain how IT teams and defenders can combat email spoofing, one of the most popular techniques used by phishers. Simon discusses why spoofing is so prevalent and relatively simple for attackers to carry out, as well as how measures such as SPF, DMARC, and DKIM can be used to reduce spoofing risks. For more on this topic, read our Security Practitioner’s Guide to Email Spoofing and Risk Reduction, available at https://www.digitalshadows.com/blog-and-research/security-practitioners-guide-to-email-spoofing-and-risk-reduction/
11 Mar 2019
SPECIAL EPISODE: Iranian Cyber Threats: Practical Advice From CISO Rick Holland
Rick Holland (CISO at Digital Shadows) joins Harrison to share his thoughts on the Iranian cyber threat and what it means for cyber defenders. What should security practitioners be concerned with within the cyber sphere? Rick and Harrison discuss: - How threat du jour thinking isn’t an adequate defense model - Communicating up the chain of command effectively - Attack Techniques used by Iranian State Actors - What you can do proactively as a Security Practitioner - Why haven’t we seen any significant cyberattacks yet? We’re continuing to monitor the situation, so check back at https://www.digitalshadows.com/blog-and-research/ for more info from our team. Resources This Episode Rick’s blog on the topic: https://www.digitalshadows.com/blog-and-research/iranian-cyber-threats-practical-advice-for-security-professionals/ Rich Gold’s blog on Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework: https://www.digitalshadows.com/blog-and-research/mapping-the-asd-essential-8-to-the-mitre-attck-framework/
7 Jan 2020
Black Friday Deals On The Dark Web, Phineas Fisher Manifesto, And DarkMarket
Adam Cook and Viktoria Austin talk through the security and threat intelligence stories of this week including an update around Phineas Fisher, where the hacker offered up to $100k in what they called the “Hacktivist Bug Hunting Program”. The team also chats through a recent ransomware attack on Veterinary hospitals in the U.S., and some other ransomware updates. Then Viktoria and Adam touch upon some research from our own threat intelligence team (Photon Research), specifically around the dark web, including research into Black Friday deals on the dark web, and a look at DarkMarket. To see more threat intelligence updates from the week, make sure to check out this week’s intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary. Heads-up! We’re taking a break next week with the U.S. Holiday, so we’ll be back in 2 weeks. Have a great Thanksgiving! Resources From this Week Phineas Fisher Manifesto - https://www.vice.com/en_us/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies Veterinary Hospitals Ransomware Attacks: https://krebsonsecurity.com/2019/11/ransomware-bites-400-veterinary-hospitals/ DarkMarket: https://www.digitalshadows.com/blog-and-research/darkmarkets-feminist-flight-towards-equality-and-the-curious-case-of-canaries/ Black Friday Deals on the Dark Web: https://www.digitalshadows.com/blog-and-research/black-friday-deals-on-the-dark-web-a-cybercriminal-shopper-paradise/
22 Nov 2019
WEEKLY: Iranian Cyber Threats, Travelex Ransomware Attack, And Exploit Forum Updates
We’re back with our weekly ShadowTalk episodes! Viktoria hosts this week and introduces the episode bringing Sammy on to provide some regional insight and context around the Iranian cyber threat and discusses whether a cyber response is likely. Then Adam and Viktoria discuss other tops stories from the week including a ransomware outage for Travelex, Xiaomi Mijia camera data exposed, and bc[.]monster updates on Exploit forum. Check out our Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary Excited for what 2020 will bring - thanks for listening! Resources from this Week Practical Advice around Iranian Cyber Threats: https://www.digitalshadows.com/blog-and-research/iranian-cyber-threats-practical-advice-for-security-professionals/ Iranian APT Groups’ Tradecraft Styles: https://www.digitalshadows.com/blog-and-research/iranian-apt-groups-tradecraft-styles-using-mitre-attck-and-the-asd-essential-8/ Iran and Soleimani: Monitoring the Situation: https://www.digitalshadows.com/blog-and-research/iran-and-soleimani-monitoring-the-situation/
10 Jan 2020
Purple Teaming: An Interview With Eliza May Austin
In this episode, Viktoria interviews Eliza May Austin (CEO & Co-Founder of th4ts3cur1ty.company), and our own Richard Gold and James Chappell on Purple Teaming, a security assessment that combines both blue teaming and red teaming. The team discusses:- How do we make the blue and red teams collaborate better?- Is purple teaming a cost-effective measure when it comes to a less mature organization?- Why Purple Teaming needs to be at the forefront- What systems would you start testing with the purple team approach? - And more! We end the discussion with a quick overview of Eliza’s other passion: Ladies of London Hacking Society.To learn more, check out this episode’s resources:- https://th4ts3cur1ty.company/- Ladies Hacking Society: https://llhs.com/- Purple Team like you’re preparing for war: https://medium.com/@always0ddba1l/purple-team-like-your-preparing-for-war-ea17cd4d4a91- Purple Teaming with Vector, Cobalt Strike, and MITRE ATT&CK: https://www.digitalshadows.com/blog-and-research/purple-teaming-with-vectr-cobalt-strike-and-mitre-attck/
16 Sep 2019
SPECIAL EPISODE: FBI Releases Its Internet Crime Complaint Center (IC3) Report 2019
Alex, Harrison, and Rick discuss this year’s FBI IC3 (Internet Crime Complaint Center) report. In 2019, the FBI responded to over 460,000 complaints and observed estimated losses of over $3.5 billion across all instances of reported cybercrime. In comparison, there were over 350,000 complaints and $2.7 billion in losses, as reported in the previous year’s 2018 IC3 report. That’s a 33% increase in the number of reports and a 30% increase in total reported losses from 2018 to 2019.The team covers:- Business Email Compromise- Phishing- Reported Financial Losses skyrocketing for victims under 20- RansomwareCheck out our blog for more here: https://www.digitalshadows.com/blog-and-research/Check out the full FBI IC3 report here: https://pdf.ic3.gov/2019_IC3Report.pdf
3 Mar 2020
Texas Ransomware Outbreaks And Phishing Attacks Using Custom 404 Pages
Charles Ragland (a brand new ShadowTalk-er!) and Christian Rencken join Harrison this week to discuss an outbreak of ransomware attacks impacting local government entities across Texas. The team also discusses some phishing attacks that are using custom 404 pages and how Google is starting to remove FTP support from Chrome. They wrap up this episode with the question of the week: Which future technology most worries you from a cyber security perspective? Check out this week’s full intelligence summary at resources.digitalshadows.com Share feedback with us! DM us @digitalshadows on Twitter or email us at firstname.lastname@example.org. Some resources to check out this week:- https://www.bleepingcomputer.com/news/security/hackers-want-25-million-ransom-for-texas-ransomware-attacks/ - https://www.us-cert.gov/ncas/current-activity/2019/08/21/cisa-insights-ransomware-outbreak - https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-using-custom-404-pages/- https://www.bleepingcomputer.com/news/google/google-has-started-removing-ftp-support-from-chrome/
23 Aug 2019
Tochka Dark Web Market Offline, Market.ms Closes, And Data Leakage Stories
Alex, Harrison, Kacey, and Charles chat this week on some dark web and cybercriminal updates, data leakage stories that have hit the news, plus a GDPR story where an ISP was hit with a €9.6 Million Fine. We’ve got a new format for our weekly intelligence summary report. Check it out at https://resources.digitalshadows.com/weekly-intelligence-summary Thanks for listening and look out for our special (holiday-themed) final ShadowTalk episode of the year next week! More Resources This Week TMI blog on data leakage: https://www.digitalshadows.com/blog-and-research/2-billion-files-exposed-across-online-file-storage-technologies/ Over One Billion Email-Password Combos Leaked Online: - https://www.infosecurity-magazine.com/news/one-billion-email-password-combos/ Data Leak Exposes 750K Birth Certificate Applications https://www.infosecurity-magazine.com/news/data-leak-exposes-750k-birth-cert/ Microsoft: 44 Million User Passwords Have Been Breached https://www.infosecurity-magazine.com/news/microsoft-44-million-passwords/ ISP 1&1 Hit With €9.6 Million GDPR Fine: https://www.infosecurity-magazine.com/news/isp-11-hit-with-96-million-gdpr/
13 Dec 2019
Episode 51: Phineas Fisher and the Hacking Team Investigation
Some called him a hero. Some called him the most dangerous man to the defense industry. In today’s ShadowTalk, Dr. Richard Gold and Harrison Van Riper join Rafael Amado to discuss the vigilante hacker known as Phineas Fisher. Leaked court documents surfaced this week, detailing how Italian authorities tried and ultimately failed to identify and convict Phineas Fisher for the infamous breach against the Italian surveillance and technology company, Hacking Team. The team dive into the history of Phineas Fisher, the techniques used to break into the Hacking Team network, and the OPSEC practices that allowed Phineas Fisher to remain at large.
16 Nov 2018
Operation Soft Cell, Libra Cryptocurrency Impersonations, and New Cyber Espionage Activity
This week Alex and Phil join Harrison to discuss Operation Soft Cell, a campaign that has been actively compromising telecommunications organizations since early 2017. Other highlights from the week include focus on a new cyber espionage campaign, known as Operation BouncingGolf, targeting Middle Eastern individuals’ mobile devices; the Russia-associated threat group “Turla”, which has demonstrated new tools and capabilities in three campaigns; and media allegations that the United States Cyber Command has targeted Iranian espionage groups. The team ends the week with a discussion around some new research Alex put out around Libra cryptocurrency impersonations. Check out Alex’s blog at https://www.digitalshadows.com/blog-and-research/facebooks-libra-cryptocurrency-cybercriminals-tipping-the-scales-in-their-favor/Full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-20-jun-27-jun-2019.Heads-up, we’ll be off for the 4th of July next week, but check out our intelligence summary report at https://resources.digitalshadows.com/weekly-intelligence-summary.
28 Jun 2019