All Posts

Show
How the Cybercriminal Underground Mirrors the Real World
January 21, 2020 read more

How Digital Shadows Helped Find and Remediate an Exposed Admin Password on Github

January 23, 2020

  I often get asked to share examples of the types of alerts we send to clients. I work on …

read more

Inside Digital Shadows: Davitt Potter Joins as Director of MSSP and Channels in the Americas

January 22, 2020

  I’ve spent over 25 years now in the channel supporting enterprise IT in some form or fashion.  After a …

read more

ShadowTalk Update – NSA Vulnerability Disclosure, Ransomware News, and Iran Updates

January 20, 2020

We’re back with our weekly ShadowTalk episodes! Viktoria hosts this week and introduces the episode bringing Sammy on to provide …

read more

Third Party Risk: 4 ways to manage your security ecosystem

January 16, 2020

  The digital economy has multiplied the number of suppliers that organizations work and interact with. Using a supplier can …

read more

NSA Vulnerability Disclosure: Pros and Cons

January 15, 2020

  On Monday, January 13th, Brian Krebs reported that Microsoft would be releasing “a software update on Tuesday to fix …

read more

CVE-2019-19781: Analyzing the Exploit

January 14, 2020

  On December 17th 2019, CVE-2019-19781 was disclosed. The vulnerability allows for directory traversal and remote code execution on Citrix …

read more

Cryptonite: Ransomware’s answer to Superman…

January 14, 2020

  Update: It appears that the Cryptonite website is no longer active, such is the rapidly changing nature of cybercrime. …

read more

Iran and the United States – start of the long war or return to normal?

January 13, 2020

  On 03 Jan 2020, the United States conducted a targeted killing of Major General Qasem Soleimani, commander of the …

read more

ShadowTalk Update – Iranian Cyber Threats, Travelex Ransomware Attack, and Exploit Forum updates

January 10, 2020

We’re back with our weekly ShadowTalk episodes! Viktoria hosts this week and introduces the episode bringing Sammy on to provide …

read more

Iranian APT Groups’ Tradecraft Styles: Using Mitre ATT&CK™ and the ASD Essential 8

January 7, 2020

  With the recent news of Qasem Soleimani on Friday 3rd January 2020, many organizations have been reviewing their security …

read more

Iran and Soleimani: Monitoring the Situation

January 7, 2020

*This blog has been updated as of Jan 9, 2020.  Welcome to 2020. Have a good holiday? Back to work …

read more

Iranian Cyber Threats: Practical Advice for Security Professionals

January 6, 2020

Unless you went very dark for an extended holiday break, you are no doubt very well aware of the United …

read more

ShadowTalk Update – Jingle Bell Ryuk: NOLA Ransomware, Ring Doorbells, and 2020 Predictions

December 23, 2019

CISO Rick Holland joins our ShadowTalk hosts (Viktoria, Alex, and Harrison) for our holiday special! This week the team covers: …

read more

Top Security Blogs of 2019 from Digital Shadows

December 20, 2019

  As we approach the end of 2019, we wanted to share some of the most popular security trends and …

read more

The Closure of Market.ms: A Cybercriminal Marketplace Ahead of Its Time

December 18, 2019

In the world of “what could have been,” the cybercriminal marketplace market[.]ms would be a leader in the cybercriminal underground. …

read more

2020 Cybersecurity Forecasts: 5 trends and predictions for the new year

December 18, 2019

  If all the holiday fuss isn’t reminder enough, 2020 is almost upon us. 2019 was an unusual year in …

read more

Forums are Forever – Part 3: From Runet with Love

December 17, 2019

  The rise of alternative technologies hasn’t spelled the end of forums, which seem to be prospering against all odds. …

read more

ShadowTalk Update – Tochka Dark Web Market Offline, Market.ms Closes, and Data Leakage Stories

December 16, 2019

Alex, Harrison, Kacey, and Charles chat this week on some dark web and cybercriminal updates, data leakage stories that have …

read more

Threat Intelligence: A Deep Dive

December 12, 2019

  Welcome to our deep dive on threat intelligence: intended to help security professionals embarking on creating and building a …

read more

Forums are Forever – Part 2: Shaken, but not Stirred

December 10, 2019

  Cybercriminal forums continue to thrive despite law-enforcement takedowns and the emergence of more efficient and secure alternatives. Digital Shadows …

read more

ShadowTalk Update – Cybercriminal Forum Research, Mixcloud Breach, and International Crackdown on RAT Spyware

December 9, 2019

Viktoria invites Stewart Bertram to kick-off this week’s episode around new cybercrime research we put out on the Modern Cybercriminal …

read more

A Threat Intelligence Analyst’s Guide to Today’s Sources of Bias

December 5, 2019

  In an industry prone to going overboard with fear-based marketing, the cyber threat intelligence (CTI) community has a refreshing …

read more

Forums are Forever – Part 1: Cybercrime Never Dies

December 4, 2019

  If one could predict the future back in the late 1990s when the first cybercriminal web forums emerged, few …

read more

2.3 billion files exposed across online file storage technologies

December 3, 2019

Originally published May 2019 2.3 billion is a massive number. It’s hard even to wrap your head around; what do …

read more

ShadowTalk Update – RIPlace, Trickbot, and Russian-language forum Probiv

December 2, 2019

No ShadowTalk podcast episode this week, but updates from the Intelligence Summary are below. Updates from this week’s Intelligence Summary …

read more

Asset Inventory Management: Difficult But Essential

November 27, 2019

  If it’s one thing that most security professionals can agree on, it’s that asset inventories are one of the …

read more

Probiv: The missing pieces to a cybercriminal’s puzzle

November 26, 2019

A husband wants to find out who owns the unknown number that’s been ringing his wife’s cell phone late at …

read more

ShadowTalk Update – Black Friday Deals on the Dark Web, Phineas Fisher Manifesto, and DarkMarket

November 25, 2019

Adam Cook and Viktoria Austin talk through the security and threat intelligence stories of this week including an update around …

read more

Black Friday Deals on the Dark Web: A cybercriminal shopper’s paradise

November 21, 2019

  Black Friday. You love it, you hate it, you love to hate it. Whether you’re already getting your finances …

read more

DarkMarket’s Feminist Flight Towards Equality and the Curious Case of Canaries

November 19, 2019

  In late August, Dark Fail (a Tor onion link repository service) added several onion domains for two new dark …

read more

BSidesDFW 2019: OSINT Workshop Recap

November 18, 2019

  A few Saturdays ago, we had the pleasure of presenting at BSidesDFW in Fort Worth, Texas. We were all …

read more

ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera Bug

November 18, 2019

Dallas is sound effects and all this week with Kacey, Charles, Alex, and Harrison. The team discusses their recent OSINT …

read more

VoIP security concerns: Here to stay, here to exploit

November 14, 2019

  VoIP, or Voice over Internet Protocol, is the protocol via which voice communication and multimedia session are delivered via …

read more

Dynamic CVVs: 2FA 2Furious

November 12, 2019

  The security community is quick to highlight the benefits of two-factor authentication (2FA) when it comes to something like …

read more

ShadowTalk Update – BlueKeep Attacks, Megacortex Ransomware, and Web.com Breach

November 11, 2019

This week the London team looks at the following stories: BlueKeep Exploit Could Rapidly Spread Megacortex Ransomware Changes Windows Passwords …

read more

Combatting Domain-Centric Fraud: Why Mimecast is partnering with Digital Shadows

November 7, 2019

This is a guest blog, authored by Matthew Gardiner, Director of Enterprise Security Campaigns at Mimecast Domain fraud is a widespread …

read more

ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

November 4, 2019

Adam Cook, Philip Doherty, and Viktoria Austin host this week’s ShadowTalk update around an unsecured Elasticsearch database exposing account information …

read more

Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums

October 31, 2019

  With the recent breach that targeted BriansClub, automated vending carts (better known as AVCs), have received significant media attention …

read more

Cybercriminal credit card stores: Is Brian out of the club?

October 31, 2019

  If you’re an avid follower of Digital Shadows’ blogs, or just have a general interest in the cybercriminal landscape, …

read more

Your Cyber Security Career – Press start to begin

October 30, 2019

  October was Cyber Security Awareness month, and as a follow-up, I thought it would be good  to talk about …

read more

Australia Cyber Threat Landscape report (H1 2019)

October 29, 2019

Depending on where you are in the world, October is characterized by the onset of a new season and/or fewer …

read more

ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

October 25, 2019

We’ve got all 3 ShadowTalk hosts in Dallas this week: Harrison Van Riper, Viktoria Austin, and Alex Guirakhoo. The team …

read more

Understanding the Consequences of Data Leakage through History

October 24, 2019

One of the most interesting aspects of transitioning from high school history teacher to cyber threat intelligence professional is the …

read more

WiFi Security: Dispelling myths of using public networks

October 23, 2019

We have all seen many articles, blogs, endless Twitter commentary, and so on about the risks of using public WiFi …

read more

Japan Cyber Threat Landscape report (H1 2019)

October 22, 2019

Japan: currently the host of the multi-national sporting event, the Rugby World Cup, and soon to be host of the …

read more

ShadowTalk Update – Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability

October 18, 2019

Kacey, Charles, Harrison, and Alex kick off this week’s episode talking about our Fall Dallas team event (an amateur version …

read more

Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

October 17, 2019

Honeypots can be useful tools for gathering information on current attack techniques. Conversely, they can be an overwhelming source of …

read more

Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

October 16, 2019

Typosquatting. It’s a phrase most of us know in the security realm and think we’ve got our hands and minds …

read more

Cybercriminal Forum Developments: Escrow Services

October 15, 2019

Financial transactions made on cybercriminal forums tend to look remarkably similar to transactions made on legitimate platforms. You have a …

read more

ShadowTalk Update – Iran-linked APT35, Skimming by Magecart 4, Rancour, and Emotet Resurgence

October 11, 2019

We’re back in London this week! Viktoria chats with Adam Cook, Philip Doherty, and Josh Poole on this week’s top …

read more