Threat Intelligence

Account takeover: Expanding on impact

July 27, 2020 | 7 Min Read

Digital Shadows has collected over 15 billion credentials across the open, deep, and dark web. In our recent research piece, Exposure to Takeover, we analyzed the types of alerts that we’ve sent...
Read Here

Categories

Latest Post Brand Protection Company Cybercrime and Dark Web Research Data Leakage DevSecOps Product Threat Intelligence

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

A Christmas 2020 Review: Confronting and controlling insider threats

A Christmas 2020 Review: Confronting and controlling insider threats

December 21, 2020 | 6 Min Read

As the holidays rapidly approach, our halls are decked with images of Santa Claus. Kids are told stories of his...
Read Here
QUO, QUO, QUO! Merry Christmas…..

QUO, QUO, QUO! Merry Christmas…..

December 21, 2020 | 7 Min Read

On the first day of Christmas my true love sent to me an index of the dark web for free….....
Read Here
How Bizarre: Joker’s Stash .bazar site allegedly seized by law enforcement

How Bizarre: Joker’s Stash .bazar site allegedly seized by law enforcement

December 17, 2020 | 6 Min Read

What happened to Joker’s Stash? In a very recent event, the Blockchain domains of Joker’s Stash, an automated vending cart...
Read Here
Top Five ShadowTalk Episodes of the Year

Top Five ShadowTalk Episodes of the Year

December 17, 2020 | 4 Min Read

Despite everything else happening in the world, 2020 has been an amazing year for ShadowTalk, our weekly threat intelligence podcast...
Read Here
Holiday Cybercrime: Krampus is in Town

Holiday Cybercrime: Krampus is in Town

December 15, 2020 | 7 Min Read

For the average consumer, Black Friday and holiday shopping look different in 2020. In previous years, we would physically make our...
Read Here
SolarWinds Compromise: What security teams need to know

SolarWinds Compromise: What security teams need to know

December 14, 2020 | 5 Min Read

The Cybersecurity and Infrastructure Security Agency (CISA) recently released an Emergency Directive reporting on a long-running supply-chain attack actively exploiting...
Read Here
Impersonator Syndrome: Supply chain lures and COVID-19 cures

Impersonator Syndrome: Supply chain lures and COVID-19 cures

December 9, 2020 | 3 Min Read

It’s been a tough few months for the healthcare industry (and for all of us in general). While we’ve reported...
Read Here
The Top 3 Cybersecurity Threats In The Middle East

The Top 3 Cybersecurity Threats In The Middle East

December 2, 2020 | 7 Min Read

SECURITY CONCERNS ARE HEATING UP IN THE MIDDLE EAST Rising rates of cybercriminal activities occur as threat actors observe the...
Read Here
2021 Forecasts: Six Trends And Predictions For The New Year

2021 Forecasts: Six Trends And Predictions For The New Year

December 1, 2020 | 18 Min Read

This year has been a real doozy, y’all: Ransomware capitalizing on extortion, operators compromising thousands of organizations, the COVID-19 pandemic...
Read Here
ShadowTalk Update: Egregor Ransomware, IoT Regulations, Black Friday Threats and More!

ShadowTalk Update: Egregor Ransomware, IoT Regulations, Black Friday Threats and More!

November 30, 2020 | 2 Min Read

ShadowTalk hosts Stefano, Adam and Dylan bring you the latest in threat intelligence. This week they cover: QBot drops Prolock...
Read Here
Egregor: The New Ransomware Variant to Watch

Egregor: The New Ransomware Variant to Watch

November 24, 2020 | 9 Min Read

INTRODUCING EGREGOR RANSOMWARE GROUP First observed on September 25th, 2020, the Egregor ransomware variant has been making considerable strides in...
Read Here
SearchLight’s Exposed Document Alerts: Uncover the Critical, Faster

SearchLight’s Exposed Document Alerts: Uncover the Critical, Faster

November 23, 2020 | 5 Min Read

BACKING UP…INTO A DITCH I am a terrible driver. While I’ve sat through Driver’s Ed courses, studied physics and trigonometry,...
Read Here
Holiday Cybercrime: Retail Risks and Dark Web Kicks

Holiday Cybercrime: Retail Risks and Dark Web Kicks

November 19, 2020 | 7 Min Read

The holidays are right around the corner, and you know what that means – more calories and significant price drops...
Read Here
ShadowTalk Update: RegretLocker, OceanLotus, Millions Seized in Cryptocurrency, and more!

ShadowTalk Update: RegretLocker, OceanLotus, Millions Seized in Cryptocurrency, and more!

November 16, 2020 | 2 Min Read

ShadowTalk hosts Stefano, Kim, Dylan, and Adam bring you the latest in threat intelligence. This week they cover:  RegretLocker’s approach...
Read Here
To Code or Not to Code? Cybercriminals and the world of programming

To Code or Not to Code? Cybercriminals and the world of programming

November 12, 2020 | 9 Min Read

If you keep a pulse on the technology sector or have take note of billboard ads in any urban area...
Read Here
A Eulogy for Maze: The end of a ransomware era?

A Eulogy for Maze: The end of a ransomware era?

November 9, 2020 | 6 Min Read

Maze— a high profile ransomware gang in the cybercriminal world— now claims they’ve ceased to exist. The hacker group famed...
Read Here
Simplifying Cybercriminal Jargon: A Glossary of Cybercriminal Access Offerings

Simplifying Cybercriminal Jargon: A Glossary of Cybercriminal Access Offerings

November 2, 2020 | 15 Min Read

With advertisements for access to compromised victim networks becoming increasingly prevalent across cybercriminal platforms, Digital Shadows has compiled the following...
Read Here
Cybersecurity Awareness Month: Week 4 – The Future of Connected Devices

Cybersecurity Awareness Month: Week 4 – The Future of Connected Devices

October 28, 2020 | 8 Min Read

This year’s Cybersecurity Awareness Month has served as a refreshing installment of security considerations that are often at risk of...
Read Here
Marcus Carey Joins ShadowTalk

Marcus Carey Joins ShadowTalk

October 23, 2020 | 3 Min Read

We recently had mentor, author, founder, US Navy veteran, and Texan, Marcus Carey join ShadowTalk. For those who don’t know...
Read Here
Dark pathways into cybercrime: Minding the threat actor talent gap

Dark pathways into cybercrime: Minding the threat actor talent gap

October 21, 2020 | 11 Min Read

Digital Shadows recently published two blogs looking at how threat actors express their personality on cybercriminal forums — either inadvertently...
Read Here
Cybersecurity Awareness Month: Week 3 – Securing Internet- Connected Devices in Healthcare

Cybersecurity Awareness Month: Week 3 – Securing Internet- Connected Devices in Healthcare

October 21, 2020 | 9 Min Read

The healthcare industry is increasingly relying upon internet-connected devices and solutions to improve patient care, organizational efficiency, crisis response speed,...
Read Here
Quarterly Update: Ransomware Trends in Q3

Quarterly Update: Ransomware Trends in Q3

October 19, 2020 | 8 Min Read

As we embark on the final months of 2020, ransomware has been the main topic of conversation once again. Throughout...
Read Here
Digital Shadows Analysis of Europol’s Cybercrime Report

Digital Shadows Analysis of Europol’s Cybercrime Report

October 14, 2020 | 12 Min Read

In early October 2020, Europol released their Internet Organized Crime Threat Assessment (IOCTA) 2020, detailing the latest trends and impacts...
Read Here
Cybersecurity Awareness Month: Week 2 – Security Devices at Home and Work

Cybersecurity Awareness Month: Week 2 – Security Devices at Home and Work

October 14, 2020 | 7 Min Read

This week, National Cyber Security Awareness Month (NCSAM) focuses on accountability and responsibility behind securing your devices at home and...
Read Here
Clickbait to Checkmate: SMS-based scam targets US smartphones and accesses victim locations

Clickbait to Checkmate: SMS-based scam targets US smartphones and accesses victim locations

October 13, 2020 | 11 Min Read

Since the start of the COVID-19 pandemic, Digital Shadows has observed a significant increase in the number of SMS-based phishing...
Read Here
Cybersecurity Awareness Month: Week 1 – If you Connect It, Protect It

Cybersecurity Awareness Month: Week 1 – If you Connect It, Protect It

October 8, 2020 | 6 Min Read

This week marks the opening week of the annual National Cyber Security Awareness Month (NCSAM). While focusing on cybersecurity is...
Read Here
Help your development teams keep their keys safe

Help your development teams keep their keys safe

October 7, 2020 | 3 Min Read

Modern development practices are a blessing and a curse for organizations. Efficiency gains delivered by distributed workforces, and blended in...
Read Here
Let’s get ready to tumble! Bitcoin vs Monero

Let’s get ready to tumble! Bitcoin vs Monero

October 6, 2020 | 13 Min Read

Over the past ten years, cryptocurrencies have become the go-to form of payment for the less law-abiding citizens of the...
Read Here
Recent arrests and high-profile convictions: What does it mean for the cyber threat landscape?

Recent arrests and high-profile convictions: What does it mean for the cyber threat landscape?

September 30, 2020 | 13 Min Read

In the wonderful world of cyber threat intelligence and research, we often analyze the impact that cybercrime or nation-state activity...
Read Here
Four Ways to Validate Credentials in SearchLight

Four Ways to Validate Credentials in SearchLight

September 29, 2020 | 3 Min Read

Amid the billions of credentials that are breached each year, security teams are focused on one core question: do any...
Read Here
Cybercriminals Targeting SAP RECON

Cybercriminals Targeting SAP RECON

September 29, 2020 | 5 Min Read

Key takeaways From the discussions that rapidly emerged following the publication of CVE-2020-6287, we can learn the following: There is...
Read Here
Unpicking Cybercriminals’ Personalities – Part 2: Morality and Forum Dynamics

Unpicking Cybercriminals’ Personalities – Part 2: Morality and Forum Dynamics

September 28, 2020 | 7 Min Read

In the first part of this blog series, we looked at numerous examples of ways cybercriminals have expressed their gender...
Read Here
ShadowTalk Update – Law Enforcement Cracks Down On Cybercriminals, Fancy Bear Goes Phishing, And More

ShadowTalk Update – Law Enforcement Cracks Down On Cybercriminals, Fancy Bear Goes Phishing, And More

September 28, 2020 | 2 Min Read

ShadowTalk hosts Kacey, Charles, Alec and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they...
Read Here
RECAP: Discussing deception with Chris Sanders

RECAP: Discussing deception with Chris Sanders

September 24, 2020 | 3 Min Read

When I was a Forrester Research analyst, I had some strong opinions on deception technology. Approximately five years ago, I...
Read Here
Unpicking Cybercriminals’ Personalities – Part 1: Gender and Nationality

Unpicking Cybercriminals’ Personalities – Part 1: Gender and Nationality

September 23, 2020 | 9 Min Read

It’s easy to fall into the trap of thinking about cybercriminal forums as purely transactional platforms; environments in which cut-throat...
Read Here
DarkSide: The new ransomware group behind highly targeted attacks

DarkSide: The new ransomware group behind highly targeted attacks

September 22, 2020 | 8 Min Read

We’ve recently observed the emergence of a new ransomware operation named DarkSide. The nuance of the operation includes corporate-like methods...
Read Here
ShadowTalk Update – Ed Merrett Joins To Talk HackableYou And The Latest In Threat Intel

ShadowTalk Update – Ed Merrett Joins To Talk HackableYou And The Latest In Threat Intel

September 21, 2020 | 2 Min Read

Listen below 👇👇 ShadowTalk Threat Intelligence Podcast · Weekly: The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides...
Read Here
With the Empire falling, who will take over the throne?

With the Empire falling, who will take over the throne?

September 16, 2020 | 10 Min Read

With the Empire falling, who will take over the throne? Empire Market’s exit scam has dealt a significant blow to...
Read Here
Access Keys Exposed: More Than 40% Are For Database Stores

Access Keys Exposed: More Than 40% Are For Database Stores

September 14, 2020 | 6 Min Read

By now, we’ve all heard news about AWS keys leaked by a developer on GitHub. While this can cause damaging...
Read Here
ShadowTalk Update – The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again

ShadowTalk Update – The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again

September 14, 2020 | 2 Min Read

Listen below 👇👇 ShadowTalk Threat Intelligence Podcast · Weekly: The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides...
Read Here
Recruitment fraud: Don’t spook your dream candidates this halloween

Recruitment fraud: Don’t spook your dream candidates this halloween

September 10, 2020 | 4 Min Read

Everyone wants their dream job. Some people get it, others think they’ve found it online… the job post looks appealing:...
Read Here
Cyber espionage: How to not get spooked by nation-state actors

Cyber espionage: How to not get spooked by nation-state actors

September 8, 2020 | 8 Min Read

In all the years I’ve worked in the cybersecurity field (nine if anyone’s counting), I haven’t seen as much reporting...
Read Here
ShadowTalk Update – New Zealand Stock Exchange faces DDoS, Tesla avoids cyberattack, and Pioneer Kitten updates

ShadowTalk Update – New Zealand Stock Exchange faces DDoS, Tesla avoids cyberattack, and Pioneer Kitten updates

September 7, 2020 | 2 Min Read

Listen below 👇👇 ShadowTalk Threat Intelligence Podcast · Weekly: New Zealand Stock Exchange faces DDoS, Tesla avoids cyberattack, and Pioneer...
Read Here
Revisiting Typosquatting and the 2020 US Presidential Election

Revisiting Typosquatting and the 2020 US Presidential Election

September 2, 2020 | 11 Min Read

In October 2019, Digital Shadows’ Photon Research Team embarked on an adventure involving election typosquats that could potentially affect the...
Read Here
What is DevSecOps and Why Do We Need It?

What is DevSecOps and Why Do We Need It?

August 12, 2020 | 4 Min Read

DevSecOps, SecDevOps, and any variation of those words are massively trending topics in tech companies today. People love to talk...
Read Here
Dread takes on the spammers – who will come out on top?

Dread takes on the spammers – who will come out on top?

August 28, 2020 | 9 Min Read

Spamming is an irritating and sometimes damaging issue that affects all of us, whether it’s constant emails about dubious products...
Read Here
RECAP: Discussing the evolution and trends of cybercrime with Geoff White

RECAP: Discussing the evolution and trends of cybercrime with Geoff White

August 25, 2020 | 8 Min Read

In late July 2020, Digital Shadows had the fantastic opportunity to speak with Geoff White on ShadowTalk, Digital Shadows’ threat...
Read Here
Validate Exposed Credentials with Okta to Save Even More Time

Validate Exposed Credentials with Okta to Save Even More Time

August 24, 2020 | 3 Min Read

SearchLight customers can now automatically validate credential alerts via an integration with Okta, drastically reducing the time required to triage. ...
Read Here
ShadowTalk Update – Emotet Gets a Vaccine, NSA Drovorub Advisory, and North Korean Activity plus Bureau 121

ShadowTalk Update – Emotet Gets a Vaccine, NSA Drovorub Advisory, and North Korean Activity plus Bureau 121

August 24, 2020 | 3 Min Read

Listen below 👇👇 ShadowTalk Threat Intelligence Podcast · Weekly: Emotet Gets a Vaccine, NSA Drovorub Advisory, and North Korean Activity...
Read Here
Dark Web Forums: The new kid on the block

Dark Web Forums: The new kid on the block

August 18, 2020 | 12 Min Read

There’s a new kid on the block, and their name is Dark Web Forums (DWF). Have they come to stay?...
Read Here
Optiv CTIE 2020: COVID-19, cybercrime, and third-party risk

Optiv CTIE 2020: COVID-19, cybercrime, and third-party risk

August 17, 2020 | 10 Min Read

Optiv recently released their 2020 Cyber Threat Intelligence Estimate report, which gives organizations a detailed view into the current cyber...
Read Here
ShadowTalk Update – Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

ShadowTalk Update – Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

August 17, 2020 | 2 Min Read

Listen below 👇👇 ShadowTalk Threat Intelligence Podcast · Weekly: Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source...
Read Here
It’s even easier to initiate takedowns in SearchLight

It’s even easier to initiate takedowns in SearchLight

August 12, 2020 | 3 Min Read

When faced with infringing content, phishing domain or an impersonation of the brand, security teams want to take down content...
Read Here
Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

August 11, 2020 | 15 Min Read

Just a few short months ago, the Russian-language cybercriminal scene was rocked by the news of an arbitration case involving...
Read Here
ShadowTalk Update – CWT pays ransom, data leaked for 900+ Pulse Secure Servers, EU issues first cyber sanctions

ShadowTalk Update – CWT pays ransom, data leaked for 900+ Pulse Secure Servers, EU issues first cyber sanctions

August 10, 2020 | 2 Min Read

Listen below 👇👇 ShadowTalk Threat Intelligence Podcast · Weekly: CWT pays ransom, data leaked for 900+ Pulse Secure Servers, EU...
Read Here
Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest research from our Photon Research team explores the increasing phenomenon of...
Read Here
The story of Nulled: Old dog, new tricks

The story of Nulled: Old dog, new tricks

August 4, 2020 | 9 Min Read

It is often said that old dogs have a hard time learning new tricks, yet researchers have claimed that because...
Read Here
ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

August 3, 2020 | 3 Min Read

This week it’s a full house with ShadowTalk hosts Alex, Kacey, Charles, Alec and Rick. During this episode they cover:...
Read Here
Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

July 29, 2020 | 10 Min Read

However, the level of engagement on Patriarh’s formerly-active threads has dropped significantly since we last shone our spotlight on them....
Read Here
Account takeover: Expanding on impact

Account takeover: Expanding on impact

July 27, 2020 | 7 Min Read

Digital Shadows has collected over 15 billion credentials across the open, deep, and dark web. In our recent research piece,...
Read Here
ShadowTalk Update – Trickbot trojan mishaps, Emotet resurgence, Twitter takeovers, and APT group updates

ShadowTalk Update – Trickbot trojan mishaps, Emotet resurgence, Twitter takeovers, and APT group updates

July 27, 2020 | 2 Min Read

This week’s ShadowTalk hosts Adam, Demi, Stefano and Kim discuss the latest threat intelligence stories. In this episode they cover: ...
Read Here
Ransomware Trends in Q2: How Threat Intelligence Helps

Ransomware Trends in Q2: How Threat Intelligence Helps

July 22, 2020 | 8 Min Read

If you’re anything like me, it can be a struggle to keep up with the latest ransomware news. Last quarter,...
Read Here
Jira Atlassian SearchLight   Integration

Jira Atlassian SearchLight   Integration

July 21, 2020 | 2 Min Read

On average, it’s estimated that security teams deploy around 47 cybersecurity solutions and technologies.  That’s more solutions than hours in...
Read Here
Abracadabra! – CryptBB demystifying the illusion of the private forum

Abracadabra! – CryptBB demystifying the illusion of the private forum

July 15, 2020 | 8 Min Read

You wouldn’t usually associate cybercriminal forums with the mysterious “Magic Circle,” (for non-Brits less familiar with the subject, the Magic...
Read Here
SearchLight’s Credential Validation: Only Focus on What Matters

SearchLight’s Credential Validation: Only Focus on What Matters

July 14, 2020 | 4 Min Read

Of the many use cases associated with threat intelligence and digital risk protection, monitoring for exposed credentials is always one...
Read Here
Tax Fraud in 2020: Down But Not Out

Tax Fraud in 2020: Down But Not Out

July 13, 2020 | 4 Min Read

After a three month extension, tomorrow marks tax deadline day for the United States. While it may seem that tax...
Read Here
ShadowTalk Update – PAN-OS Vulnerability, Lazarus Group, BEC scammer “Hushpuppi”, and New Photon ATO Research

ShadowTalk Update – PAN-OS Vulnerability, Lazarus Group, BEC scammer “Hushpuppi”, and New Photon ATO Research

July 13, 2020 | 2 Min Read

This week, Digital Shadows team Viktoria, Demelza, Adam and Stefano cover:  PAN-OS Vulnerability (CVE-2020-2021): Impact & Mitigation Magecart Developments: Lazarus...
Read Here
From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

July 7, 2020 | 9 Min Read

Account Takeover: Why criminals can’t resist We rely on passwords to safeguard those precious accounts that allow us to conduct...
Read Here
Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

June 30, 2020 | 4 Min Read

We all have those days or that time of the quarter where management demands a nice glossy report with the...
Read Here
ShadowTalk Update – Torigon, Nulledflix, and BlueLeaks, Plus DevSecOps Insights From DS CISO Rick

ShadowTalk Update – Torigon, Nulledflix, and BlueLeaks, Plus DevSecOps Insights From DS CISO Rick

June 29, 2020 | 2 Min Read

Alex, Kacey, Charles and Rick host this week’s ShadowTalk to bring you the latest threat intelligence stories. This week they...
Read Here
ShadowTalk Update – Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack

ShadowTalk Update – Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack

June 22, 2020 | 2 Min Read

Demelza, Viktoria, Adam, and Stefano host this week’s ShadowTalk to bring you the latest threat intelligence stories from the week....
Read Here
ShadowTalk Update – Maze Ransomware Alliance, EndGame DDoS Protection Tool, And Ransomware Disguises

ShadowTalk Update – Maze Ransomware Alliance, EndGame DDoS Protection Tool, And Ransomware Disguises

June 15, 2020 | 2 Min Read

Alex is joined by Kacey and Charles this week to chat through the top threat intel stories of the week....
Read Here
Security Threat Intel Products and Services: Mapping SearchLight

Security Threat Intel Products and Services: Mapping SearchLight

June 10, 2020 | 6 Min Read

1. TI Analyst Augmentation. Very few organizations have access to vast resources that will enable them to build out a...
Read Here
CISA and FBI alert: Top vulnerabilities exploited from 2016-2019 and trends from 2020

CISA and FBI alert: Top vulnerabilities exploited from 2016-2019 and trends from 2020

June 9, 2020 | 7 Min Read

A couple of weeks ago, the United States Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation...
Read Here
SHADOWTALK UPDATE – HACKTIVIST CHOOSES DESTRUCTION OVER PROFIT W/ RANSOMWARE AND COLLECTION 1 HACKER IDENTIFIED

SHADOWTALK UPDATE – HACKTIVIST CHOOSES DESTRUCTION OVER PROFIT W/ RANSOMWARE AND COLLECTION 1 HACKER IDENTIFIED

June 1, 2020 | 2 Min Read

Pietro, Viktoria, Adam, and Demelza cover this week’s top threat intelligence stories, including a Hacktivist group choosing destruction over profit...
Read Here
3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this already been the longest decade ever? Cyber-threat actors are...
Read Here
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was pushed back as a result of COVID19, but thankfully the 2020 Verizon Data...
Read Here
SHADOWTALK UPDATE – WANNACRY ANNIVERSARY, WORDPRESS PLUGIN VULNERABILITY, AND WELEAKDATA COMPROMISED

SHADOWTALK UPDATE – WANNACRY ANNIVERSARY, WORDPRESS PLUGIN VULNERABILITY, AND WELEAKDATA COMPROMISED

May 18, 2020 | 2 Min Read

The team starts this week’s episode with a retrospective look at WannaCry, discussing some core lessons learned from this ransomware...
Read Here
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant global events, including military and geopolitical tensions and the onset of the COVID-19...
Read Here
Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

May 11, 2020 | 13 Min Read

Co-authored by: Pratik Sinha MD PhD1,2, Alastair E Paterson3 M.Eng With over 215,000 dead globally and with close to 26...
Read Here
ShadowTalk Update – Competitions On English Forums, Purple Teaming, & Hacker Bribes ‘Roblox’ Insider

ShadowTalk Update – Competitions On English Forums, Purple Teaming, & Hacker Bribes ‘Roblox’ Insider

May 11, 2020 | 2 Min Read

This week Alex chats with Kacey, Charles, and Rick around competitions we’ve been seeing on English-language cybercriminal forums and how...
Read Here
Threat Intelligence Feeds: Why Context is Key

Threat Intelligence Feeds: Why Context is Key

May 7, 2020 | 10 Min Read

Key Takeaways: Choosing which threat intelligence feeds to rely on can be a daunting task: Different feeds provide varying levels...
Read Here
ShadowTalk Update – Microsoft Teams ATO Vulnerability, APT32, & Uptick In Ransomware

ShadowTalk Update – Microsoft Teams ATO Vulnerability, APT32, & Uptick In Ransomware

May 1, 2020 | 3 Min Read

Jamie, Adam, and Demelza join Viktoria for this week’s threat intelligence updates. Top stories this week include:– Vulnerability allowed hijacking...
Read Here
ShadowTalk Update – Maze Ransomware Infiltrates Cognizant, Czech NCISA Warning, And Third Party Risk Assessment

ShadowTalk Update – Maze Ransomware Infiltrates Cognizant, Czech NCISA Warning, And Third Party Risk Assessment

April 27, 2020 | 3 Min Read

Alex, Kacey, Charles, and Harrison host this week’s ShadowTalk for threat intel updates including Maze ransomware updates, a warning of...
Read Here
What ‘The Wire’ can teach us about cybersecurity

What ‘The Wire’ can teach us about cybersecurity

April 21, 2020 | 12 Min Read

In the current era of self-isolation, remote work, and constant tweets offering epidemiological hot takes, now is the perfect time...
Read Here
ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

April 20, 2020 | 2 Min Read

This week we have new ShadowTalk guest joining us from London, Demelza! She joins Viktoria and Jamie for our threat...
Read Here
Zoom Security and Privacy Issues: Week in Review

Zoom Security and Privacy Issues: Week in Review

April 17, 2020 | 10 Min Read

In the last month, you’ve likely been hearing about the video conferencing app Zoom more than ever before. With so...
Read Here
Top Priorities for 3rd party risk assessments

Top Priorities for 3rd party risk assessments

April 16, 2020 | 6 Min Read

If you’re like me, you’re probably tired of hearing about Zoom in the news. Whether it’s for the recent exploits...
Read Here
ShadowTalk Update – COVID-19 Third Party App Risks, Zoom, and DarkHotel Hackers

ShadowTalk Update – COVID-19 Third Party App Risks, Zoom, and DarkHotel Hackers

April 13, 2020 | 3 Min Read

Coming to you from Dallas this week – we have Kacey, Harrison, Alex, and Charles. This week the team talks...
Read Here
COVID-19: Risks of Third-Party Apps

COVID-19: Risks of Third-Party Apps

April 7, 2020 | 7 Min Read

As the global community continues to pursue critical details of COVID-19, it is imperative to consider the opportunistic behavior of...
Read Here
ShadowTalk Update – Zoom Zero-Day Vulnerabilities and Fin7 Delivering Malware Via Snail Mail

ShadowTalk Update – Zoom Zero-Day Vulnerabilities and Fin7 Delivering Malware Via Snail Mail

April 6, 2020 | 2 Min Read

Hey all you cool cats and kittens! We’ve got a brand-new threat intel episode for you coming from our virtual podcast studio with Adam, Jamie, and...
Read Here
The Digital Risk Underdog: Remediation

The Digital Risk Underdog: Remediation

April 1, 2020 | 4 Min Read

When it comes to evaluating threat intelligence and digital risk solutions, collection has been at the fore of the narrative...
Read Here
COVID-19: Third-party risks to businesses

COVID-19: Third-party risks to businesses

March 31, 2020 | 5 Min Read

As social distancing becomes more prevalent during the COVID-19 (Coronavirus) pandemic, many organizations are moving to a virtual workplace. Organizations...
Read Here
ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

March 30, 2020 | 2 Min Read

This week the team looks at some Coronavirus threat intel updates including a Threat Model of the Remote Worker and...
Read Here
COVID-19: Companies and Verticals At Risk For Cyber Attacks

COVID-19: Companies and Verticals At Risk For Cyber Attacks

March 26, 2020 | 8 Min Read

  In our recent blog, How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation, Digital Shadows highlighted some...
Read Here
Threat Model of a Remote Worker

Threat Model of a Remote Worker

March 25, 2020 | 7 Min Read

Threat models are an often discussed but sometimes nebulous term that is frequently thrown around within the cyber-security arena. The...
Read Here
ShadowTalk Update – Slack Vulnerability, Apollon Dark Web Exit Scam, And Online Brand Protection

ShadowTalk Update – Slack Vulnerability, Apollon Dark Web Exit Scam, And Online Brand Protection

March 23, 2020 | 3 Min Read

We’ve got Adam and Jamie joining Viktoria remotely for this week’s ShadowTalk! The London crew chats through the Slack vulnerability...
Read Here
ShadowTalk Update – Necurs Botnet, SMB Vulnerability, Coronavirus Scams, And Dark Web Updates

ShadowTalk Update – Necurs Botnet, SMB Vulnerability, Coronavirus Scams, And Dark Web Updates

March 16, 2020 | 2 Min Read

  Dallas is packing up the podcast… don’t fret. The team is just moving offices. RIP (rest in podcast). The...
Read Here
ShadowTalk Update – Banking Trojan Steals Google Authenticator Codes, Ransomware Attacks Epiq, And Tesco Clubcard Fraud

ShadowTalk Update – Banking Trojan Steals Google Authenticator Codes, Ransomware Attacks Epiq, And Tesco Clubcard Fraud

March 9, 2020 | 2 Min Read

Lots of threat intelligence news updates in this week’s ShadowTalk episode with Jamie Collier, Adam Cook, and Viktoria Austin. Top...
Read Here
ShadowTalk Update – Data Breaches, Stalkerware, and Dopplepaymer ransomware

ShadowTalk Update – Data Breaches, Stalkerware, and Dopplepaymer ransomware

March 2, 2020 | 2 Min Read

Coming to you from Dallas this week – we’ve got Charles, Kacey, Harrison, and Alex. First up – 3 data...
Read Here
Mapping MITRE ATT&CK to the Equifax Indictment

Mapping MITRE ATT&CK to the Equifax Indictment

February 24, 2020 | 6 Min Read

  On Monday, February 10th, the United States Department of Justice (DoJ) released a nine-count indictment alleging that four members...
Read Here
ShadowTalk Update – OurMine hacks FC Barcelona & Olympics twitter handles, Adsense email extortion, & phishing research

ShadowTalk Update – OurMine hacks FC Barcelona & Olympics twitter handles, Adsense email extortion, & phishing research

February 24, 2020 | 2 Min Read

Adam and Phil join Viktoria to ‘cause a storm’ on this week’s episode. But first – we get a rundown...
Read Here
The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

February 18, 2020 | 4 Min Read

  The dust hasn’t quite settled on the Citrix ADC vulnerability technically known as CVE-2019-19781, and affectionately known as “Sh*&rix”...
Read Here
ShadowTalk Update – OurMine Hacks, Equifax Indictment, and SWIFT POC attack

ShadowTalk Update – OurMine Hacks, Equifax Indictment, and SWIFT POC attack

February 17, 2020 | 2 Min Read

Roses are red, violets are blue, here’s our threat intel podcast, just for you! Kacey, Charles, Alex, and Harrison have...
Read Here
The Devil, the Details, and the Analysis of Competing Hypothesis

The Devil, the Details, and the Analysis of Competing Hypothesis

February 13, 2020 | 5 Min Read

  Digital Shadows’ Photon Research Team recently released a comprehensive examination of the Analysis of Competing Hypothesis (ACH) method, in...
Read Here
ShadowTalk Update – CTI Frameworks, Wawa Breach Updates, APT34, and Coronavirus Phishing Scams

ShadowTalk Update – CTI Frameworks, Wawa Breach Updates, APT34, and Coronavirus Phishing Scams

February 10, 2020 | 3 Min Read

In this week’s episode, Jamie starts by talking about his recent blog, Cyber Threat Intelligence Frameworks, with 5 rules for...
Read Here
The Iowa Caucus: Third-Party Apps Can Be Risky Business

The Iowa Caucus: Third-Party Apps Can Be Risky Business

February 6, 2020 | 7 Min Read

  If you’ve seen HBO’s Silicon Valley, then you’re familiar with the epic fails endured by the Pied Piper team....
Read Here
Red Team Blues: A 10 step security program for Windows Active Directory environments

Red Team Blues: A 10 step security program for Windows Active Directory environments

February 6, 2020 | 9 Min Read

  A fun tweet crossed our path recently, the author asked, “Redteam operators: Which defensive settings have you encountered that...
Read Here
How to Operationalize Threat Intelligence: Actionability and Context

How to Operationalize Threat Intelligence: Actionability and Context

February 5, 2020 | 5 Min Read

  In 1988 the idea of a Computer Emergency Response Team was first introduced at Carnegie Mellon University. Fast-forward through...
Read Here
ShadowTalk Update – SANS CTI Summit, Snake Ransomware, CacheOut, and Citrix Vuln Update

ShadowTalk Update – SANS CTI Summit, Snake Ransomware, CacheOut, and Citrix Vuln Update

February 3, 2020 | 3 Min Read

Rick Holland jumps in to kick-off this week’s episode to recap the 2020 SANS CTI Summit with Harrison. Then Harrison,...
Read Here
Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks

Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks

January 29, 2020 | 7 Min Read

  As the cyber threat intelligence (CTI) industry continues to grow, so does the discipline’s thinking tools. Whether your intelligence...
Read Here
SANS Cyber Threat Intelligence Summit 2020: A Recap

SANS Cyber Threat Intelligence Summit 2020: A Recap

January 28, 2020 | 9 Min Read

  Last week I attended the eighth annual SANS Cyber Threat Intelligence Summit in Crystal City, Virginia. I want to...
Read Here
ShadowTalk Update – Citrix Vulnerability, Microsoft Data Breach, and Telnet Credentials Published

ShadowTalk Update – Citrix Vulnerability, Microsoft Data Breach, and Telnet Credentials Published

January 27, 2020 | 3 Min Read

Following on from last week, Citrix released a first set of patches to fix a vulnerability (CVE-2019 -19781) affecting the...
Read Here
ShadowTalk Update – NSA Vulnerability Disclosure, Ransomware News, and Iran Updates

ShadowTalk Update – NSA Vulnerability Disclosure, Ransomware News, and Iran Updates

January 20, 2020 | 3 Min Read

Kacey, Charles, Alex, and Harrison host this week’s threat intelligence update from Dallas. We kick off with vulnerabilities from the...
Read Here
Third Party Risk: 4 ways to manage your security ecosystem

Third Party Risk: 4 ways to manage your security ecosystem

January 16, 2020 | 5 Min Read

  The digital economy has multiplied the number of suppliers that organizations work and interact with. Using a supplier can...
Read Here
NSA Vulnerability Disclosure: Pros and Cons

NSA Vulnerability Disclosure: Pros and Cons

January 15, 2020 | 5 Min Read

  On Monday, January 13th, Brian Krebs reported that Microsoft would be releasing “a software update on Tuesday to fix...
Read Here
CVE-2019-19781: Analyzing the Exploit

CVE-2019-19781: Analyzing the Exploit

January 14, 2020 | 4 Min Read

  On December 17th 2019, CVE-2019-19781 was disclosed. The vulnerability allows for directory traversal and remote code execution on Citrix...
Read Here
Iran and the United States – start of the long war or return to normal?

Iran and the United States – start of the long war or return to normal?

January 13, 2020 | 9 Min Read

  On 03 Jan 2020, the United States conducted a targeted killing of Major General Qasem Soleimani, commander of the...
Read Here
ShadowTalk Update – Iranian Cyber Threats, Travelex Ransomware Attack, and Exploit Forum updates

ShadowTalk Update – Iranian Cyber Threats, Travelex Ransomware Attack, and Exploit Forum updates

January 10, 2020 | 3 Min Read

We’re back with our weekly ShadowTalk episodes! Viktoria hosts this week and introduces the episode bringing Sammy on to provide...
Read Here
Iranian APT Groups’ Tradecraft Styles: Using Mitre ATT&CK™ and the ASD Essential 8

Iranian APT Groups’ Tradecraft Styles: Using Mitre ATT&CK™ and the ASD Essential 8

January 7, 2020 | 6 Min Read

  With the recent news of Qasem Soleimani on Friday 3rd January 2020, many organizations have been reviewing their security...
Read Here
Iran and Soleimani: Monitoring the Situation

Iran and Soleimani: Monitoring the Situation

January 7, 2020 | 9 Min Read

*This blog has been updated as of Jan 9, 2020.  Welcome to 2020. Have a good holiday? Back to work...
Read Here
Iranian Cyber Threats: Practical Advice for Security Professionals

Iranian Cyber Threats: Practical Advice for Security Professionals

January 6, 2020 | 8 Min Read

Unless you went very dark for an extended holiday break, you are no doubt very well aware of the United...
Read Here