Shadow Talk Update – 05.07.2018
In this week’s episode Shadow Talk, it’s a vulnerability extravaganza. We cover malicious use of legitimate...
Error - something went wrong!
Most Recent Articles
The Ecosystem of Phishing: From Minnows to Marlins
$1 for a cheap domain. $12.99 for 10m email contacts. Cybercriminals can launch phishing campaigns for under $20!
RSA Conference 2020: CISO Tips for Making the Most of Conference Sessions
RSA Conference is just days away, and as I have done in the past, I thought I’d suggest a few talks that you should check out if you are attending.
The evolving story of the Citrix ADC Vulnerability: Ears to the Ground
The dust hasn’t quite settled on the Citrix ADC vulnerability technically known as CVE-2019-19781, and affectionately known as “Sh*&rix” in some circles (this is important when tracking Tweets!).
Cybercriminal Forums on Valentine’s Day – A nice night to “Netflix and steal”…
The cybercriminal landscape has you covered and could provide an easy way for you to demonstrate your love for your nearest and dearest...
ShadowTalk Update – OurMine Hacks, Equifax Indictment, and SWIFT POC attack
Roses are red, violets are blue, here’s our threat intel podcast, just for you! Kacey, Charles, Alex, and Harrison have ...
The Devil, the Details, and the Analysis of Competing Hypothesis
Digital Shadows’ Photon Research Team recently released a comprehensive examination of the Analysis of Competing Hypothesis (ACH) method, in ...
ShadowTalk Update – CTI Frameworks, Wawa Breach Updates, APT34, and Coronavirus Phishing Scams
In this week’s episode, Jamie starts by talking about his recent blog, Cyber Threat Intelligence Frameworks, with 5 rules for ...
The Iowa Caucus: Third-Party Apps Can Be Risky Business
If you’ve seen HBO’s Silicon Valley, then you’re familiar with the epic fails endured by the Pied Piper team. ...
Red Team Blues: A 10 step security program for Windows Active Directory environments
Here at Digital Shadows we spend quite a bit of time attacking, defending and researching Windows AD environments, so we thought we’d chip in with a list of controls that we have found to give ...
How to Operationalize Threat Intelligence: Actionability and Context
Is there real value in threat intelligence? How can we leverage threat intelligence and make use of it in any meaningful way?
Dark web travel agencies: Take a trip on the dark side
This blog is intended to highlight the flourishing scene on criminal marketplaces for airline-related information.
ShadowTalk Update – SANS CTI Summit, Snake Ransomware, CacheOut, and Citrix Vuln Update
Rick Holland jumps in to kick-off this week’s episode to recap the 2020 SANS CTI Summit with Harrison. Then Harrison, Alex, Kacey, and Charles talk through other top stories of the week.
Competitions on Russian-language cybercriminal forums: Sharing expertise or threat actor showboating?
Competitions have been a feature of the Russian-language cybercriminal scene practically since the advent of cybercriminal forums ...
Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks
This blog discusses how different CTI frameworks can co-exist, and suggests some practical rules to bear in mind when integrating these frameworks into intelligence practices.
SANS Cyber Threat Intelligence Summit 2020: A Recap
Last week I attended the eighth annual SANS Cyber Threat Intelligence Summit in Crystal City, Virginia. I want to take some time to recap the event for those that were not able to attend.
ShadowTalk Update – Citrix Vulnerability, Microsoft Data Breach, and Telnet Credentials Published
Following on from last week, Citrix released a first set of patches to fix a vulnerability (CVE-2019 -19781) affecting the company’s NetScaler ADC Application Delivery Controller and it’s Citrix Gatew
How Digital Shadows Helped Find and Remediate an Exposed Admin Password on Github
In this blog series, we’ll share some tales from the front lines – keeping client names anonymous, of course. We’ll investigate some of SearchLight’s most impactful findings, and more importantly, she
Inside Digital Shadows: Davitt Potter Joins as Director of MSSP and Channels in the Americas
I’ve recently had the opportunity to join Digital Shadows, who have built an amazing offering in the digital risk protection and threat intelligence space.
heise BrandWorld | Microsoft 365: Sensible Informationen schützen mit Azure Information Protection
Mit Tools wie Azure Information Protection macht Microsoft es Unternehmen einfacher, grundlegende Sicherheitsprinzipien einzuhalten.
How the Cybercriminal Underground Mirrors the Real World