Home » Digital Shadows Resources Center » Eliminating Third Party Cyber Risks from Healthcare Delivery
Advice from the Board: All Companies Should Require Digital Risk Management to Mitigate Corporate Risk
Rob Theis of World Innovation Lab dives into why companies must take digital risk seriously.
Error - something went wrong!
Other content in this Stream
The Ecosystem of Phishing: From Minnows to Marlins
$1 for a cheap domain. $12.99 for 10m email contacts. Cybercriminals can launch phishing campaigns for under $20!
Digital Risk Protection: Forrester New Wave Report
Digital Shadows Named a "Leader" in 2018 Forrester New Wave for Digital Risk Protection
RSA Conference 2020: CISO Tips for Making the Most of Conference Sessions
RSA Conference is just days away, and as I have done in the past, I thought I’d suggest a few talks that you should check out if you are attending.
OurMine hacks FC Barcelona & Olympics twitter handles, Adsense email extortion, & phishing research
Adam and Phil join Viktoria to ‘cause a storm’ on this week’s episode. But first - we get a rundown of the brand new Photon research blog this week around phishing from Harrison and Alex. This...
Weekly Intelligence Summary 21 Feb 2020
With the Tokyo 2020 Olympic Games fast approaching, the cyber security concerns and evolving attack methods are already taking centre stage of threat intelligence discussions
Applying the Analysis of Competing Hypotheses to the Cyber Domain
We define the strengths and weaknesses of ACH in the cyber-threat domain, with a "customer-centric" view that can aid analysts in presenting intelligence to a decision maker.
The evolving story of the Citrix ADC Vulnerability: Ears to the Ground
The dust hasn’t quite settled on the Citrix ADC vulnerability technically known as CVE-2019-19781, and affectionately known as “Sh*&rix” in some circles (this is important when tracking Tweets!).
Cybercriminal Forums on Valentine’s Day – A nice night to “Netflix and steal”…
The cybercriminal landscape has you covered and could provide an easy way for you to demonstrate your love for your nearest and dearest...
Dark web travel agencies: Take a trip on the dark side
This blog is intended to highlight the flourishing scene on criminal marketplaces for airline-related information.
Threat Report ATT&CK Mapping (TRAM) With MITRE’s Sarah Yoder And Jackie Lasky
Sarah Yoder and Jackie Lasky from MITRE join Rick Holland and Harrison Van Riper in this guest episode to talk through their tool, Threat Report ATT&CK Mapping (TRAM). Both Sarah and Jackie are...
Competitions on Russian-language cybercriminal forums: Sharing expertise or threat actor showboating?
Competitions have been a feature of the Russian-language cybercriminal scene practically since the advent of cybercriminal forums ...
CTI Frameworks, Wawa Breach Updates, APT34, And Coronavirus Phishing Scams
January was a looooong year. Anyone else? In this week’s episode, Jamie starts by talking about his recent blog, Cyber Threat Intelligence Frameworks, with 5 rules for integrating these frameworks...
How to Operationalize Threat Intelligence: Actionability and Context
Is there real value in threat intelligence? How can we leverage threat intelligence and make use of it in any meaningful way?
Red Team Blues: A 10 step security program for Windows Active Directory environments
Here at Digital Shadows we spend quite a bit of time attacking, defending and researching Windows AD environments, so we thought we’d chip in with a list of controls that we have found to give ...
Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks
This blog discusses how different CTI frameworks can co-exist, and suggests some practical rules to bear in mind when integrating these frameworks into intelligence practices.
How the Cybercriminal Underground Mirrors the Real World
In many cases the cybercriminal underground is a lot more familiar than you might be led to believe...
How Digital Shadows Helped Find and Remediate an Exposed Admin Password on Github
In this blog series, we’ll share some tales from the front lines – keeping client names anonymous, of course. We’ll investigate some of SearchLight’s most impactful findings, and more importantly, she
CVE-2019-19781: Analyzing the Exploit
On December 17th 2019, CVE-2019-19781 was disclosed. The vulnerability allows for directory traversal and remote code execution on Citrix ...
Third Party Risk: 4 ways to manage your security ecosystem
The digital economy has multiplied the number of suppliers that organizations work and interact with. Using a supplier can ...
Iran and the United States – start of the long war or return to normal?